How strong endpoint security can prevent cyberattacks
Businesses with dispersed and on-the-move employees are struggling to strike a difficult balance between the benefits of remote working and the security risks it creates. Security software designed to protect data at risk is nullified if it can be removed. To achieve their own stringent security aims while satisfying the demands of increasingly tight and punitive regulation, companies need a more persistent security solution.
Many organizations consider it to be only a matter of time before they fall victim to a cyberattack. PwC's 2016 Economic Crime Survey revealed that over half of responding UK organizations consider it likely they’ll suffer from cybercrime in the next two years. The prevalence of cybercrime makes detection and response capabilities critical in business today.
Changing work patterns challenge security
The challenge that companies face is made harder still by the risks created by the modern work environment. Data, and the applications that process it are no longer contained within physical walls. It sits with partner companies, on employee laptops and can be accessed from all manner of mobile devices.
In fact, the modern mobile workforce smashes through the traditional enterprise perimeter, making data more vulnerable. In the UK alone, over four million people work from home and then there's the countless mass of office-based employees who spend time in locations other than their main place of work.
Mobile and remote working provides considerable benefits to business, but it also causes a considerable headache for information security. Corporate data can now be accessed from any location, at any time including by employees working from multiple endpoints that include mobile.
Add to this employee own-use and the situation becomes even more serious. Alarmingly, 67 percent of responding US enterprises are unable to detect employee use of insecure mobile devices, according to a Ponemon Institute study.
It’s clear that endpoint vulnerabilities have changed. Organizations need to therefore adapt their security provisions if they’re to stand up to today’s persistent and well-equipped cybercriminals.
This security shift begins with ensuring complete visibility into endpoint assets at all times so that any suspicious activity can be detected and action taken.
Systems of security maintenance that rely on individuals to accept (at the very least to not disable) security updates have to be overhauled. Devices can be off network for some considerable time, making them unavailable to the updating process.
The upshot of this is that information security and IT cannot say with absolute certainty at any point in time that all devices have security and anti-virus measures installed and that they are 100 percent up to date.
Even when security solutions, such as encryption and anti-virus and asset management are in place they can be deliberately uninstalled by malicious users. This not only leaves businesses open to security risks, it can also render them non-compliant with internal and external regulations such as the EU’s General Data Protection Regulation (GDPR).
Self-healing, secure endpoints
Organizations cannot afford devices to "go dark." They need to maintain a constant connection, whether devices are on or off the corporate network, to stop them becoming the gateway to a damaging breach.
They need to be able to track devices, detect suspicious and unauthorized behavior and remotely disable or delete data if necessary. Without this sort of protection, if data falls into the wrong hands, encryption and anti-virus protection can be uninstalled, data accessed and devices re-set leaving companies helpless to act.
Proactive, automated self-healing endpoints thwart attempts to disable, disarm or uninstall encryption or anti-virus protection. Through a persistent connection to each endpoint, the company keeps control of its data.
If an attempt is made to uninstall critical security measures, the device can "self-heal" -- it will put the security back on.
Add to this security patch management that ensures updates aren't ignored, and companies can know their security is fully up to date across all assets and provide the reports to prove it.
Prevention and cure
Rigorously enforced regulation increases the pressure on companies to leave nothing to chance. Prevention is the mainstay of IT security but, in the event that the worst does happen, gold standard security has to be in place to recover the situation.
The EU’s GDPR is a case in point. From its go-live next year, companies face tough reporting requirements (within 72 hours for a breach), more responsibility for data security and hefty fines for non-compliance.
The regulators are responding to changes they see in the work environment and an increase in the volume and sensitivity of personal data held by companies on servers and devices both inside and outside their organizations.
They expect companies to also recognize these influencing factors and to take appropriate measures to safeguard data accordingly. Any company suffering a breach will therefore want to be able to demonstrate it did everything in its power to protect data.
With persistent security technology, companies know that data is protected by critical security measures (such as encryption) because any time an attempt is made to remove them, the protection is put right back on. It is secure and relentless and gives companies back control over their data, even when devices with access to that data are compromised. It follows that protecting all devices with persistent security proactively mitigates against unauthorized data access.
Security patch management meanwhile, takes away guesswork and restores version control. Through it, companies gain total certainty that security measures are installed and up-to-date on all devices.
Organizations with an increasing number of endpoints have to take action to better protect data. This includes putting in place a watertight system for guaranteeing that security installs and updates happen and the ability to render data inviolable in the event of a device being compromised.
They need this to not only preserve their own position and protect customers, suppliers and other stakeholders, but also to comply with increasingly strict regulation, particularly when it comes to visibility, accountability and reporting.
Richard Henderson is the global security strategist at Absolute, where he is responsible for trend-spotting, industry-watching and idea-creating. He has nearly two decades of experience and involvement in the global hacker community.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.