IT Security

English

2020 - A Transformational Year in Cybersecurity

It is true to say that there’s never a quiet year in cybersecurity. The focus and professionalism of cybercriminals, allied to the ever-evolving threatscape, mean that anyone working in cybersecurity is facing a constant battle to keep their organization secure.

But it’s also true to say that some years are more difficult than others and 2020 has to be right up there with the most challenging we have ever seen. That applies to the wider world just as much as it does to cybersecurity but there can be little debate that for our industry, 2020 has been a landmark year.

Dealing with COVID-19

Even when news of the COVID-19 pandemic first reached us at the start of the year, no-one really imagined the scale of the devastation it would cause. As it spread with increasing speed across the globe however, it soon became clear that its impact would be substantial.

By March, most people that could do so were now working from home. That created a number of cybersecurity challenges that had to be addressed as a priority. One of those was a significant increase in the volume of phishing campaigns based around COVID-19. Relying on people’s fears and concerns about the pandemic, these campaigns sought to gain entry to corporate systems via malicious links or files.

This was an issue because many homeworkers were now lacking the corporate protection they had when working in the office. In May 2020, HelpSystems research ‘The Unknown Threat’ with UK public sector employees, revealed a widespread lack of awareness of cybersecurity and the best practices required to stay on top of it.

Almost half of respondents had either not heard of or did not know what ransomware is. Furthermore, one-quarter of public sector workers had either not heard of or did not know what phishing is. Also, 11% admitted they had clicked on a link in an unsolicited email at work.

The research revealed an obvious vulnerability and one that organizations needed to address quickly with training.

Cybersecurity and Homeworking

Perhaps the biggest cybersecurity challenge though, was in managing this remote workforce. Further HelpSystems research ‘Cybersecurity Challenges in Financial Services’ in November 2020 revealed that securing the remote workforce had become a key objective for 42% of global Financial Services (FS) firms and more than one third said increased homeworking was the cyber threat with the potential to cause the most damage. Although the research focussed on FS, undoubtedly the situation was similar for most other sectors.

With many employees still working from home, the need to securely collaborate has never been greater. In fact, almost two thirds of our survey respondents had already increased their investment in collaboration tools – ones that allow employees to share important information quickly and securely.

A good example is GoAnywhere’s Managed File Transfer working alongside Clearswift’s Secure ICAP Gateway. Together they provide an automated solution for secure file transfers, with unprecedented protection against data loss and cyber threats. This highly effective partnership was recognized recently at the Computing Security Excellent Awards where it won the award for best Enterprise Security Solution.

Product Integration and Digital Transformation

Creating best-in-class cybersecurity solutions is the model HelpSystems will continue to follow in 2021. We offer a suite of data security tools, including recently acquired data classification technologies from Titus and Boldon James. The goal is to continue integrating more products into the portfolio, delivering better value for customers, and ensuring greater protection against a variety of threats.

Plans also include offering flexibility in how our products are deployed. Almost half of respondents in our FS research said that the biggest challenge facing them was digital transformation and moving products to the cloud can help achieve this aim. We recently made the Clearswift Secure Email and ICAP Gateways available on AWS Marketplace and have plans for further integrations in 2021.

Cybersecurity in 2021

2020 has been transformational in how cybersecurity professionals keep their organization safe and secure. Such has been the impact of COVID-19 that it is highly unlikely we will ever return to how the world was previously and the old approaches to cybersecurity are also unlikely to return.

It’s all a question of being agile and keeping cybersecurity at the forefront when new challenges appear. When the pandemic first took hold, cybersecurity professionals managed to switch to an almost entirely distributed workforce overnight and those that did this best were the ones that made sure people, process, and technology all played a key role.

As always, HelpSystems is here to help you Build a Better IT. If you’d like us to review your cybersecurity requirements for 2021, contact the team and we’ll be in touch.  Wishing you a very happy New Year.

