File-Sharing Security: Emerging Risks and Ways to Help Mitigate Them
The digital era has revolutionized data sharing, enabling organizations to collect, store, analyze, and share information more extensively than ever before.
Current Capabilities of File-Sharing Solutions
- Cloud-Based Services: Organizations increasingly rely on cloud-based file-sharing services to manage internal and external access to digital files. These platforms offer centralized storage, collaboration features and secure sharing options.
If your organization is managing a file-sharing solution on-premise, there are additional considerations that are outlined below.
- Encryption: Robust encryption mechanisms protect data during transmission and storage. Implementing encryption across all communications is crucial. Innovations like fully homomorphic encryption (FHE) allow secure data sharing without compromising confidentiality.
- Efficiency: While email can serve as an effective means of data sharing, it has its limitations. For instance, the largest file in Outlook is restricted to 20MB. For small files, this may be sufficient. File Sharing Technology creates operating efficiency by solving that problem, allowing for much larger data to be sent.
How Can You Ensure File-Sharing is Secure and Confidential?
The interconnectivity of technology is rapidly evolving and brings forth new challenges related to the confidentiality, integrity, and availability of information.
Secure File Sharing, or sFTP, is not an emerging risk, but it is quickly becoming the prime target for threat actors. Increasingly, organizations aren’t removing data from a specific file transfer link, which leads to unmanaged, and often unknown, databases of information that threat actors (hackers) are eager to exfiltrate.
How can your business mitigate cyber risk related to secure file transfer technology?
Risky Behavior and Mitigation Strategies
Recently, as file-sharing technology began to proliferate in the business-to-business space, risky trends have emerged that have led to large, detrimental cyber-attacks. Specifically, we’ve found that organizations are failing to delete data stored in these solutions.
Some are neglecting to patch and update software, whether on-premise or cloud-based and failing to implement necessary access controls and log monitoring necessary to ensure the secure sharing of data. Below are risks and some recommended mitigation measures:
Ransomware
Risky Behavior: Ransomware attacks exploit encryption to lock users out of their critical data. Malicious actors demand payment for decryption keys and often demand ransom not to release exfiltrated data on the dark web.
Mitigation:
- Regular Backups: Frequent backups ensure data recovery even if compromised. Preferably immutable and air gapped. Immutable meaning, not able to be changed, permanent. This type of data backup ensures that you are able to recover and when mixed with air gapped, or separated from the network, follows recommended best practices.
- Network Architecture: Logical separation and a zero-trust architecture approach can help to minimize the blast radius a ransomware event may have within an organization’s IT environment.
- Logging and Monitoring: By logging access and activity within a File Sharing environment, you can identify anomalous behavior and conduct audits to determine risky users who may need additional security controls around their access.
Adversary-in-the-Middle (AITM) Attacks
Risky Behavior: AITM attackers intercept, steal, and modify communications between devices and applications.
Mitigation:
- Encryption: As outlined above, employ encryption for all communications, regardless of the network type (Wi-Fi or cellular). TLS v1.3 is considered the strongest data-in-transit available today.
- Two-Factor Authentication: Implement multi-factor authentication to help prevent unauthorized access.
- Cloud Security: Implement security solutions that allow for configuration, patch, and threat management. These solutions are important for managing risks related to cloud-based file transfer. These controls include:
- SaaS Security Posture Management (SSPM)
- Cloud Security Posture Management (CSPM)
- Cloud Native Application Protection Platform (CNAPP)
- Cloud Workload Protection Platform (CWPP)
Data Breach and Exfiltration
Risky Behavior: Forgotten data in a file-sharing service could create havoc for your business. Often, organizations are unknowingly creating databases and leaving troves of protected and confidential information insecure.
Mitigation:
- Data Deletion: Ensuring that file transfer technology does not become a database in itself is essential to its security. By decommissioning the transfer mechanism and deleting data stored on the server side, you’ll reduce the likelihood of unauthorized data exfiltration.
- Access Control: Ensure that each user with access to a file has their own levels of control and there are not additional privileges for regular users that could be exploited.
- Physical Security: Often overlooked, having to badge in, video cameras, and locked servers can be a great deterrent to someone physically exfiltrating data from your assets.
We’re Here to Help
Taking a proactive approach to data sharing, coupled with robust security measures, can enable you to harness the value of information assets while helping safeguard your organization against cyber risks.
Great American policyholders can use our innovative risk management platform, Eagle Eye, to build an IT Roadmap that can help your company better manage evolving risks like the MOVEit vulnerability and more.