This blog will define the concept of document sanitization and explain why document-based security challenges are especially significant in the current business climate. The blog will then do a deep dive into three industries – healthcare, insurance and the financial sectors – to explore the document-related challenges within each of these industries, and highlight how a type of document sanitization technology by Votiro called Positive Selection® technology can eliminate the risks.
What is Document Sanitization?
Document sanitization – also known as file sanitization – is the process of cleansing malicious code from computer files. Instead of relying on detection like other anti-malware tools, the technology assumes all files are malicious and scrutinizes all individual file components that are outside of the approved firewall. The technology removes malware, strips any embedded code, and rebuilds the file in a way that disrupts any additional covert malicious code. The end result is a safe copy of the original file, with all functionality intact. Document sanitization is used to eliminate file-borne attacks carried through email, web downloads, and website uploads.
The Current Demand for Document Sanitization
With the increase in file-sharing – both between co-workers working remotely and between customers, partners, and vendors – enterprises face elevated risks, threats, and vulnerabilities from file-borne malware. Many common cybersecurity technologies, such as anti-malware and anti-virus solutions, can only detect known threats and cannot detect or protect corporate networks against undisclosed or zero-day attacks, meaning a vulnerability has been discovered but no patch for it has been developed. In fact, 80% of successful breaches are new or unknown zero-day attacks that are not recognized by traditional signature-based detection solutions.
In addition, human error poses a risk. Despite organizational attempts to educate employees about the dangers of opening files from unknown or unreliable sources, clicking on suspicious links or downloading questionable files, 27% of employees in an organization fail phishing or social engineering attacks. This causes some organizations to restrict internet downloads or file attachments, despite the inconvenience and significant decrease in productivity.
COVID-19 has further opened organizations to file-based breaches. More and more, companies are allowing their employees to work from home (WFH). To that point, Global Workplace Analytics estimates that 25-30% of today’s workforce will be working from home multiple days a week by the end of 2021. With more people working remotely than ever before, this translates into more documents being sent back and forth between colleagues and customers, often from unsecured personal networks.
In the Healthcare Insurance Industry
The healthcare insurance industry is especially vulnerable to malware attacks as they are keepers of a myriad of sensitive financial, personal, and medical information. Whether it is a benefit claim sent from a hospital or an approval application uploaded from a patient, health insurance companies open themselves up to file-borne threats from any device or system involved in the file exchange. There doesn’t even have to be malicious intent involved: for example, if a provider’s office computer has been accidentally infected with malware, that infection could easily spread via a file sent by the provider, which is then opened by the health insurance company.
Current security systems and protocols don’t provide sufficient protection for the complex document exchange between health insurance companies, medical institutions, health technology companies, and customers. According to the 2019 HIMSS Cybersecurity Survey, of the significant security incidents within the healthcare industry, the most commonly cited point of compromise was via phishing emails (59%), followed by human error (25%). With the appearance of COVID-19, digital healthcare services (such as TeleDoc) are accelerating the adoption of digital healthcare. This creates even more healthcare partners and third-parties – which necessitate further document sharing – and thereby broaden the industry’s risk of data leaks.
In the Insurance Industry
Insurers maintain a huge database of personally identifiable information (PII) about policyholders, which makes them an enticing target for data thieves. Typically, names, birthdates, social security numbers, street and email addresses, health data, and employment data such as income are all held by insurers. Information about policyholders’ personal property, such as homes, cars, and other valuables can also be a target. Data breaches in the insurance industry can result in significant financial damages such as fines and lawsuits, as well as reputational damage and loss of trust, a factor that will negatively impact an insurance company’s brand and market value.
According to FirmGuardian, spear-phishing attacks that target a specific individual in an insurance company are on the rise. For example, a hacker may send an email impersonating a company executive asking an employee to open a malicious attachment, opening the door to a cyber-attack.
The industry’s shift to digital claims, mobile apps, connection to the Internet of Things (IoT), and strategic integrations with third-party portals all uplevel the risk. As insurers continue to modernize their operations using Big Data and AI analytics, their exposure to breaches of data-filled files will only increase. In fact, according to the KPMG Global CEO Outlook survey, only 43% of insurance executives said their organization was prepared for a breach.
In the Financial Sector
Breaches in the financial sector are on the rise. In 2019, more than half of all phishing attacks targeted the financial industry. While this number was already alarming, the COVID-19 crisis has seen breach attempts skyrocket. From the beginning of February to the end of April 2020, attacks on financial institutions rose by 238%.
Financial document data can be easily accessed by unauthorized parties through the prevalence of document uploads. Most banks offer their customers mobile or online banking options that facilitate the sharing of documents through a dedicated banking portal, such as loan documents, fund transfer instruction files, or images of checks. Every time a customer communicates electronically with the financial institution, there is a risk they accidentally send or upload a file with malicious executables embedded inside. Uploading files to cloud-based storage has risks, as cloud storage–like other channels–cannot accurately scan all incoming files for threats.
The same risk occurs when financial institutions collaborate with third-party vendors to service their customers. When documents are shared between a vendor and the financial institution, there is a risk for a data breach. These services, which can range from actuarial services to technology providers, expand the financial industry’s threat surface.
How Votiro’s Technology Combats Zero-Day & Other Attacks
Whether you are in healthcare, insurance, financial, or another type of industry, the only way to ensure a document is truly safe while maintaining its usability is by looking at content risk and file security in a whole different light than before.
The way that companies currently vet the security of files is detection-focused. Antivirus solutions scan the files for malicious code and compare the code to their databases of known attacks. Sandboxes quarantine a file and wait for it to execute its attack (if said threat isn’t on a sandbox-busting time delay or deploying a sandbox evasion technique with VBA referencing).
This focus on detection is ineffective because threats are constantly evolving. Zero-days are not listed in antivirus databases until they’re discovered, and threat actors continue to be more creative with their evasion techniques. Plus, when malicious documents make it past detection-based defenses, then their activation is left up to the end-user, who likely has had some ineffective security awareness training.
Blocking the bad doesn’t work…because you’ll never know what all the bad is. Instead, companies across industries should focus on allowing only the good content in.
With Votiro Cloud, effective document sanitization is guaranteed. Unlike detection-based file security solutions that scan for suspicious documents and block some elements of the files, Votiro’s revolutionary Positive Selection technology allows through only the safe elements of each file, ensuring every file that enters or exits the organization is 100% safe.
Positive Selection technology—the next evolution of Content Disarm and Reconstruction technology (CDR)— is capable of protecting against any type of file coming from any source. This includes Microsoft Office documents, PDFs, and other proprietary file formats. It also includes unpublished and open file formats, image and graphics files, video files and audio files downloaded from the web, email, cloud mail, webmail, content collaboration platforms, file transfers, mobile devices, removable devices and other endpoints. Whether coming from a trusted contact, a stranger, an automated service, or unknown origins – If it’s a file, Positive Selection can sanitize it.
Positive Selection: Document Sanitization Technology for 2021 and Beyond
The new generation of document sanitization technology is well-suited for the high volume and high-risk of file interactions across a range of industries. It secures an organization’s entire data flow by protecting all data entry/exit points and touchpoints, ensuring all documents are sanitized and only intended data will be sent, regardless of the state of security in any affiliated or partner organizations. Implemented either on-premise or in the cloud, a Positive Selection solution can integrate seamlessly with the organization’s existing systems, security solutions, and devices, requiring no investment or change in infrastructure.