The COVID-19 pandemic has forced businesses to operate remotely. While working from home is becoming the new normal, the drastic change in the SOPs of businesses has paved a way for the inception of additional cyberthreats. And the need for endpoint security has never been more important.
By Pooja Tikekar, Feature Writer at CISO MAG
Endpoints or end-user devices such as desktops, laptops, smartphones, tablets, and Internet of Things (IoT) devices (like smart home appliances) are playing a significant role in communicating back and forth during the current work from home (WFH) scenario. But how secure are these devices?
Myriad Security Challenges Posed by Endpoint Devices
1. Unsecured Wireless Access Point (WAP)
Before the outbreak of the COVID-19 pandemic, employees working out of public co-working spaces such as cafes, hotel lobbies, railway stations, and malls used “public Wi-Fi” connections. The word “public” encourages a stampede of cyberthreats as Wi-Fi is free and lacks encryption of data. However, today, home private networks are just as vulnerable due to the increased adoption of Bring Your Own Devices (BYOD) and WFH infrastructure. According to a survey conducted by access management solutions provider CyberArk, 77% of remote workers have been using unmanaged, insecure endpoint devices to access corporate systems.
2. Data Breach
Remote employees may risk-sensitive corporate data by uploading it on public cloud or unsecured home networks. This is an open invitation to opportunist hackers to easily access, steal, or misconfigure the data left open or visible without strict in-network cybersecurity. A study conducted by global intelligence firm IDC revealed that nearly 80% of the companies surveyed experienced at least one cloud data breach in the past 18 months, and nearly half (43%) reported 10 or more breaches.
3. IoT Incursions
Internet of Things (IoT) has leveraged how we operate and optimize operations in real-time, however it also opened new avenues for security incursions through hardware, software, cloud, and enterprise networks. Gartner’s 2019 research forecast a 21% increase in the enterprise and automotive Internet of Things (IoT) market in 2020 (totaling to 5.8 billion endpoints). Considering the number, IoT endpoints are potential targets if they are deployed outside standard IT security perimeters.
4. Malware and Phishing
Hackers are using social engineering tools to formulate phishing emails in the name of the World Health Organization (WHO) and other regulatory bodies to lure end-users into opening documents with embedded links that result in malware and ransomware attacks. According to Beazley Breach Response (BBR) Services, Q1 2020 witnessed a 25% surge in ransomware attacks, compared to Q4 2019.
Some of the rampant ransomware that bypass endpoint security in the name of COVID-19 include:
- CovidLock
- Dharma (CrySIS)
- Emotet
- Maze
- REvil
- NetWalker
In light of the current pandemic, the enterprise network perimeter is replaced with endpoint networks to conduct business using mobile devices. Although traditional antivirus software is central to endpoint security, it is not always enough. Every entry point needs additional protection to authorize control over access points and prevent attack vectors.
Endpoint Risk Mitigation Measures
Since endpoint threats are fileless, organizations need to strategize adequate and effective security solutions. Some of the key measures of endpoint management include:
1. Endpoint Visibility
It is advisable that businesses allow only those devices that are approved to connect to their networks. Endpoint detection gives an upper hand over advanced or unknown threats, analyze vulnerability, and come up with patching solutions. Corporates must audit their endpoints (perimeter) and ensure that they have complete visibility of all endpoints on their network. Revoke access to unauthorized endpoints and back this with a clear security policy.
2. Scrap Unnecessary Data
Scrapping or deleting unnecessary data and uninstalling Potentially Unwanted Applications (PUAs) from endpoints will free up excessive memory and prevent security risks. PUAs installed on endpoint devices may collect information without the user’s consent and display excessive advertisement popups interrupting the smooth functioning of the device.
3. Routine Patch Management
Businesses need to set up routine patches to address issues concerning operating systems and out-of-date certifications and licenses. Having a structured and proactive patch management program lessens system outages. IT governance should include patch management and OS or Windows updates on endpoint devices.
4. Device Control
Blocking or disabling USB ports, DVDs, or access to any other form of external media helps protect endpoint devices against malware. Device control must be a mandatory administrative policy for a company’s cybersecure environment.
5. Virtual Private Networks (VPNs)
Having a VPN technology in place offers end users safe remote access to corporate networks and data safety can be ensured through multi-factor authentication (MFA). Enabling MFA or 2FA for all internal applications and corporate virtual private networks (VPNs) prevents identity theft because an employee’s device is a treasure chest for threat actors.
6. Virtual Desktop Infrastructure (VDI)
Another solution is to switch from standalone desktops and laptops to virtual desktops. VDIs live within virtual machines (VMs) on a centralized server and are accessed over a network with an endpoint device or “thin” client such as a tablet or Chromebook. Since VDI computing takes place on a secure host server, endpoint devices are less likely at risk.
Conclusion
Building a secure endpoint ecosystem is the need of the hour. Hackers want to compromise any and every device because cybercrime is a booming business to siphon billions. As wireless endpoint devices inch closer to acting as corporate infrastructure in the current remote work scenario, debunking the myth that wireless hijacking cannot be done across remote geographic locations becomes more critical.
About the Author
Pooja Tikekar is a Feature Writer, and part of the editorial team at CISO MAG. She writes news and feature stories on cybersecurity trends.