Endpoint Devices Continue to Increase
Among the many aftereffects of the COVID-19 pandemic, endpoint device use increased substantially. In a recent study by Absolute, 76% of IT security decision-makers confirmed their organization witnessed an increase. That expansion in devices escalates the need for better endpoint security to mitigate cyber risks.
Mobile devices, for instance, comprise 60% of an organization’s endpoints today. With so many devices in play, visibility becomes problematic.
Cybersecurity Insiders, for example, found that 60% of organizations are aware of fewer than 75% of the devices on their network. Only 58% of organizations said they could identify every vulnerable asset in their organization within 24 hours of a critical exploit – nine percent indicated it would take a week or more.
Today, more sensitive data resides on devices than ever before. On average, 73% of endpoints contain sensitive data. However, almost a quarter of those devices present unhealthy encryption controls relating to antivirus, client management, encryption, or VPN. In addition, many of those devices have vulnerabilities that have gone unaddressed.
The average enterprise organization runs 96 unique applications per device, including 13 mission-critical applications, apart from sensitive data. The good news is that the average number of security applications per device has increased to nearly 12, with antivirus and encryption universally deployed. At least one endpoint management control is included as well (see below).
Despite the overriding presence of security controls, though, any endpoint device with compromised security controls widens your attack surface. The lack of visibility and endpoint complexity exacerbates your risks. These factors expose organizations to more significant security risks, often unknowingly.
Endpoint Protection Challenges and Risks
As mentioned, the complexity of endpoint security presents an array of challenges and risks to any sized business. Let’s start with the fact that endpoint devices are inherently susceptible to ransomware, cryptojacking, phishing, and firmware exploits.
Apart from their susceptibility, endpoint devices present other challenges:
Number of Endpoints: The sheer number of potential endpoints creates one obvious challenge for organizations. For one, estimates reflect there will be 46 billion IoT devices globally this year. For another, organizations must identify each of those devices to implement appropriate security practices.
Even with device identification, a software update, for example, may only be supported by a percentage of endpoint devices, many times as little as 30%. And that number continues to decline as more and more IoT devices come into play.
Moreover, in some instances, a software update could void a certification. For example, a software update on a medical device might void an FDA certification.
Policy Controls: Endpoint security requires strong policy creation and control. That means managing precisely how endpoint devices get managed and updated and how they connect to a network. Without rules, your security can morph into something from the wild, wild West, particularly as more end-users connect to your network with their devices.
Shadow IT, the installation of hardware or software without IT sanction expands your attack area. It ranges from unauthorized messaging apps to unapproved applications. IoT devices increase the likelihood of ShadowIT.
Outdated Software: The more endpoints devices in your organization, the more you’ll require patching to avoid vulnerabilities. And the more patching required, the more you need to invest in automated solutions. Otherwise, your IT team will quickly become overwhelmed if manual updates are required.
Dispersed Workforce: The days of having your employees contained with the same four walls are gone for many companies. Today’s workforce is distributed, with many employees working from a home office.
Those dispersed workers often access your network using hotspots or even a Wi-Fi connection from a local coffee shop. These remote connections present a field day for hackers and man-in-the-middle attacks. An endpoint device lacking appropriate security opens the door to a malware injection that could move laterally within your network through the endpoint device.
Theft: Endpoint protection requires physical security. Stolen devices, for example, account for 39% of data breaches. A lost or stolen device not only presents the threat of data theft from the local machine but could expose passwords that open the door to your corporate network.
7 Endpoint Security Best Practices
In light of the challenges, your organization must begin to enact endpoint security best practices. Here are some to keep in mind:
- Improve Endpoint Visibility
You can’t protect what you don’t know. So, start with an inventory audit of all endpoint devices. You need to understand what devices connect to your network, what they access, and what they do. Without a complete list of devices, you’ll never be able to secure your network fully.
Visibility extends to device profiling. Determine which servers and applications they connect to and what data they share and collect. It’s also best to document software updates on the devices and their frequency. In addition, capture an understanding of the security risks each device presents.
2. Manage Updates
Automate a schedule for pushing patches and software updates to endpoint devices.
3. Deploy Endpoint Detection and Response
Antivirus software and encryption serve only as an entry point for endpoint security. Even though next-generation antivirus detects known threats, it lacks the sophistication for advanced threats.
That’s where endpoint detection and response (EDR) becomes a necessity as it identifies behaviors and footprints commonly associated with compromises and provides alerts in a potential compromise. EDR provides console alerting, reporting, incident response, and expanded location coverage. It also enables third-party integration.
You’ll need to implement another solution for employee-owned devices, such as installing an agent on their devices or requiring VPN access for company assets.
4. Implement a Zero-Trust Architecture
We managed policy controls earlier. A zero-trust architecture ensures that because it controls your organization’s security policies centrally. As a result, endpoint assessments occur continually against standard device configurations, access requests, privileges, and access rights. Employees gain network and application access using the principle of least privilege.
Your zero-trust architecture should include multi-factor authentication and security information and event management (SIEM). SIEM centralizes documentation for monitoring and compliance. It also predicts security events by identifying vulnerabilities.
Zero-trust architectures often incorporate network segmentation for improved security and performance.
5. Secure IoT Devices
IoT security best practices include following a security framework like NIST Interagency/Internal Report 8259 and changing all default device passwords. In addition, make sure you run IoT device audits frequently. Unknown devices should get blocked by default until establishing the legitimacy of the device.
In addition to the above, implement a system hardening standard that provides benchmarks for devices and operating systems.
6. Train Employees
It’s a known fact. Employees represent your weakest link in the security chain. A Ponemon study, for example, found 81% of security professionals cited careless employees that fail to adhere to security policies as the most considerable challenge in minimizing endpoint risk. Cybercriminals know that – that’s why they routinely target your employees with social engineering attacks like phishing, smishing, and other scams.
Educate your employees on basic security practices like using strong passwords. At the same time, conduct cyber awareness training to alert them to the signs of email scams.
Equally important, make sure you promote a culture of security within your organization. The more lax your security posture, the more prone you’ll be to cyber threats.
7. Plan for Recovery
Even best practices fall prey to hackers. So, plan for that event. Make sure you have a business continuity and disaster recovery plan. A BCDR plan maps out your recovery in the event of a data breach and speeds your time to recovery.
Are You Comfortable Your Endpoints Are Safe?
Endpoint security presents a challenge to even the most prepared organizations. If you’re a small to medium-sized business, the task can be overwhelming.
We focus our IT solutions on SMBs throughout Pennsylvania, Delaware, and Maryland. Our cybersecurity services include endpoint detection and response to expose potential threats to your network.
If you have concerns about your endpoint security and are looking for an IT company near you to help resolve them, get in touch. We’ll start with a FREE vulnerability assessment to discover your points of attack.