Child sexual abuse material - a cybersecurity threat that should be on every CISO’s radar

You know that CSAM is illegal and a threat to IT infrastructures and work devices, but if we dig deeper, it becomes apparent just how prevalent it is. Our research* shows that 1 in every 500 work computers is used to view, store or distribute CSAM.

Our research also shows that this number is radically different to how IT professionals view the problem - with many believing that the number is closer to 1 in 1000, or even 1 in 10,000.

Clearly, there is a discrepancy between the prevalence of CSAM and how serious it is regarded as an IT security matter and illegal activity. 70% of IT professionals underestimate just how serious the problem is.

The good news is that although CSAM is a growing problem, there are ways to deal with it. But before CISOs and other IT professionals strategize and put measures in place, it’s good to know exactly how it affects businesses today.

It’s a serious breach of protection, but also poses a threat to the business as a whole

CSAM is a complex societal matter that cannot be handled simply with filters and other non-targeted measures. The employee that consumes it is committing an offence. Then why are they viewing it on a work computer? Well, we know lines get blurred between private and personal use of work devices quickly. We check our private email, view a film when travelling for work etc etc. It’s mostly innocent.

But when an employee consumes illegal material like CSAM they are not only opening up the IT environment to risk - they are showing problematic and criminal behavior, and putting themselves and the company at risk of blackmail. Recently, we found that 65% of organizations reported a case of CSAM in the past five years. That’s a lot of potential for blackmail and other damage.

“For obvious social and legal reasons, an individual viewing or distributing CSAM fears exposure, making them a prime target for blackmailers and extortionists. Imagine if this person holds access to sensitive or confidential material, such as bank accounts, access codes or classified information and you start to understand the serious nature of this threat.”

Dealing with the threat starts with understanding the individual

Whether the aim is to change or affect public opinion for political purposes or extort money from an individual or organization, gaining some kind of leverage on the target is necessary. And to understand this, Honan makes an important point about the digital behavior of the child sexual abuse material consumer.

How to stop this security risk - what’s most frequently used today?

The most commonly used dedicated solutions rely on DNS filters, web filters and URL blockers to prevent employees from accessing webpages with CSAM. However, these are limited because:

• DNS filters are only capable of regulating web traffic if a device is connected to the same network.
• Web filters rely on keywords and phrases to scan web pages before they load and try to conclude whether or not the page contains illegal content, which can restrict legitimate sites.

For secure browsing, URL blockers present the most effective method as they match against a list of illegal addresses. But, illegal websites often move around and will reappear under new names and addresses. That’s why a solution that guarantees URL list authenticity and commits to regular updates is vital.

Another big problem is the fact that the internet is not the only source of CSAM. When it comes to private collections, consumers of CSAM usually keep them close, which explains why 1/3 of reported incidents involve external storage devices.

Again, why does this affect a business? Because once a device has been given to an employee the line between work use and private use is frequently blurred. A company laptop could be used to view and download material stored on a private external hard drive or USB stick. It is much more common than common sense would suggest.

How to stop CSAM more effectively

Filters will let CSAM material through - it is evident from the amount of CSAM that is actually found on computers today. And as much material comes from different types of storage devices, it is important to have detection software running all the time throughout the organization’s devices and IT network.

Specifically designed tools that detect on content level are available today. They offer real-time detection - matching against frequently updated databases that detect verified material, work on and off line, leave no footprint and have a low performance impact. They work as insurance against the problems that CSAM present.