Contact Us

Six Step Guide to Email Security Best Practice

The popularity of email as a collaboration tool shows no sign of abating. In fact, research group Radicati predicts that in 2020 the number of emails sent and received per day will exceed 306 billion. Also, with so many employees now working from home, organizations have never been so reliant on email to keep communication and productivity flowing.

However, with collaboration comes risk. Phishing, spam, viruses, business email compromise, data loss (accidental or otherwise) – email has to cope with a large number of cybersecurity risks and threats, so it’s no wonder IT teams have to think carefully about deploying the right solution to keep their organization protected.

In providing that much needed layer of security, Secure Email Gateways need to minimize the risks and threats but do so without impacting an organization’s ability to conduct business. The right solution will also enforce email policy without overburdening IT department, email administrators or messaging teams.

To help IT teams define a robust email security policy and determine what’s required from an email security solution, we’ve put together a new guide. Download our guide to Email Security Best Practice and follow our six easy steps:  

1. Determine what data needs to be protected
2. Be clear about the dangers
3. Establish a robust and sustainable email security policy
4. Close the zero-day window
5. Encrypt sensitive data
6. Monitor behavior and performance

Clearswift has helped organizations protect and secure data for over 25 years. Using award-winning adaptive redaction technology, its email and web security solutions offer organizations the ultimate protection against cyber threats and data loss, without compromising day-to-day collaboration.

Download the Guide

Additional Resources

On-Demand Webinar: Introduction to the Clearswift Secure Email Gateway

Datasheet: Secure Email Gateway

Blog: What is a Deep Content Inspection Engine? 

About Clearswift

Another Day, Another Significant Data Breach – What We Know About the EasyJet Cyber-attack

Significant data breaches feel like they are arriving now with ever-increasingly regularity. The latest breach to hit the headlines was with EasyJet. The budget airline announced on 19 May 2020 that it had suffered a ‘highly sophisticated cyber-attack’ that has affected approximately nine million of its customers.

Email addresses and travel details had been stolen and 2,208 customers also had their credit and debit card details ‘accessed’. EasyJet became aware of the attack in January 2020 and has informed the UK's Information Commissioner's Office (ICO). It went public now to warn affected customers that they should be on the lookout for phishing attacks.

We ask how could such a breach have occurred and what are implications for EasyJet?

What are the GDPR implications?

The last thing that the travel industry needed right now was a data breach of this size and scale and the implications for EasyJet could be significant. As we pass the second anniversary of GDPR, we expect the data breach to be the subject of regulator focus. Yet in the UK at least, some of the biggest fines announced for non-compliance with GDPR remain unpaid.

Both British Airways and Marriott International had been facing significant fines, announced in 2019. Yet the ICO has delayed the collection of the these fines and has also indicated that it is going to take a lighter touch regarding fines, given that coronavirus has caused great uncertainty and financial pressures. This is by no means a reason to reduce focus on data security however and at no stage has the ICO suggested it will let penalties slide by completely.

In a statement in response to the EasyJet breach, the ICO said:

“People have a right to expect that organizations will handle their personal information securely and responsibly. When that doesn't happen, we will investigate and take robust action where necessary.”

We’ll await the ICOs verdict.

Close the gaps in cybersecurity

Even if EasyJet is spared a sizable fine for breach of GDPR, the breach clearly shows that gaps in its cybersecurity defenses were exploited. A financial penalty is one element of GDPR, but there is also the issue of being publicly cited as an organization that failed to protect its customers’ data. As and when the travel industry returns to a more even footing, the impact of this on reputation and in turn the bottom line, is yet to be revealed.

It is highly likely that EasyJet had invested in some of the best cybersecurity solutions the market had to offer, but cybersecurity has never only been about technology. Training and processes are just as important.

Recent Clearswift research with public sector employees revealed that 77% have been given no instructions in how to recognize ransomware. 16% have had no cybersecurity training whatsoever and 13% just once. 25% had either not heard of or did not know what phishing is. It would be surprising if those figures were significantly different in the private sector.

