What’s scarier than the Batman’s Joker or Dr. Who’s Daleks? Getting hacked. But even for the brightest IT gurus, endpoint protection is stupid hard. Protecting your computers, laptops, smartphones, tablets, and point-of-sale (PoS) systems against a changing threat vector requires a delicate balance of technology, users, and defence mechanisms.
The Ponemon Institute’s recent “2016 State of the Endpoint Report” revealed that throughout the past five years, the endpoint security threat landscape has gotten a lot more complex. IT gurus are not only facing more intense attacks on their endpoint devices, but they’re also having to explore different methods of protection with tight resources. Join us as we dive into some of the latest research on endpoint risks and trends, and how to (really) protect your network in the year to come.
1. Lock down your users
For 81 percent of IT pros, negligent users are the biggest source of risk, the Ponemon report says. Other challenges include increased adoption of mobile among employees, adoption of commercial cloud applications, BYOD, and stealthy malware. Your people are the greatest variable in endpoint protection. But is the answer really just more awareness training?
TechTarget points out that you can’t hold your people accountable for what they don’t know. More hands-on training on how to detect potentially malicious apps or hotspots could be the wisest use of your time and budget. Teach them to talk the talk and better understand the importance of mobile security.
2. Stand prepared for smarter threats
Card skimming? SQL injections? Maybe in your dreams. For endpoint-focused cybercriminals, the preferred methods of attack are zero-day malware, distributed denial of service (DDoS), and ransomware. In recent news, the widespread release of zero-day “Trident” successfully wormed its way through the Apple iOS’s relatively tight security to allow an Israeli-based crime group to spy on iPhone users.
Unfortunately, as researcher David Hammarberg has discovered, pure signature-based detection methods like antivirus or anti-malware are rarely the right defence against zero-days and other advanced threats. Instead, organizations should shift toward a model of immediate detection, isolation, and prevention.
Ponemon notes that for 95 percent of organizations, the general attitude toward attacks has changed. Instead of a prevention-based model, companies are more focused on “detect [and] respond.” This is occurring alongside a move to adopt integrated endpoint security suites, which often include real-time vulnerability scanning.
Does this shift in attitude mean that off-the-shelf security tools aren’t moving as fast as cybercrime collectives? Not necessarily. For many organizations, investing in real-time detection can yield a greater return-on-investment than prevention tools that may not recognize zero-day malware. Constant endpoint monitoring could be the best way to take educated action against unprecedented threats.
3. Existing vulnerabilities aren’t as risky
Existing software exploits have become less common. Just 32 percent of the most serious incidents or compromises involved software vulnerabilities that were less than three months old, Ponemon found. While this certainly doesn’t mean you should stop patching stuff, it could have some wisdom for how you direct your limited security resources. You may choose to advocate for the policy-based administration of automated vulnerability management, while focusing your manual efforts on monitoring your end points.
4. Mobile devices equal malware
According to the Ponemon report, 80 percent of organizations believe their mobile endpoints have been targeted by malware in the past 12 months, and ITProPortal reports that mobile malware has seen a 50 percent spike in recent months. An estimated 6.9 percent of business mobile users encounter risky streaming, websites, or hotspots each day, with analysts speculating that a lifestyle of constant connectivity can lull users into a false sense of security, according to Kaspersky Labs.
A hybrid approach to security, technology, and education may be most effective when it comes to taking mobile malware threats seriously. Mobile device management (MDM) technologies, containerization, VPNs, and frequent updates can all diminish your organization’s chances of catching a worm. Monitoring your mobile devices, laptops, printers and other end points constantly can let you catch persistent malware as soon as possible.
5. Fighting for resources is (unfortunately) normal
While you might lay awake at night worrying about endpoint threats, your CFO might need more convincing. Ponemon’s research reveals that just 36 percent of organizations feel they have enough budget to protect their endpoints. For 69 percent, it’s a struggle to keep up with employee demand for support and mobile connectivity.
In a recent round table on IT budgetary woes, Motorola CISO Bill Boni recommended that organizations take a broader look at presenting their case for more endpoint security resources. Boni told TechTarget, “You have to recognize the opportunity for significant gains in efficiency, effectiveness, and cost reductions.” By presenting the case to the board about where to automate—not to mention where to hire and invest—you may unlock more support for broad risk management.
The results of the latest research on endpoint protection indicate that today’s average IT pro is pretty much resigned to mobile malware, zero-day attacks, and other risks in the year to come. However, that’s not necessarily a bad thing. At the crux of limited resources, more moving and mobile pieces, and more sophisticated threats, the smartest move may be to anticipate an attack. Instead of planning to rely on your firewalls and antivirus software, a detection and remediation-based model can allow you to isolate and destroy threats.