Around 80% of the breaches that led to loss of data assets were executed via content-layer attacks, including attacks via social networks, browser and file format vulnerabilities, as well as phishing, according to the survey of 105 information security professionals.
“A content-layer attack is a client-side attack in which the threat is embedded in a document”, explained Kurt Bertone, chief security strategist at Fidelis. “When the victim opens that document, the threat executes and typically attacks the desktop application that opened that document.”
The loss of data for surveyed organizations ranged from intellectual property to employee information and classified information. In fact, customer data were stolen in 54% of the content-layer breaches, compared to 13% of internet-exposed service breaches.
“Very often these attacks are delivered using social engineering that is designed to trick someone in the organization into opening the document”, Bertone told Infosecurity. “The reason that there is such a high percentage of these attacks involving large enterprises is that it is the easiest way for the attacker to get in.”
Despite the loss of data reported, most of the survey respondents (82%) felt they were appropriately protecting data from content-layer threats.
One of the main challenges for enterprises dealing with this volume of threats is that it is difficult to know which ones are malicious and which ones are more of a nuisance, Bertone explained.
“Once the attackers get their foot in the door, there are a lot of ways that they can remain persistent in that network. Once they compromise one victim, they can download more malware code and move laterally throughout the enterprise network. They can plant backdoors that they can then later exploit”, he observed.
This is driving the need for an advanced threat defense posture that includes real-time threat analysis in order to help security teams address the threats that can do the greatest potential harm first, he noted.
Fidelis Security System has recently launched its Fidelis XPS malware detection engine that provides this capability. The product integrates Fidelis XPS’ ability to identify and detect threats at multiple points in the network with the ability to conduct deep malware analysis.
By combining threat detection and analysis, enterprises can boost their advanced threat defense against malware, a threat vector for many content-based threats which are proving to be a significant culprit in corporate data theft.
“Together, Fidelis XPS and the Fidelis XPS malware detection engine protect the enterprise through the full lifecycle of a threat including initial infiltration, command and control communication, propagation throughout the network, and data exfiltration, which is the primary objective of sophisticated adversaries”, Bertone said.