Ransomware attack continues to loom large as a threat, cybercriminals evolving ever sophisticated approaches to target the organizations across industry and government agencies, no one is untouched it’s only a matter of time.
It’s becoming challenging for security & compliance teams to protect the enterprise assets and data from cyber-attacks. The killing of Iranian IRGC Quds Force commander has taken full cybersecurity space across the industry, government leaders are starting the year on high alert for Iranian cyberattacks retaliating for the U.S military strike that killed the top Iranian leaders.
Most of the cyber-attacks that transpired today start at the endpoint, despite enterprises spending a lot to protect their assets. Regardless of the motive, such as financial gain, geopolitical conflicts or espionage activities — no matter what latest or greatest cybersecurity protection that an enterprise has invested into to protect the organization, if an endpoint is not properly protected & present any vulnerabilities then this is the low hanging fruit that the cybercriminals go after to step into the enterprise. Once an endpoint is compromised then it is easy to go for Cybercriminals to lateral movement around the network and get hold-of “Crown Jewels” hosting business-sensitive & customer data that they’re behind.
The speculation around Iran’s cyberattack is one of the events that freshly started with 2020, though there is a lot to come, such as the upcoming US election that will be country’s most prominent cybersecurity test ever before as we all know debates on last election and Russians interference.
According to the IDC findings, 70 percent of successful breaches originate from the endpoint. The JP Morgan breach, which exposed half of U.S. households and millions of small businesses, started with a compromised endpoint.
Endpoints are the weakest link in the enterprise network security. Endpoint devices include a laptop, desktops, mobile devices, point-of-sale (POS) devices and IoT devices that connect to the network and access and/or process the enterprise business-critical data. The workplace is changing as businesses embrace digital transformation and a new way of working from anywhere and anytime, keeping sensitive data safe is growing the challenge for the enterprises.
Cybercriminals are today trying to get into the organizations by compromising the endpoints and using technologies powered by AI and machine learning capabilities, the threat landscape is continuing to grow in its complexity and sophistication. 71 percent of data breaches were motivated by financial gain per Verizon’s 2019 data breach investigation report, the findings further indicate that financial gain is still the most common motive behind data breaches where a motive is known or applicable.
The common threat that targets the endpoints:
· Malware, any software or code developed for the purpose of compromising or harming information assets without the owner’s informed consent
· Social, tactics employing deception, manipulation, intimidation, etc. to exploit the human element, or users, of endpoints assets
· Advanced Persistent Threat (APT), An Advanced Persistent Threat is a stealthy computer network threat actor, typically a nation-state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period
· Ransomware, a type of malicious software, or malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website
Endpoint Security Challenges:
An organization must protect every single endpoint in the network, while cybercriminals only need to compromise one to get success.
1. The endpoint continues to grow as the organization grows and hires new employees and contractors.
2. According to the recent findings, 42 percent of endpoints are unprotected at any given time, the study indicates that increasing security spending does not provide adequate protection.
3. Misconfigurations and employee mistakes contribute to breaches — 84% of organizations say spear-phishing attacks successfully compromised them.
4. Due to large endpoint footprint and legacy endpoint protection solutions that were implemented a few years back failed to provide protection from today’s evolving threats.
5. Some industry’s processes are still followed old traditional water-fall approaches when it comes to upgrading new solutions or technology implementation which take years for them to be able to operationalize the new technology or solution by that time the solution that was selected becomes outdated.
6. The traditional or legacy endpoint security solution not only fall short on providing the protection from evolving threats, but they also generate a high volume of alerts and organization don’t have enough resources & time to look and investigate every single alert that comes out from these legacy endpoint security solutions.
7. Organizations don’t have visibility across the environment in order to address the open vulnerability that may present on the endpoint due to the lack of asset management or configuration management database (CMDB) practices.
8. Almost every organization today faces inhouse skills and security expertise when it comes to managing the exiting solution or opportunities to transition these legacy solutions into next-generation endpoint security solutions.
9. Research points that the users are significantly susceptible to social attacks and cyber criminals targeting endpoint (a laptop or mobile devices) using the email-based spear phishing, spoofing attacks that attempt to mimic legitimate webpages, as well as attacks via social media.
Time to Re-design Endpoint Security Strategy — Think beyond traditional approaches.
Cyberattacks are growing in complexity and becoming hard to prevent and continue to accelerate. It’s time to think beyond traditional endpoint technology focused on signature-based prevention. Today’s malware changes daily and hourly basis and making signature-based prevention tools are becoming obsolete. Today we need an integrated threat prevention solution powered by AI & Machine earning models to detect & block malware infections with additional security controls to provide protection against script-based, fileless, memory exploits and zero-day attacks, and be able to detect a threat in the environment if the protection layer fails — to contain the threat and minimize the damage.
To address the growing cyber-attacks on the enterprise, endpoint security needs to be integrated into the overall cybersecurity plans to be more effective providing prevention, detection and response to the attacks in real-time and provide effective compliance reporting. An organization must be able to isolate, secure, and always control every endpoint on the network and be able to design the solution with Zero Trust strategy — validate before trusting an endpoint in the network. BYOD is another endpoint that is coming along due to the change in the way we live and work in today’s fast changes workspace environment. The organization should not trust employee’s own laptops or mobile devices without putting require protection and monitoring capabilities. The BYOD devices come with an extra risk to enterprises if an attacker could compromise it while the user is connected to the enterprise network.