Virtual Data Room Blog

Virtual Data Rooms: Safeguarding Sensitive information from APT

02-Sep-2013 10:29:00 / by Kamal Raj

Its Monday ! Here we are again to stress on the importance of Security and how a  Virtual Data Room can protect and minimize potential threats to your confidential documents. The same ingenuity that brought us the technology of the information age brought us cybercrime – a new class of criminal activity that takes place entirely online. It includes security breaches, compromised intellectual property, identity theft and fraud. Business is particularly vulnerable to the Advanced Persistent Threat (APT) category of cybercrime.

What would the damage to your company be of such an attack? Safeguard  your sensitive information by understanding how APTs work and how to  protect yourself against them.

What is APT?

The term describes long-term, targeted and sophisticated attacks led by professional hackers against key company officers. The process mainly uses automated tools created for the purpose of gaining control of data for eventual financial gain. These attacks are seldom random. They are often politically motivated and may even be government-backed. Once inside your network, the hacker gathers user information and establishes back doors that can self-multiply. These allow attackers to install a range of bogus utilities and set up the infrastructure for distributing malware.

 APT Targets

Firms targeted most often by APT include technology companies, banking, business services and, increasingly, law firms. Industry security experts believe the latter is an attempt to gain information about the law firms’ corporate clients.

recent example of an APT is Ubisoft, a video game company that experienced a security breach on 3rd July 2013. Attackers used one of the company’s websites to gain access to online systems and steal user names, email addresses and encrypted passwords. Fortunately, no credit card information was stolen.

Spear “Phishing“

The most common method of APT attack is spear phishing. A play on the term “phishing,” which is an attempt to obtain information surreptitiously, spear phishing uses the same principles in a targeted manner:

  • Hackers first research their target to determine what the payout might be. This could be the theft of financial information, the sale of intellectual property or damage to the organization’s records.

  • Once the target is identified, the attacker’s software sends malicious emails designed to infect the target company’s network. The emails usually contain links which, when clicked, download spyware to the users’ computer and ultimately to the network.

  • The spyware then obtains credentials of various users, particularly highly placed officers and administrators. This enables the hacker to establish a back door, which gives them full, ongoing access to all parts of the network including email traffic—unless the company makes use of secure methods such as virtual data rooms.

Safeguarding Against APTs

To protect your company and data from these types of attacks, identify and segregate any sensitive information that may be prone to attack. Virtual data rooms offer a secure environment for the storage of confidential documents, with 256-bit encryption, unique user logins, remote lock-down of files, audit trails and reporting options. The technology is cloud-based, so there’s no capital investment and the deployment can be customized to suit your specific requirements.

Communication is more secure, too. Virtual data rooms have a Q&A options, which enables users to ask and answer questions and communicate with others via the room. This minimizes the use of email traffic by reducing the need to send confidential information back and forth over an unsecured network.

It’s impossible to achieve 100% security, but by using virtual data rooms you’re surely making things harder for potential hackers.  


                                            Virtual Data Room Whitepaper  

Topics: virtual data room, Data Security, security