There have been some high-profile breaches in the news lately; this statement doesn't need to be refreshed if you discover this post two years after it was published, since there are always high-profile breaches in the news. Some of these breaches are internal errors, some are external penetration, whether through holes in security infrastructure, phishing, or social engineering. This can result in the theft of customer data, often downloaded by the attacker and possibly distributed, or can even result in customers being impacted financially when their bank account or credit card information is captured or exposed.
Another growing threat is ransomware, where the attacker holds data or systems (and often both) for ransom, threatening exposure, deletion, or other negative actions if the victim does not transfer payment, usually in the form of untraceable cryptocurrencies.
While protecting your infrastructure and data stores from unauthorized access is essential for protecting against breaches, there is another vector that attackers can choose: malware. Malware is a vulnerability that is often exploited by attackers who focus on ransomware.
Often when malware scanning is brought up, it’s in the form of physical device scanning; users download files, or even has an exposed browser, and their computer system is periodically scanned for malware, often trojans or viruses. However, online virus scanning is just as important, especially in the case of documents being imported and exported through an online system. That system could be an enterprise-level document management system, or it could be something as simple as a job board that accepts documents and then provides those same documents to other customers; this action can provide that spread vector that an attacker is looking for.
And despite protective measures such as Microsoft disabling macros by default in MS Office, attackers have been found to move onto the next opportunity for attack. For instance, malware is (as of 2022) being distributed in ISO, RAR, and Windows Shortcut (LNK) files.
This article will dive into five reasons why online malware scanning should be considered in your architecture:
Customer data grows, and as your company scales, access to that customer data may also grow. When we think about internal access to customer data, we often think of our infrastructure engineers, but other members of your internal team are likely being given access to files, such as your customer support or customer success teams, or teams working on any big data or analytics based on customer data. In that case, even if the analyzed data is based on anonymized or redacted source data, the teams who handle that sanitization process are often provided access to the source data. While least privilege is rightly employed when dealing with infrastructure and development, those standards may not follow through to other teams in the organization.
Any employee with access is a potential vector, and while scans or personal workstations may detect most malware, it is not always successful; in addition, there are no guarantees that infected files are being downloaded and scanned before being distributed.
Even in an ideal world where all documents are scanned by workstation malware, and where unscanned documents are never distributed to external parties, there is an over-reliance on the malware definitions being up-to-date. One of the best tools to ensure security is redundancy; as attacks and attackers change, having more than one mechanism in place to detect malware reduces the risk of an attack being successful. There are over a billion malware programs currently in circulation, and over half a million new pieces of malware are discovered every day. That is paired with a 300% increase in cybercrime since the beginning of the pandemic, as reported by the US Federal Bureau of Investigation. That is why it's critical to enlist multiple solutions to protect against threats in real time.
As more workers move to remote work, there is less control available over the network and the data that comes in and out of it. Employees are working from home, on holiday in another country, on the beach, and as Microsoft found that 81% of organizations are moving to a hybrid workplace, this trend should not be considered temporary. Workers may be access insecure networks or be using outdated software; it's possible that work is being performed on non-corporate laptops or even cell phones, meaning that the standard corporate protections around anti-malware and endpoint scanning may not be in place.
While additional training on security best practices is an asset, ultimately every organization should be expecting mistakes and oversights, and should plan accordingly with redudant anti-malware processes, including an online virus scanning tool.
While a full picture of every input and output of your commercial product would be ideal, in practice there are many situations where this is not achievable. Some of this may be due to reliance on third-party software, in which case a security questionnaire or questions about SOC 2 status are not guarantees. Sometimes this lack of visibility comes from the fact that we are all developing our businesses and products as efficiently as we can, and fast-changing applications are not always designed with solid observability over infrastructure or processes from the start.
A new feature can be introduced that adds risk, and that risk may not be communicated to all stakeholders. In such cases, having protection built into your application's workflows can provide the needed protection.
Ransomware attacks cost on average $1.4 million, with that number expected to rise significantly in the near future; in addition, IBM estimates data breaches currently cost a staggering $4.35 million. Cyber insurance may cover ransomware, but the premiums for these policies will only increase if you experience an attack. Some jurisdictions, such as the United Kingdom through its Cyber Essentials program, now provide support for reducing cyber insurance premiums, but generally on the condition of having adequate malware protection in place.
And obviously, cyber insurance does not protect against the reputation hit of a breach. This is not just in the case of customer data being exposed, but there is also a very real possibility that malware could be unknowingly distributed by an organization to its customers. As of writing, we haven't seen any reports of high-profile attacks through SaaS distribution, but considering the lucrative potential of ransomware, it may just be a matter of time before we see an instance of customers receiving ransomware sourced to files they received from a vendor.
Ultimately, the risk of malware slipping into files and systems under your control and/or distributed to your customers is significant enough to require protection, and by having redundant protection between online anti-malware and workstation-based anti-malware scanning, this risk can be greatly reduced.
Online anti-malware scanning is an important component of FormKiQ's security-based functionality, along with both in-transit and end-to-end encryption, all available as part of FormKiQ Pro and FormKiQ Enterprise.