As we launch into the new year with new resolutions and aspirations for the future, many of us take this opportunity to search for a new job. In fact a survey conducted last year by Investors in People, revealed that nearly half of Brits were looking to change jobs this new year.
For many businesses, this means an influx of CVs, cover letters and recruitment documents and whether sent by email or submitted through an online portal, these documents present a significant security threat.
Cyber-criminals are increasingly injecting zero-day exploits and even completely undetectable malware into these documents, with the goal of establishing a foothold inside the network from which to launch further exploits.
So why has recruitment activity has proven such a popular avenue for cyber-criminals? And what can be done to mitigate the threat?
Insecure by nature
Recruitment is a risky business from a cybersecurity perspective, as actively seeking to engage with and receive content from people you don’t know is at the core of the role. After publishing a job, recruitment and HR professionals will receive emails with CVs and cover letters attached, as well as any other completed application documents.
For recruiters, these are critical documents that can’t be avoided from a security perspective, no matter what best practice their IT teams recommends about receiving content from unknown contacts. Making the matter even harder for recruiters, candidates often apply from personal email addresses, which cannot be written off as illegitimate no matter how obscure-looking.
Given its insecure nature, it’s perhaps unsurprising that we’ve seen numerous instances of cyber-criminals launching malicious campaigns masquerading as recruitment activity.
In December, for example, McAfee shared details of a new global campaign targeting nuclear, defense, energy and financial companies, called “Operation Sharpshooter”, where documents masquerading as legitimate industry recruitment activity were used to introduce malware into the organizations. Once downloaded into the organization, the weaponized macro lying in wait in the document then ran in memory to gather and communicate intelligence from across the business.
Detect and protect isn’t working
There’s no easy way to detect such threats – especially as many traditional document security solutions continue to fall short. In many cases, for example, the malicious attachment contains no active code (VBA macros or scripts) and no reliable signature that can be used by email filtering products to detect the threat.
Also, sandbox detonation also frequently misses malware, with some malware lying dormant beyond the time that many organizations are willing to wait to receive their work-critical documents.
Ultimately, the ‘detect and protect’ approach to email security isn’t working. It is impossible for businesses to operate without sharing content and communications with customers, partners and other colleagues.
With unknown and even undetectable threats routinely embedded into all common content types – from DOC, PPT and PDF to JPG and GIF – it’s critical that businesses consider a new and better route to securing their organizations from content threats.
Remove the threat
Unlike detect and protect security processes, content threat removal platforms use content transformation to prevent any exploit in business communication from entering an organization – whether that’s via email, web portal or file transfer. The platform breaks down the file at the boundary, extracting the business information and discarding the rest of the data – in turn eliminating any potentially malicious components, like active code or macros. Using the business data, a new document is built in fractions of a second which is then sent to the intended business user – 100% threat free.
Whether it’s your recruitment activity, or the actions of the sales team or the CEO – anyone can introduce undetectable threats into their organizations without the right protection. That’s why the only real option is to transform the business content and eliminate the threat at the security perimeter, before it gets close to your most valuable data.