It isn’t clear how the EasyJet breach took place but assuming that it had good cybersecurity solutions in place, then it must have been due to a failure in process at some stage, leaving it vulnerable to attack.

Cybersecurity is something all organizations need to keep under constant review. If its people, technology, or processes cannot withstand potential cyber-attacks, it needs to step up the program to compensate.

Clearswift has a proud record in helping organizations keep its customer data secure whilst in transit, ask us for a demo to find out more.

Ask us for a demo

Related resources

Lightning can strike twice: Marriott suffers second data breach

The consequences of a data breach: why fines are just the tip of the iceberg

10 Cybersecurity Tips and Best Practices

EasyJet hit with £18bn lawsuit over massive customer data breach

Debunking cybersecurity jargon

Debunking cybersecurity jargon part two – what is a deep content inspection engine?

Given the prevalence of jargon and technical terms within the cybersecurity sector, we have launched a series of blog posts that look to debunk some of those terms and explain what they are in more detail.

We have already looked at Adaptive Redaction, a technology that Clearswift brought to the sector, now we turn our attention to Content Filtering and Inspection and ask..

What is a Deep Content Inspection Engine?

Every product in the Content Filtering market has some form of Content Inspection Engine.

Its purpose is to understand the structure of a transfer and what content is contained within it. It checks that the content does not include PCI, PII or other such sensitive data that might violate the rules defined by the organization. It also checks for harmful files such as executables that can be hidden within zip files and contain a potentially damaging virus.

Transport protocols such as SMTP and HTTP and file formats are often abused. Sometimes this is accidental, but mostly it is in a deliberate attempt to avoid detection or to cause an impact to mail servers or clients in the form of buffer overruns. In April 2020, there was a case where hackers used SMTP to exploit a vulnerability in Apple’s iOS mail client in an attempt to highjack VIP phones.

Clearswift developed its filtering technology with both security and performance in mind. If it spots potential violations, files are flagged for inspection or configured to pass through policy. The inspection process takes place on traffic coming in and out of the organization and it can handle multiple protocols.

The content scanning is a multi-stage process. For each file it:

• Identifies the file type by file signature
• Verifies the file structure conformity (checking to see if data is piggybacking onto other files)
• Extracts content that violates rules in zipped or compressed files, document body, headers, footers, or embedded objects
• Strips metadata from documents and image files
• Records what it removed

By default, Clearswift’s Content Inspection Engine iterates down to 50 levels. The level of structural verification and content inspection it performs is far greater than other products on the market, hence the name Deep Content Inspection Engine.

Game-changing Technology

The Clearswift Deep Content Inspection Engine was the first product to perform the automatic redaction and sanitization of content. As well as decomposing file formats, the Deep Content Inspection Engine modifies the content to remove the threat – whether that’s sensitive data or malicious code – and rebuilds the file in its original format. Other products perform a similar task but generate an alternative or read-only file format which typically breaks workflows, carries no resemblance to the original file, or just takes time. With automatic Adaptive Redaction there is no delay, and the recipient receives a sanitized, workable copy of the file.

Clearswift also added Optical Character Recognition (OCR) technology so that when the Deep Content Inspection Engine finds images (in attachments or embedded in documents), it scans for text. If it finds text that breaks policy, it is redacted, the file is then rebuilt in its original format and sent on its way.

Steganography can be used to exfiltrate information by concealing valuable intellectual property or hiding malware in plain sight. To prevent this, the Deep Content Inspection Engine also sanitizes image files to ensure that data or malware has not been embedded using steganographic tools.

Keeping Organizations Safe and Secure

The Deep Content Inspection Engine lies at the heart of all Clearswift cybersecurity solutions. It filters and closely inspects content as it enters or leaves the organization, keeping it safe from threats and preventing unwanted data breaches. To find out more, why not ask us for a demo.

