In today’s highly technical world, endpoint devices are everywhere. 61% of businesses have 1,000 or more endpoint users on their networks, according to a SANS Institute study. All of these are a critical part of daily business – and are huge targets to a wide range of cyberthreats.
This article covers which cyberthreats are the most common for endpoint users and provides 4 tips to help secure your endpoints.
Read it here to help ensure your business is safe from cyberattacks.
Endpoint devices, such as employee workstations, laptops, tablets, and smartphones, connect to and communicate with an organization’s network. Because they are intertwined within an organization, it often only takes successfully exploiting one endpoint for threat actors to carve a path through an organization’s network to cause harm.
As often is with cybersecurity, the best defense of endpoints is a good offense. This guide to securing your endpoints will highlight common threats and recommend best practices to improve your company’s security posture.
Why Prioritize Endpoint Security?
If you think of endpoints as entryways into your network, it’s clear that securing every endpoint against malicious actors is important or you could be leaving the back – or even front – door open to cybercriminals.
For those organizations offering flexible work options, the increase in mobile working and remote employees introduces greater security risks to endpoints. As users connect your company’s network and access business resources from off-premises devices or in the cloud, traditional network perimeter controls are no longer sufficient to protect your company’s information.
A recent study found that 68 percent of surveyed companies experienced one or more endpoint attacks that successfully compromised data and/or IT infrastructure. Cybercriminals and nation-states carry out increasingly sophisticated attacks on endpoints to:
- Access valuable assets, including trade secrets or intellectual property
- Exfiltrate data
- Disrupt important services
The financial and reputational impacts of cyberattacks make it imperative for companies to take a comprehensive approach to endpoint security and use effective measures that combat modern cyberthreats.
Endpoints Biggest Threats
While there are many different threats to endpoints, both internal and external, here are some of the most common.
Rarely a week goes by where we don’t see another major ransomware attack in the news. We often see cybercriminals attempt to compromise one or more endpoint devices and install malicious software that blocks access to those devices, exfiltrating sensitive data before encrypting endpoints to increase the likelihood of getting paid.
Ransomware attackers are constantly adapting their code, often by executing command lines on the victim host via the command line or through system utilities like PowerShell, so that the victim is unaware that they are being attacked. Another action of threat actors is to gain administrative access to endpoint security tools. By turning off any endpoint protection and alerting, cybercriminals can often move about freely without notifications of suspicious activity.
While ransomware may be the biggest newsmaker, it is just one type of malware that threatens endpoint devices. Other forms of malware include worms, trojans, and viruses, which can steal data, disrupt computing performance, or exploit systems to perform distributed denial-of-service attacks.
Several high-profile cyberattacks in recent times exploited unpatched vulnerabilities on endpoints, but one of the most infamous examples is the WannaCry ransomware attack. WannaCry ransomware exploited a security vulnerability in Windows systems, which provided easy access into many organizations. More recently, cybercriminals exploited a known vulnerability on the FortiOS SSL VPN web portal. While the vulnerability was discovered and fixed in 2019, hackers were still able to obtain credentials of 87,000 VPN users in this attack who did not apply the patch on their systems.
Unpatched vulnerabilities can exist in web browsers, cloud-based applications, system tools, software, and operating systems. They present significant security risks because hackers can easily target them with malware and take over endpoint devices containing the vulnerabilities. Despite IT teams’ efforts to stay on top of patching vulnerabilities, organizations that lack visibility into which critical assets have the greatest risk of exploitation still face significant challenges.
Fileless attacks piggyback on legitimate system tools and programs to infect an endpoint device. Some fileless attacks exploit system memory while others target vulnerabilities in browser-based software such as Flash. They often are hard to detect and can evade the typical antivirus programs installed on endpoint devices.
After compromising an endpoint device with a fileless attack, threat actors generally roam the device unnoticed and conduct reconnaissance to spread laterally through the network and infect more devices. Signature-based detection is still relevant, but multiple detection techniques are needed on endpoints to deal with fileless attacks.
