Compromised endpoint devices such as laptops, tablets, mobile phones and printers have become primary access points for cybercriminals attempting to infiltrate networks. More than two-thirds of IT security professionals say their organizations have experienced one or more endpoint attacks that successfully compromised their data and infrastructure, according to research from the Ponemon Institute.
Such attacks have increased in frequency and sophistication over the past two years. With the shift to remote work in 2020, mass numbers of work-from-home employees began accessing corporate systems using personal, consumer-grade devices that lack the security features of business-class technologies. That opened the door to ransomware, phishing and malware attacks, along with many other vulnerability exploits.
Considering a single successful endpoint attack can cost an organization nearly $9 million in mitigation costs, downtime and lost productivity, it’s clear that endpoint security is a business imperative. Unfortunately, few organizations have the right tools to thwart such attacks. In a recent endpoint security survey from Cybersecurity Insiders, cybersecurity pros estimated that their current systems can only stop about 25 percent of advanced endpoint attacks.
What’s Going On?
In many cases, organizations still rely on legacy security measures that don’t address the realities of today’s threat landscape or the rapidly growing endpoint environment.
Remote work has forced most organizations to support far more endpoint devices than they once did. One recent study found that organizations support an average of 750 network-connected devices — although larger enterprises may have hundreds of thousands. Nearly a third of the respondents admitted they don’t know how many endpoints they have.
Poor visibility into the endpoint environment makes it nearly impossible for resource-strapped IT teams to monitor, update and secure every endpoint. Patching devices belonging to mobile and remote employees is particularly problematic. According to a Ponemon study, up to 60 percent of all breaches involve unpatched endpoint devices.
Outdated security measures also create risk. Antivirus and antimalware software remain among the most common endpoint security measures in use, but these solutions miss more than half of all endpoint attacks. That’s because they largely depend on signature- and rules-based defenses that search for known patterns that have been previously identified as malware. Today’s advanced malware variants rarely have any of those traditional characteristics.
Fileless malware attacks are particularly troublesome for antivirus and antimalware software. Instead of installing malware on an endpoint device, these attacks inject malicious code into legitimate programs. Once executed, the code exploits scripting frameworks such as PowerShell to spread laterally through the network, infecting multiple machines. It performs reconnaissance, collects sensitive information, then disappears without a trace when the infected computer is rebooted.
Next-Generation Solutions
The first step in improving endpoint security is improving visibility. A thorough asset inventory will determine how many endpoints are in use, how they are being used and whether they are being adequately protected. Next-generation endpoint detection and response (EDR) solutions simplify the process through automation, rapidly collecting data to produce accurate inventories within minutes.
More importantly, the latest EDR solutions leverage artificial intelligence to dramatically improve threat detection. Using advanced behavioral analysis and machine-learning algorithms, EDR solutions can “learn” to identify malicious files by their unique tactics, techniques and procedures (TTPs) and take more proactive steps to block them.
Additionally, all TTP information about threats is recorded in a central database for further analysis and investigation. Organizations can then use that data to actively hunt for similar threats that might be sitting undetected in the network.
Remote work is here to stay, which means organizations must make endpoint protection a top security priority. Contact us to learn more about emerging endpoint threats and the strategies for minimizing your risk.
