When putting in place a cybersecurity strategy, perhaps the most crucial area to pay attention to is that of the endpoint - the place where devices such as PCs, laptops, phones, tablets and, increasingly, internet of things (IoT) devices interface with a network.
In an enterprise setting, where it is vital that systems and data remain uncompromised, there are accordingly numerous solutions to ensure equal levels of security across an often very large number of endpoints. One of the most basic is antivirus software, ensuring that if, for instance, malware infects an employee’s device, it is quarantined then and there without being able to spread.
Up to date
As the number of devices within a network proliferates, it becomes important to ensure endpoint devices are kept up to date with software patches or updates. The consequences of not doing so can be extreme, as we saw with the WannaCry ransomware unleashed in 2017, which is believed to have originated in North Korea. Utilising the EternalBlue exploit for the Microsoft Windows operating system, the ransomware spread worldwide over the course of a few days despite Microsoft having previously issued a patch closing the vulnerability. WannaCry’s spread was consequently directly facilitated by unpatched and old, end-of-life versions of operating systems.
As it turns out, much more widespread damage was averted by the discovery of a killswitch by malware researcher and reformed hacker Marcus Hutchins. Despite that, the United Kingdom’s National Health Service suffered $100mn in costs caused by the ransomware, highlighting the very real consequences of operating systems not being kept up to date.
Endpoint detection and response
Such calamities have led to the uptake of more proactive endpoint protection technologies, such as endpoint detection and response, which is inspired by the need to be constantly monitoring and responding to evolving threats. Key features of such solutions include the presence of a central database to record endpoint activity and then analyse, detect and report on potential issues such as unusual processes or connections, as well as the capacity to respond to multiple threats at once to avoid being overwhelmed.
The large cybersecurity companies all offer capabilities in this area, with Crowdstrike’s Falcon endpoint protection, for instance, including threat hunting, threat intelligence and USB device control, while Malwarebytes says its endpoint detection and response solution detects from the cloud and automates threat protection, pointing security teams in the right direction to fix issues. Technology unicorn SentinelOne, meanwhile, bases its entire offering on an autonomous AI-powered endpoint protection platform - it’s rapid funding highlighting the technology industry’s interest in endpoint security.
Working from home
Just as cybersecurity professionals were getting used to the new methods, technologies and approaches to endpoint protection, the ongoing COVID-19 pandemic has thrown a spanner in the works, requiring in many cases the rapid spinning up of previously non-existent or neglected work-from-home protocols. Such a move has opened up new avenues of cyber threat exposure, including untested remote working technologies, increased activity on networks intended for customers and a generalised increased use of online services.
When working from home, employees might be tempted to bypass existing controls on access and processes that may require extra effort and take unsecured detours, potentially making their devices vulnerable, hence why aforementioned endpoint detection and response tools as well as virtual private networks have become a necessity for many organisations. According to McKinsey, the answer for cybersecurity professionals involves “focusing on critical operating needs, testing plans for managing security and technology risks, monitoring for new cyberthreats, and balancing protection with business continuity.”
It’s not just traditional endpoints such as PCs, laptops, phones and tablets that pose a threat to networks. With the internet of things finding purchase in many and varied industries, from manufacturing to restaurants and even people’s homes, their sometimes unsecured nature is proving a considerable headache for those interested in cybersecurity.
According to a report from EY, “IoT is actually [a] medium of interconnection for people — and because human communication is mediated by machines and is more and more indirect, there is a deeply rooted security problem with the possibility of impersonation, identity theft, hacking and, in general, cyber threats.”
It’s a problem that is only growing in scale. Last year, Gartner predicted there would be 5.8 billion enterprise and automotive IoT endpoints in use in 2020, up 21% from 2019, with utilities the biggest market, followed by government and building automation. What those three segments share is their highly essential nature.
“Overall, end users will need to prepare to address an environment where the business units will increasingly buy IoT-enabled assets without policies for support, data ownership or integration into existing business applications,” said Alfonso Velosa, research vice president at Gartner.
Endpoints, then, represent a highly changeable and fast evolving part of the cybersecurity landscape, as well as one of the most sensitive. With remote working and the inexorable march of IoT presenting new endpoint vulnerabilities, cybersecurity professionals have got their hands full ensuring that the devices we use to connect to networks don’t end up compromising them.