Compromised User Accounts
Compromised user accounts can stem from both external and internal threats. In a common phishing attack, cybercriminals will craft convincing emails targeting employees in order to get them to disclose their login credentials or other sensitive data. Without adequate email security at the endpoint, looking for malicious links or alerting the receiver that the email is sent outside of their network, these phishing emails can bypass controls and fool an unsuspecting victim. Accidental credential disclosure provides an entry point into the corporate network where threat actors can steal sensitive data or disable threat detection functions.
User accounts may also be compromised by internal threats, such as disgruntled employees or rogue contractors. For organizations in the cloud, this poses an additional risk if access management isn’t properly set up and managed. Both internal threat actors can abuse access privileges from unsecured endpoints if the right precautions are not put in place.
Tips to Securing your Endpoints
Following some endpoint security best practices puts the foundations in place to protect your networks from the range of cyberthreats that inundate companies daily.
It’s critical to address security vulnerabilities on endpoint devices with a vulnerability management strategy. This is a vital part of keeping your networks secure and provides visibility into all the different endpoints on your network, so you can apply patches when necessary. All it takes is one laptop lacking a security patch to potentially put your sensitive data at risk.
Effective strategies should have the following characteristics:
- Broad coverage for different endpoint devices and operating systems that includes all devices in your organization
- An inventory and tracking process for all endpoint devices in your network, so you’ve got visibility of all potentially vulnerable endpoints
- A Risk-Based Vulnerability Management solution that helps you prioritize remediations based on the criticality of your assets and the level of risk each vulnerability poses
- The ability to automate patch management for easier and timelier updates
- Support for on-premises and cloud-based applications
Endpoint Security Tools
Relying on legacy signature-based antivirus tools alone for endpoint security is not prudent in the modern threat landscape. Companies should use a range of endpoint security tools to bolster defenses against the main endpoint threats they face. These tools can include email security solutions, traditional antivirus solutions, and or a more complete endpoint security tool, such as an Endpoint Protection Platform (EPP) or Endpoint Detection and Response (EDR) solutions. With more and more endpoints accessing the cloud, organizations also need to remember to have tools in place that can monitor this activity, such as a cloud access security broker (CASB).
By combining point solutions that address specific aspects of endpoint security with dedicated solutions that centralize the management of endpoint security across all devices on your network, or selecting a comprehensive endpoint security tool, you have better coverage of your endpoints and network.
One of the best ways to keep your endpoints secure is by improving employee awareness of cyberthreats and how to spot them. Ongoing training and education provide the knowledge needed to practice good cyber hygiene. It’s important to bear in mind that employees don’t need technical security knowledge in order to be conscious of endpoint threats. The fundamental cyber education should cover the following points:
- Knowing the signs of phishing emails and reporting it accurately
- Informing the right people of any potential cyber incidents
- Choosing strong passwords and changing passwords regularly
- Installing software updates swiftly when prompted
Many of these rules cannot only be taught to all employees, to increase their cyber awareness, but can also be enforced by company policies such as having requirements in place around password setting for company accounts.
Detection and Response
While endpoint security tools can help to mitigate different endpoint threats, it’s also important to have a detection and response strategy in place. Early detection and swift response are the best way to catch attacks early and minimize damage. This can be done by creating and deploying a coherent detection and discovery strategy, with use cases that are specifically looking for possible occurrences of potential threat activity and having a team monitoring for alerts 24/7. It is critical that alerts from endpoint tools be quickly investigated and validated.
For organizations that don’t have the resources internally to manage this, outsourcing to a managed detection and response service provider often proves to be a valuable investment. It is a great way to gain continuous coverage and added protection, while extending your internal IT team. Service providers can leverage existing staff with expertise in next-generation endpoint software to operationalize protection more quickly.
Endpoint security must be a priority for businesses of all sizes. Protecting your network from malicious activity at the endpoints depends on the interplay between the right people, processes and technology. Knowing about the threats and implementing these endpoint security best practices will better prepare you for inevitable attacks.