Raiders of the Lost File Shares: How Document DRM Protects Your Enterprise from Malware

WatchDox

Man walking through forest with macheteProfessionals on the right side of the law aren’t the only ones who understand the value of automation. Why sit in front of a computer for hours at a time trying to break into a server when one can deploy a piece of malware for the job? This way, a criminal can kick back with a beer while they wait for their code to work – ideally, they’ll get what they’re after without having to lift a finger.

Malware-based attacks are on the rise, targeted at organizations ranging from internet service providers to the United States government. In response, companies are beefing up their cybersecurity spending. But that on its own isn’t enough.

Even the toughest firewall can be cracked, and you need countermeasures in place in the event that your business is targeted.

Hostile Terrain: Understanding the Current Malware Landscape

Modern malware is a very different beast from the malicious software of yesterday.

Early malware authors often didn’t intend for their programs to cause harm, and few considered the notion of targeting their creations at the enterprise. Today’s authors are different. They know exactly what kind of software they’re creating, what they want that software to do, and who they want it to target.

It’s you – or more specifically, your files. In broad strokes, there are three primary “breeds” of malware you need to be aware of:

  1. Destructive Malware

Destructive malware is designed chiefly to destroy the systems on which it is stored. While it may have a secondary purpose such as data theft, it primarily exists to wreak havoc. BKDR_WIPALL, the malware used in the 2014 attack on Sony, is an especially nasty example.

  1. Non-Destructive Malware

Not all malware is designed to obliterate an infected system. Many enterprise-targeted malicious apps are instead designed to “observe and capture.” Among its other functions, the T9000 backdoor Trojan automatically seeks out and steals Microsoft Office files, and can also be used to manually download, upload, and delete files across drives and directories.

  1. Ransomware

Ransomware – malware that steals documents and data with financial extortion in mind – is unique, but it’s by no means new (it’s been around since 1989’s AIDS Trojan). It was with CryptoLocker that it really rose to prominence. Thanks to that application’s early success, ransomware is now one of the fastest-growing breeds of malware in enterprise.

It’s most frequent in the healthcare industry, but any business with mission-critical documents can fall victim to an attack.

Preventative Measures: Keeping Your Files Safe from Bad Apps

Malware presents us with three major challenges from a file security standpoint:

  1. IndyTools-squareStolen files
  2. Destroyed/locked endpoints
  3. Deleted/damaged files

WatchDox, a recent leader in Forrester’s EFSS Wave Report, addresses all three by providing file-level security for your critical documents. This security, which travels with the files wherever they go, ensures that only authorized, authenticated users have access. This means that even if your network security is breached, there’s another line of defense protecting your data.

A lot of the malware targeting enterprise is designed to get in, extract files, and send them somewhere. Assuming they do this with documents protected by WatchDox’s DRM, all the criminal will get is a bunch of encrypted, unreadable data blobs. Similarly, should an endpoint be destroyed or walled off by ransomware, you won’t lose access to the files that the endpoint contains.

Even if an individual user (or group of users) has their device compromised, WatchDox ensures that their files are synchronized on other endpoints within the organization. That way, even if the file is destroyed on one endpoint, it’s still available on others. WatchDox’s protections also ensure that any attempts by malicious applications to overwrite, delete, or otherwise damage enterprise documents will fail – protected files cannot be deleted or modified without authorization.

Finally, WatchDox cannot itself be used as an entry point for malicious software. In addition to its file-level security and encryption, the WatchDox database is also encrypted. When paired with off-the shelf backup and recovery systems, it provides an effective defense against malicious intrusion of any kind.

Malicious software is gaining in popularity as an attack vector. In order to protect yourself, you need to do more than shore up your perimeter. You need to look into file-centric protections, as well – because your files are exactly what criminals are going to target.

Want to learn more about what WatchDox can do for you? Check out our webinar, WatchDox by BlackBerry: Industry Use Cases for EFSS or download the Forrester Wave report naming us a Leader in EFSS. You can also visit the official WatchDox page or view our WatchDox product demo for further information.

About Dan Auker

Director of Product Management, Enterprise Software - Dan is an industry veteran with 18+ years experience building and monetizing enterprise software and solutions.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus