Protecting your content against cyber threats and data loss
Start Over
Conclusion
How Box security increases ROI
How Box solves for user-centric risk
How Box solves for content-centric risk
Internal threats
External threats
The Content Cloud: A secure approach
The Content Cloud:
A secure approach
Companies spend tons of time and effort eliminating security risks in their systems and applications, and rightly so. But to really improve their security, the focus needs to be on the content itself. That’s where the Content Cloud comes in. It’s a proven approach to managing your most valuable information, with a single, secure platform for the entire content lifecycle. Every step of the way, Box is here to help.
Today’s threat landscape:
Threats to your content can come from both external and internal sources. One way to think of these threat types is content- and user-centric, respectively. They create different, yet overlapping, kinds of risk.
Inside and outside the organization
Content-centric external threats create operational risk.
Malware
Cybercriminals seek out security vulnerabilities to install malicious software (malware) designed to exploit a private device, service, or network and steal content for financial gain (for example, by selling it).
Average cost of a malware attack on a company in 2023.¹
$2.5 million
Ransomware
Average ransomware recovery cost in 2021
$1.4 million
Criminals in this subset of malware recognize your content’s value and hold it hostage. They know that without it, your business will grind to a halt. Ransomware has dramtically grown in volume, seeing a 13% spike in 2022,² with 79% of companies having encountered a ransomware attack³ due to its lucrative nature and relative simplicity (thanks to “ransomware-as-a-service” on the dark web).
PurpleSec, “2023 Cyber Security Statistics: The Ultimate List Of Stats, Data & Trends," 2023
Source
Splunk 2022 Cybersecurity Report
IBM, Cost of Data Breach report, 2022
1
2
3
4
Sophos, “State of Ransomware 2022”
User-centric internal threats create financial and reputational risk. Data loss or compromise, even when accidental, reduces your content’s net value, causing financial and reputational losses. The typical target is personal identifiable information (PII) that can be resold on the dark web.
Email attacks are a type of social engineering breach that exploit human behavior. This is why collaborating on content using email attachments poses risks. Attachments from seemingly reputable emails can inject malware into a user’s device that then spreads quickly across enterprise systems.
File sharing
of unneeded and vulnerable file content is generated per employee per year by the pervasive use of email attachments combined with prevailing corporate user behavior
Close to 3Gb
Average cost of incidents related to employee or contractor negligence
$307,111
Negligence occurs even in the best organizations. Despite regular reminders about safe practices, mistakes — like sending a sensitive document to the wrong email recipient — happen.
Negligence
Average cost of criminal and malicious inside breaches
$756,760
Malicious activity by employees or contractors intent on stealing content is also a serious internal threat.
Malicious activity
Data Driven Investor, “Email Attachments Generate Nearly 6,000 Unnecessary and Unsecure Files per Employee per Year,” 2020
5
The Content Cloud takes a four-level, automated approach to securing content against external threats.
Prevent access to sensitive content
Detect malicious activity
Contain content to stop spread
Remediate by accessing a previous version
Malicious files on your computer may be synced to other users, but ransomware can’t spread further once it’s within Box cloud storage. All files are encrypted at rest and don’t have an executable environment from which to run. Box lets users collaborate while maintaining data compliance — and without exchanging highly vulnerable email attachments. Moreover, Box Shield Smart Access features let you classify your content with a permanent label that restricts sharing content outside your organization.
Research shows that automation and security artificial intelligence (AI), when fully deployed, reduce the average cost of a breach by 79%. Box Shield uses context-aware machine learning (ML) to scan external content shared by third parties and internal content upon upload. Box Shield also scans when users perform an action such as share, preview, and download. Shield recognizes malicious traits (even those of more sophisticated malware) within the content in near real time and automatically labels the file as malicious. Box Shield’s deep learning technology makes it possible for IT and security teams to address potential threats in an efficient and structured manner. Shield will also generate a detailed security alert so security and IT teams can act quickly. You can see these alerts in the Shield dashboard or have Box send them to your SIEM with built-in integrations. The alert will show you who uploaded the file, any threat intelligence about the malware, and file-related activities to date, so your team can choose the best response. To minimize disruption, Shield allows admins to mark the threat verdict for low-risk content as safe.
Once Shield identifies malicious content, it restricts downloads and local editing to prevent the spread to more users and devices. Users will see a malware notification in the Box UI, but they can still safely preview and edit the file online. This allows your teams to stay productive.
If your systems become infected with malware, you can still preview your content in the Content Cloud while your team works to research the threat. Because Box creates a new file version with each save, you can delete affected files without original data corruption and access previous versions of important files following a ransomware attack. If you have developer resources available, you can write a custom script that rolls back all infected files to an unaffected version using the Box API.
IBM, Cost of a Data Breach report, 2022
6
Box takes a multi-pronged approach to internal threats that removes the burden of security from your employees, contractors, and other users — while allowing them to continue working seamlessly.
Box allows you to protect your content using a “zero-trust” posture. Rather than assuming certain content or users are trustworthy, it uses context-aware intelligence to check for suspicious behavior during common activities, such as upload or sharing.
Zero-trust infrastructure
Box offers a highly secure experience that lets users easily share and collaborate on content without putting it at risk. With Box Shield, admins can allow users to make one-time access exceptions with admin-defined business justifications, bolstering security without impeding productivity.
Zero tolerance for a poor user experience
Box Shield leverages ML-powered anomalous behavior detection to identify potential threats such as compromised accounts and data theft and keeps security teams informed with alerts.
Anomalous behavior detection
Watch the video to learn more
Having all your content in the Content Cloud makes secure collaboration easy. Centralized content also streamlines information management and governance, keeping your content safer and always up to date.
Centralized content layer in the cloud
Box Shield adds yet another layer to the Content Cloud’s core security features, which include built-in multifactor authentication (MFA), single sign-on (SSO), watermarking, and KeySafe encryption key management. Box lets you and your team work the way you want by integrating seamlessly with thousands of popular applications.
Security that travels with your content
Show me the money:
In a commissioned study, Forrester recently analyzed the total economic impact of the Content Cloud. Among the many ways in which the Content Cloud impacts the bottom line, several relate to content security directly.
Total savings
in net security, governance, and compliance savings, including reduced risk of data breaches and streamlined content access monitoring with Box Shield
$1,125,000
Third-party costs
avoided cost of third-party security and compliance solutions and certification
$245,000
User-centric risk
savings: data breach from accidental data leakage
$580,000
Data governance
savings in improved ease of data governance
$63,000
User content access monitoring
savings: monitoring employee content access
$237,000
Forrester, The Total Economic Impact™ of the Box Content Cloud, June 2021.
7
*Commissioned study conducted on behalf of Box by Forrester Consulting (June 2021); totals based on a composite organization of 5,000 employees.
Box (NYSE:BOX) is the Content Cloud, a single platform that empowers organizations to manage the entire content lifecycle, work securely from anywhere, and integrate across best-of-breed apps. Founded in 2005, Box is trusted by 69% of the Fortune 500, including AstraZeneca, General Electric, JLL, and Nationwide. Box is headquartered in Redwood City, CA, with offices across the United States, Europe, and Asia. To learn more about the Content Cloud and the many ways it supports sharing and collaboration without compromising security, visit box.com/shield.
Final CTA Button
Back to cover
About Box