Ask us for a demo

Related resources:

Debunking cybersecurity jargon part one – what is Adaptive Redaction?

Redaction Blog Image

Debunking cybersecurity jargon part one – what is adaptive redaction?

Like many industries and areas of technology, the cybersecurity sector is prone to using jargon, technical terms, and acronyms that can confuse even the most seasoned industry insider. We work with businesses and public sector organizations all over the world and during our many meetings and interactions, we invariably get asked at least once, ‘what is that?’

To try and head off any confusion, we are launching a series of blog posts that aim to explain precisely what we mean by certain industry terms and phrases. Others may have a slightly different interpretation, but this is ours and we are sticking to it.

First up – what is Adaptive Redaction?

Addressing the ever-evolving cyber threat

For most organizations, ensuring they are well-protected against cyber-attacks and accidental data loss is, from a data security point of view, their biggest priority. They have seen the damage and disruption that can be caused by a data breach, and they will have noted the heavy financial penalty if they are found to be non-compliant with GDPR, not to mention the flood of compensation claims and loss of reputation that can follow.

To combat the variety and volume of cyber risks faced by the organization, defensive measures are put in place. Some of these security solutions ‘stop and block’ any email, web or endpoint transfers deemed to have risk implications. Such measures certainly keep the business secure, but they also impact the efficiency of the day-to-day operations.

For example, the management overhead on the messaging or security IT teams can be significant and when emails and documents are blocked unnecessarily it can delay important business. Overzealous filters can start to frustrate employees, especially when they are chased for documents they may have sent hours ago, and when this happens, they start to find other ways to share information, opening the organization up to more risk.

Finding the balance between the need to protect the organization and the ability to freely collaborate can be difficult to achieve, and that’s what makes Adaptive Redaction such an innovation. It provides the cybersecurity protection needed by today’s organizations but also ensures that employees can get on and do their jobs safely and effectively.

Clearswift Adaptive Redaction

Clearswift was the first company in the world to offer Adaptive Redaction and it is still something that differentiates us from other cybersecurity vendors. Adaptive Redaction involves the identification of critical or confidential information and cyber threats which are either redacted or sanitized to allow the on-going flow of communication – with no disruption.

There are three main options for using Adaptive Redaction:

  1. Text redaction - this covers both inbound and outbound communication and removes the sensitive text in question from emails and documents. Exactly what data is removed depends entirely on an organization’s policy, it can be based on regulation (GDPR, HIPAA), critical data (PCI, PII), keywords (IP or classified projects) or other criteria. Clearswift’s Optical Character Recognition (OCR) functionality even allows the extraction of text from image-based files which are then redacted from the image as well.

    Before

    After

  2. Document sanitization - Provides the automated removal of hidden metadata such as comments and revision history, along with the removal of author, username, and server names etc., so that the information can’t be harvested for phishing attacks. Additionally, Clearswift’s solution uses anti-steg functionality, which means that data hidden in image files can be wiped clean too.

  3. Structural sanitization - this allows for the wholesale removal of any malicious code without any delays to sharing and access. This method of Adaptive Redaction stops embedded macros, scripts, and ransomware from entering a corporate network, whether via phishing emails, drive-by downloads, or attacking uploads.

See Adaptive Redaction in action.

Ask us for a demo

Related resources:

Clearswift Adaptive Redaction

Clearswift Document and Structural Sanitization

How to neutralize the rising threat of ransomware

Next generation of cyber threats: images

Endpoint blog image

10 things your endpoint security software must allow you to do

Even during more normal times, there are millions of people all over the world that work remotely or from home regularly. During the current coronavirus crisis, that number has increased dramatically.

Working from home, employees might be more tempted to copy data to a home PC or connect to a home printer to print off information that may contain sensitive data. This makes it all the more important that devices are secured and any critical data residing on laptops, servers and in Cloud services is only used by the people that need to use it, and that it is used for the correct purposes.

