Many common file types, such as word processing documents, photo files, spreadsheets and PDFs make it easier for malicious actors to hide ransomware, zero-day attacks, and other advanced or targeted malware. Even a simple and innocent photo can easily contain malicious code. A lot of current systems simply cannot detect or stop this threat – hence why we see endless cyber-attack stories on the news every day. It’s a question of if, rather than when.
Here are some key, and quite frankly worrying stats*. If you are anything like me, stats are very informative and tell a great story:
- 66% of organisations with a web application for file uploads are concerned about a loss in business or revenue or reputational damage related to unsecure file uploads.
- 33% of those organisations with a web application for file uploads do not scan all file uploads to detect malicious files and 20% scan with just one anti-virus engine.
- 65% of organisations with a file upload web portal do not sanitise file uploads with Content Disarm and Reconstruct (CDR) to prevent unknown malware and zero-day attacks.
*Referenced from an OPSWAT Web Application Security Report 2021.
Power Of The Many
The key takeaways, in my opinion – yes it seems clear there is a genuine concern in regards to the security regarding file uploads, but it seems a lot of organisations are not following best practices to ensure they have sufficient security, with 53% of organisations interviewed using one or fewer anti-virus engines to scan files uploaded into their network. This is a gaping hole in their cyber security posture. Large organisations can have anywhere from 1,000 to 1,000,000 files being uploaded into their network every day. All it takes is for one of those compromised files to infect the entire network.
Here at LoughTec and our partners OPSWAT, we have a mantra that we trust no file, as one AV engine is simply not enough to detect malware threats in files. With one of the common, lower-performing AV engines, you will get a detection rate of 30-40% for the top 10,000 malware threats. The problem here is clear to see – the gate to your network is simply left open! One anti-virus engine is NOT enough!
Together with OPSWAT, we utilise a technology called anti-virus (AV) Multiscanning, which combines the detection ability of 35 AV vendors, such as CrowdStrike and McAfee, and merges them onto one platform, to provide the highest level of threat detection possible. This gives a detection rate of 99.3% of the top 10,000 malware threats. We call this the ‘Power Of The Many’.
In simplistic terms, consider you are going through airport security. One AV engine is the equivalent of a quick check over and allowing you to walk through. AV multiscanning is multiple skilled people scanning you multiple times, going through a bespoke scanning machine and then being personally scanned again. This would result in a much higher detection rate of something the airport doesn’t want to go through security.
My advice is to utilise multiple anti-virus engines to achieve the highest level of threat detection, as I cannot stress enough, one anti-virus engine is simply not enough.
We offer several solutions that utilise this same AV multiscanning technology, to scan files uploaded into your network, to ensure a detection rate of 99.3% of known malware threats coming into your network. When paired with our other technologies including data sanitisation (which removes any active content from within files that could be used to make it a threat), we also achieve protection against unknown threats, ensuring true zero-day prevention. This is how we add value to organisations within the financial and legal sectors. Examples of this include Sage, Landsbankinn, BidX1 and Carne Group.
If you wish to reach out and have a conversation on how AV multiscanning ensures you can trust files uploaded onto your network, or indeed discuss my R8 or EV’s, please feel free to DM me, email me on firstname.lastname@example.org or call me on +44 (0) 7775 826 874.