By Anas Baig, product manager and cyber security expert with Securiti.
Doing business in the public sphere leaves entities open to malicious attacks. A study conducted by the Ponemon Institute highlights how almost 70% of organizations have been affected by malicious attacks at least once. Many of those companies suffered more than one incident. Ransomware attacks were the most damaging, but other attacks such as theft, phishing, and malicious insider acts also presented challenges.
Worse yet, the costs of these attacks are increasing. In a 2022 report, IBM estimated that each breach cost companies an average of $4.35M, worldwide. The figure is even higher for U.S. companies. Implementing, maintaining, and expanding endpoint security is crucial in minimizing such risks.
Endpoint security concerns in the modern workplace
Focusing on security for conventional endpoints like servers or PCs is a long-standing practice. However, the scope and diversity of newly connected devices present fresh challenges.
The influx of smartphones based on different operating systems contribute to expanding attack areas. However, businesses are likely to implement security measures for such devices and for iPads or Tablets.
But smartwatches or the myriad sensors and gadgets associated with the IoT don’t always receive similar security triage. It takes very little for things to go wrong when a smart light or a gadget that an employee has brought in gains unrestricted network access.
COVID-19 further complicated things. After employers implemented work-from-home policies, the tectonic technology shift presented a host of new security challenges.
Tackling endpoint security challenges
Security threats are evolving, and so are the methods employed to mitigate or prevent them.
For example, traditional antivirus software isn’t enough protection anymore. Since it can only cover a single endpoint, it’s limited. AV software must also compare an internal database to one its creator maintains. Over 500,000 new malware threats emerge daily and outdated security methods yield poor results.
The newest generation of antivirus software incorporates AI and machine learning. It leverages these tools to rapidly detect patterns and expand search parameters. This highly adaptable approach ensures a much better threat response. It doesn’t eliminate an antivirus’s localized effectiveness, though.
The power of EPP and EDR
Ideally, security solutions should identify and prevent threats before reaching an endpoint.
Endpoint Protection Platforms (EPPs) strive to do just that. They’re overarching multi-layer security packages. The tools that they provide include intrusion and data loss prevention, encryption, and real-time antivirus scans. EPPs tap into the cloud to access updated threat databases and intelligence. As there’s no local bloat to bog down a client’s hardware. Such a service is lightweight and easily scales.
EPPs allow administrators to track all connected endpoints and detect emerging threats. No platform is flawless, so supplementing an EPP with EDR or Endpoint Detection and Response is the norm.
EDRs take effect once a system is already compromised. Malware may mask the signature an EPP’s antivirus component can recognize. The intended behavior isn’t as easy to change, though.
EDRs look at what suspicious files are doing and compare that to known threat patterns. The file might have infiltrated an endpoint, but the damage can be preventable. EDRs can quarantine that file or the endpoint before encryption or other harm occurs.
Focusing on endpoints reduces risk significantly, yet it isn’t the final step. Extended Detection and Response (XDR) is a complementary SaaS-based tool that collects data from a company’s cloud services, firewalls, etc.
AI then examines the resulting telemetry. It can either execute a response or help security teams implement one manually.
Proactive protection through best practices
Breaches are less common and easier to contain if you run a tight ship. A company’s leadership should put an endpoint protection policy into practice. Here are a handful of methods that any company can implement.
- Password management: Have your employees use strong passwords and rotate them often. Better yet, consider using professional password management software. It can automate the process and eliminate user error or forgetfulness.
- User access through zero trust: Switch to a zero trust policy, as it ensures endpoint users access data based on their clearance and credentials.
- Individual device safety: Always know the physical presence of all connected devices. Their encryption and antivirus software should be active and up-to-date.
- Prevention and IT hygiene: Create a constraint for devices to request approval before they connect to the system. Remove existing software or extensions that don’t comply with the new policy.
- Cloud storage: Using encrypted cloud storage enhances endpoint security by providing a secure and centralized location for data storage, reducing the risk of data loss or theft from individual devices.
Endpoints can be vulnerable gateways into a company’s otherwise robust security chain. The increasing number and variety of devices becoming part of company networks only exacerbate the issue. However, remaining aware of the problem and proactively taking steps to secure all endpoints takes the sting out of such threats.
More from Anas Baig here. Want to stay up-to-date with trends in technology? Check out the CyberTalk.org newsletter! Sign up today to receive top-notch news articles, best practices and expert analyses; delivered straight to your inbox.