The growing threat landscape requires endpoint security be the cornerstone of any enterprise security strategy
Ransomware attacks continue to loom large as a threat and cybercriminals are evolving ever-sophisticated approaches to target organizations across industry and government agencies. No one is untouched it’s only a matter of time.
It’s becoming challenging for security and compliance teams to protect the enterprise assets and data from cyberattacks. The killing of the Iranian IRGC Quds Force commander Qasem Soleimani has put the U.S. on high alert, as government leaders and others prepare for Iranian cyberattacks retaliating for the U.S military strike that killed a top Iranian leader.
Most cyberattacks that transpire today start at the endpoint, despite enterprises spending a lot to protect their assets. Regardless of the motive—such as financial gain, geopolitical conflicts or espionage activities—and no matter what latest or greatest cybersecurity protection that an enterprise has invested in to protect the organization, unprotected endpoints are the low-hanging fruit that cybercriminals go after to get into the enterprise. Once an endpoint is compromised, it is easy for cybercriminals to move within the network laterally and find the critical business-sensitive and customer data.
The speculation around Iran’s cyberattack kicked off 2020, though there is a lot to come including the upcoming U.S. election. That will be the country’s most prominent cybersecurity test, as we all know debates surrounding the last election and Russia’s interference.
According to IDC, 70% of successful breaches originate from the endpoint. The JP Morgan breach, which exposed half of U.S. households and millions of small businesses, started with a compromised endpoint.
Endpoints are the weakest link in the enterprise network security. Endpoint devices include laptops, desktops, mobile devices, point-of-sale (POS) devices and IoT devices that connect to the network and access and/or process enterprise business data. The workplace is changing as businesses embrace digital transformation and a new way of working from anywhere and anytime, keeping sensitive data safe is growing the challenge for the enterprises.
Cybercriminals today are trying to get into organizations by compromising the endpoints and using the latest tactics, techniques and procedures (TTP) as well as technologies powered by AI and machine learning capabilities. The threat landscape is continuing to grow in its complexity and sophistication: 71% of data breaches were motivated by financial gain, according to Verizon’s 2019 data breach investigation report. The findings further indicate that financial gain is still the most common motive behind data breaches where a motive is known or applicable.
The common threats that target the endpoints:
- Malware, any software or code developed for the purpose of compromising or harming information assets without the owner’s informed consent.
- Social, tactics employing deception, manipulation, intimidation, etc., to exploit the human element, or users, of endpoints assets.
- Advanced persistent threat (APT), which is a stealthy computer network threat actor, typically a nation-state or state-sponsored group, that gains unauthorized access to a computer network and remains undetected for an extended period.
- Ransomware, a type of malicious software, or malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.
Endpoint Security Challenges:
An organization must protect every single endpoint in the network, while cybercriminals only need to compromise one to get success.
- According to the recent findings, 42% of endpoints are unprotected at any given time, the study indicates that increasing security spending does not provide adequate protection.
- Misconfigurations and employee mistakes contribute to breaches—84% of organizations say spear-phishing attacks successfully compromised them.
- A large endpoint footprint and legacy endpoint protection solutions that were implemented a few years back fail to provide protection from today’s evolving threats.
- Some industry processes still follow traditional waterfall approaches when it comes to upgrading new solutions or technology implementation, which take years for them to be able to operationalize the new technology or solution, which by that time the solution that was selected, becomes outdated.
- Traditional or legacy endpoint security solutions not only fall short on providing protection from evolving threats, but they also generate a high volume of alerts and organizations don’t have enough resources or time to investigate every single alert.
- Organizations don’t have visibility across the environment to address open vulnerabilities that may be present on the endpoint due to the lack of asset management or configuration management database (CMDB) practices.
- Almost every organization today faces a lack of in-house skills and security expertise when it comes to managing the existing solution or opportunities to transition these legacy solutions into next-generation endpoint security solutions.
- Research says that users are significantly susceptible to social attacks and cybercriminals are targeting endpoints (laptops or mobile devices) using email-based spear-phishing, spoofing attacks that attempt to mimic legitimate webpages and attacks via social media.
Time to Redesign Endpoint Security Strategy
Cyberattacks are growing in complexity and becoming more difficult to prevent and continue to accelerate. It’s time to think beyond traditional endpoint technology focused on signature-based prevention. Today’s malware changes daily and hourly, making signature-based prevention tools obsolete. Today, we need an integrated threat prevention solution powered by AI and machine learning models to detect and block malware infections with additional security controls to provide protection against script-based, fileless, memory exploits and zero-day attacks, and be able to detect a threat in the environment if the protection layer fails to contain the threat and minimize the damage.
To address the growing cyberattacks on the enterprise, endpoint security needs to be integrated into the overall cybersecurity plans to be more effective at providing prevention, detection and response to the attacks in real-time and provide effective compliance reporting. An organization must be able to isolate, secure and always be able to control every single endpoint on the network and design the solution with zero trust strategy: Validate before trusting an endpoint in the network.
BYOD is another endpoint source joining the enterprise network as our workforce becomes even more mobile. An organization should not trust an employee’s own laptop or mobile device without required protection and monitoring capabilities. BYOD devices come with an extra risk to enterprises if an attacker is able to compromise it while the user is connected to the enterprise network.