Financial organizations such as banks, credit unions, and insurance companies are the second most likely target for cybercriminals, only behind manufacturing. And, interesting but sobering factoid: when a breach occurs, bank costs are the highest, running 40% higher than all other industries. These costs come from a combination of the sensitivity of data stored by financial institutions and the strict regulatory requirements such as SOX, GLBA, PCI-DSS, and GDPR that these organizations must manage. These regulatory requirements come with harsh penalties for non-compliance. During a data breach a bank could suffer large fines and even criminal charges for executives if they were willfully negligent about implementing appropriate security controls.
Preventing attacks is necessary for financial organizations to avoid fines and disclosures affecting their bottom line, not to mention the reputation damage that occurs after a breach. To manage this, these organizations often have strict perimeter security controls to keep attackers out. Unfortunately, cybercriminals are wily and have discovered ways to bypass these controls, sneaking threats in under the radar – often via files channeled through existing third-party connections. This article explores how criminals avoid detection and provide guidance in reducing these threats.
Paths of Ingress for File Threats
Financial organizations have a number of ways that dangerous hidden threats can make their way past perimeters into the organization. These threats are hidden in files commonly used and assumed to be safe such as documents, images, presentations, and spreadsheets. All of which are integral parts of daily operations for these organizations, making them less likely to be scrutinized by security tools or staff opening them. Unfortunately, all it takes is opening them for the malicious code embedded in them to launch, executing tasks that can be devastating such as opening digital backdoors for attackers.
Digital Transformation Opens the Door
The problem amplifies for organizations that are embracing digital transformation. Using third-party implementations and deploying third-party tools streamlines the speed of digital onboarding without having extensive internal development teams. Going this route also increases organizational interconnectedness, creating more avenues of rapidly conveying data throughout the organization.
Email as a File Threat Vector
Email is one of the most common attack vectors for hidden threats. Attackers often send emails with seemingly safe attachments, such as documents and images, which can contain embedded toxic code. According to research by Verizon, over 35% of ransomware starts with an email, which does not account for general malware and content with dangerous macros.
Financial services organizations are particularly vulnerable to these attacks since branches, auditors, and staff share files such as spreadsheets for internal use. These files can contain malicious macros and other hidden threats. Losing functionality such as macros will render these files useless, eliminating functionality such as auto calculations and projections that rely on macros. Many files with macros are crucial for operations in financial organizations, so the loss of this functionality causes severe consequences for financial organizations.
File-Borne Threats in Web Downloads
Web downloads are another possible vector for financial service organizations to get hit by hidden threats. When browsing the web, online resources accessed by staff may already have malicious code embedded in them. This is particularly concerning as information gathering from the web is necessary for many jobs.
Cyber attackers may compromise less secure sites to upload malicious content and often target sites likely to attract users in a particular vertical. For example, blogs with financial-specific topics, discussion boards frequented by those in the fintech industry, and sites with financial-specific data may all be potential targets for attackers. The payload slips past many perimeter defenses by downloading it directly to their endpoints, relying on local antivirus (AV) solutions to detect and stop it.
Files Uploaded to Data Lakes
Data lakes, whether hosted on the cloud or on-premises, are frequently used for storing and consolidating data collected from various sources. This is a crucial part of the loan and insurance application process for many financial services organizations. Applicants upload sensitive documents such as proof of employment, income, and asset ownership, all containing information that could damage applicants if disclosed.
However, just because the uploaded information consists of documents and images does not mean they are entirely safe. These files uploaded to data lakes and cloud storage can pose hidden threats. Once the files are in “trusted” storage locations like this, the access by staff or applications has minimal security scrutiny, leaving these files uncontrolled, despite the fact they can contain harmful content. When unsuspecting staff members or applications open them for processing, the embedded content launches its payload, installing malware, ransomware, or rootkits onto their endpoints.
Content Collaboration…or Malware Collaboration?
As work has become increasingly remote or mobile, collaboration tools are necessary for teams to stay connected. Users commonly share business-related files without a second thought, even if it comes from an external source. As not every hidden threat has user-facing implications immediately, users may accidentally share dangerous files, rapidly spreading infections throughout the organization. These files go out to multiple users simultaneously, propagating content behind security perimeters.
Collaboration tools go beyond internal use, allowing banks to collaborate with their customer base. These tools, such as Slack, Salesforce, Box, Dropbox, OneDrive, and others provide simplified workflows to collect information, gather digital signatures, and upload files. Data collected may also contain hidden threats and present a greater risk to organizations as they have no control over the security of systems used by their customers and partners – and often collaboration tools have intrinsic trust. Infections and compromises on customer, partner, and vendor sides can corrupt the data and files they send and share.
Stopping Hidden Malware Threats With File Sanitization
File sanitization also known as Content Disarm Reconstruction (CDR) eliminates hidden threats in files before the files make it through secure perimeters. Traditional security controls such as antiviruses are a great first layer of defense, but they also rely on detection to stop threats, and this approach frequently fails to identify zero-day and previously untracked threats.
File sanitization/CDR eliminates potential risks by sanitizing and reconstructing files from only the safe components of a file rather than relying on detection alone. This process eliminates high-risk components, known bad elements, and suspicious code hidden within files, removing potential threats even if they are currently undetectable by traditional AV.
One of the major benefits of modern file sanitization for banks is its seamless integration into existing and legacy infrastructure. Rather than making code changes to applications and undertaking massive integration projects, modern file sanitization solutions exist as an API through which your existing technology communicates. Using this approach, organizations can rapidly onboard with minimal changes to existing technology.
The other advantage of an API-based integration is that it adds protection without end-user intervention. As data flows through the solution, sanitization happens, rebuilding files from only known safe components and eliminating threats in the process. For financial organizations, automated and repeatable security helps reduce risk in a quantifiable and auditable manner, which helps prove continuous compliance.
No Loss of File Functionality
When considering file sanitization solutions for financial organizations, it is essential to remember that not all file sanitization technologies reconstruct with the same level of fidelity. The least advanced forms do little more than create an uneditable image of the original file, with no means of easily altering the data in the future. Imagine: an Excel document that’s now a PDF – useful, right?
The most advanced forms of file sanitization or CDR solutions can create a virtually identical rebuild of the data, maintaining all functional aspects such as formatting, formulas, and safe macros while eliminating threats.
For financial organizations, valuable information exists in macros and formatting that give context to the data or provide necessary calculations, which is why an advanced CDR is crucial for financial organizations.
CDR For Financial Organizations
When it comes to file sanitization/CDR, financial organizations cannot settle for anything less than the best. Votiro is an established leader in the field of CDR, focusing solely on delivering top-quality CDR solutions rather than offering it as an ancillary feature among a suite of tools – in fact, antivirus can be added to Votiro’s product but is optional. Votiro’s mature CDR solution provides a proven return on investment, which is necessary to meet financial institutions’ strict performance requirements while effectively protecting customers against hidden threats.
Votiro’s advanced CDR generates high-quality reconstruction by rebuilding files with all safe functionality left intact. This ensures that no necessary context or functionality gets lost in the rebuilding process.
The API-centric solution seamlessly integrates into existing business workflows, enabling organizations to enjoy immediate protection against cyber threats. Implementation times are impressively short, with SaaS installations taking as little as 10 minutes and on-premises installations taking just 90 minutes.
Contact us today to learn more about Votiro sets the bar for preventing hidden threats in files to keep your organization secure while maintaining productivity.