Clearswift has recently updated and improved its Endpoint DLP software. In one solution, it provides context-aware Data in Use (DIU) policies to control which devices can connect to a corporate network and what information can be transferred, and it executes Data at Rest (DAR) scanning to audit and manage critical information on endpoints.

As a vital piece of your IT security strategy, endpoint security software must provide the right level of protection for your organization. To compare your existing solution with ours, we’ve put together a list of 10 things your endpoint security software must allow you to do:

1) Identify sensitive data users have stored locally and on network shares

With recent regulation such as GDPR and CCPA, combined with the huge spike in homeworking right now, knowing what data has been stored locally is imperative. The Clearswift Endpoint DLP solution scans for sensitive data within a multitude of files and its DAR feature scans local workstations and network shares for predefined or custom expressions used to identify all data that an organization considers sensitive, such as PII. If sensitive data is found, an alert is raised, and the data can be quarantined.

2) Control the devices connected to the network

With the Access Control functionality offered by the Clearswift Endpoint DLP solution, organizations can control the devices connected to the network. This might include removable USB drives, or preventing users from connecting to unauthorized printers whilst working from home. Controls can also be extended to apply read/write permissions accordingly.

3) Ensure valuable IP can’t be copied to removable media or uploaded to cloud storage

The Clearswift Endpoint DLP solution recognizes more than just built-in lexical expressions for PII and PCI data, it allows admins to create their own simple or complex expressions using strings or regular expressions. These can then be used to identify any types of IP, such as source code for example, preventing users from uploading to cloud storage or removable media.

4) Automatically encrypt USB devices used within the organization

USB devices can come with security vulnerabilities, especially when new employees join a company and connect USB devices for the first time. Admins must be able to configure encryption policies for all removable storage so that when a user connects a new flash drive or external hard drive via USB it will automatically be encrypted depending on policy settings for that specific workstation.

5) Notify users when they attempt to share/upload sensitive data

Most data leaks are non-malicious and the result of users not being aware that the information they are sharing is sensitive. Clearswift Endpoint DLP notifies users trying to read or write sensitive data to or from removable storage, network shares and cloud storage prompting them to provide a reason. Users then take responsibility for continuing and admins get full visibility of what’s happening to the data in question.

6) Redact sensitive data legitimately copied or shared

Sometimes users have a genuine need to copy documents to removable storage, network shares or cloud storage which may contain sensitive data. Using adaptive redaction, the Clearswift Endpoint DLP solution recognizes terms such as Social Security and Credit Cards details and redacts (masks) them so the document is safe to copy or share.

7) Minimize the threat of Shadow IT

The Clearswift Endpoint DLP solution restricts access to common cloud file sharing applications, such as Box, Dropbox and OneDrive, based on policy and admins can manage synchronization folders to ensure that nothing sensitive is uploaded to Cloud storage systems that are unsanctioned.

8) Enforce security rules even when users aren’t connected to the network

The Clearswift Endpoint Solution is deployed as a lightweight agent that when on the corporate LAN (or WAN), it connects to the management console and receives policy updates and passes back any alert details. When a corporate device is being used at home or in a coffee shop, the same policy rules for device access and file scanning still take place and violations are stored until the laptop is back on the LAN (or WAN) and admins can manage any alerts.

9) Apply granular policies

With Active Directory integration, policy rules can be applied to whole company, to a group or team or to individuals. As new users and new machines are added to the enterprise domain, the users and machines are automatically enrolled and secured.

10) Provide reports to demonstrate ROI

From a central console, the Clearswift Endpoint DLP provides detailed reports on policy violations and trends. Support for SIEM systems is provided as standard allowing organizations to integrate information into existing corporate dashboards.

How does your current endpoint security solution compare?

Ask us for a demo

Related resources:

Clearswift Endpoint Protection
Clearswift Endpoint Datasheet
Top 5 cybersecurity threats to the UK healthcare sector