sb-nz logo
Story image

Data loss prevention: Why digital images should not be overlooked

08 Oct 2019

Article by Clearswift CTO Guy Bunker

Digital images are increasingly being used as mechanisms for cyber-attacks. What can organisations do to minimise risks and mitigate against this advanced threat?

The world of cybersecurity never stands still.

Cyber criminals are becoming increasingly creative, releasing new sophisticated cyber-attacks through innocuous-looking documents, email messages, social media, and even texts.

Their latest threat innovation involves everyday digital image files such as PDFs, JPGs, PNGs, GIFs, (and other image file types), used as the delivery source of targeted Advanced Persistent Threats on the way into organisations and as tools for concealing critical information on the way out.

Image files are one of the biggest unaddressed data loss issues for organisations today.

A step-change required for DLP

Traditional Data Loss Prevention (DLP) solutions provide basic protection against the threat of someone trying to send a file to an unauthorised individual.

However, to combat advanced threats, data loss prevention requires a step change. Clearswift solutions provide an advanced level of Deep Content Inspection so that email messages, attachments and web uploads/downloads can be scanned to detect sophisticated threats such as ransomware embedded in documents and images.

Once detected, Adaptive Redaction Technology – developed to modify the content of files in real-time – can be used to remove only the malicious or sensitive data, allowing the remaining digital communication to continue its way.

This enables a continuous flow of communication without the risk of critical information being shared with unauthorised individuals, or malicious content being received into the network.

Mitigate against new image-based threats

Clearswift has developed a range of new innovative features within its SECURE Email and Web Gateways to help combat next-generation data loss risks through images.

Optical Character Recognition (OCR) is a digital technique for analysing images and extracting the text, so that it can be processed like a normal electronic document using DLP functionality.

This includes scanned documents to PDF (from a multi-function printer, for example), or screenshots saved as an image such as a JPG.

OCR enables the images to be analysed just like any other document or file during the transfer process – whether via email or when being uploaded/downloaded to/from websites and Cloud apps.

A further enhancement to OCR analysis allows redaction of text in images, removing only the information which breaks policy by drawing a ‘black box’ across the words.

A technique called steganography can also be used by cybercriminals to ‘hide’ information in digital images.

This is where tools are used to subtly change the image by encoding and embedding sensitive data such that, to the naked eye, there is no visible difference and then the image is used to exfiltrate data.

A standard-sized image can easily hide several thousand customer contacts or account numbers.

In this case, OCR will not help remove the risk as it isn’t a picture of the text.

However, Clearswift’s anti-steganography functionality will disrupt the image so that no hidden data can be extracted – but the image, to the naked eye of the recipient, remains the same.

Leave no stone unturned

When it comes to threat detection, images should not be overlooked.

New technology within advanced DLP solutions, such as Clearswift’s OCR and anti-steganography functionality, can mitigate against the risks of images being used as weapons to launch cyber-attacks or to exfiltrate data.

Using these technologies organisations can protect themselves against data breaches and keep their critical information secure.

For more information, visit here.

Story image
Users pay with personal data - Kaspersky on WhatsApp move to share data with Facebook
"Nothing is truly free, and, unfortunately, the current business model for free services means that, essentially, we pay with our data."More
Story image
Hornetsecurity acquires Altaro, the latest in acquisition spree
The move is a culmination of a medley of acquisitions made by Hornetsecurity recently, following the January 2019 acquisition of Spamina, a Spanish cloud email security company, as well as EveryCloud, its British market partner, in early 2020.More
Story image
Alibaba Cloud and LGMS tackle hybrid and multi-cloud security
Alibaba Cloud and LGMS, a cybersecurity consulting company, are teaming up to tackle the challenge of security around digital transformation and hybrid cloud.More
Story image
Red Hat to acquire Kubernetes-native security provider StackRox
Red Hat will further expand its security offering, adding StackRox's complementary capabilities to strengthen integrated security across its open hybrid cloud portfolio.More
Story image
Malware variants becoming increasingly prevalent, sophisticated and evolved
"The modern threat landscape and ongoing evolution of malware are loud factors pushing every business to understand and identify modern malware threats and the necessary precautions to take to protect against them."More
Story image
Top security threats for 2021
2021 will see several themes develop into full blown security threats, many of them borne from the struggles of pandemic-stricken 2020, writes Wontok head of technology Mick Esber.More