How to protect your business from endpoint attacks
Too many businesses approach security by countering yesterday’s threats today. True, the network, the server and the data centre will always be targets for attack, but hackers have learnt that there are better ways to get to them than the direct approach – ways that make use of more vulnerable points of entry. And while many organisations continue to focus their defences on the perimeter, cyber-criminals increasingly look to bypass it entirely, attacking endpoint devices and then using them as an entry point to spread across the network.
Some of these attacks focus on well-established, well-protected targets, particularly business-owned laptops and desktop PCs. However, the most dangerous are aimed at devices that many businesses might not even consider to be a target, and where there isn’t the same level of protection. In the words of G.W. Davidson in a recent SANS Institute White Paper, ‘Even as the network becomes more complex and varied, security and IT professionals have recognized that widely used devices, such as printers, physical security systems, HVAC [heating, ventilation and air conditioning] control systems and point-of-sale devices, represent vulnerable potential attack surfaces.’ In the war between business and cyber-criminal gangs, these devices are the new frontline.
Endpoints under threat
There’s no doubt that IoT devices can pose real opportunities for businesses, helping them improve their processes and reduce operating costs, but they also open up new vulnerabilities for hackers to exploit. In March 2018 Symantec noted that attacks on IoT devices had increased by 600% between 2016 and 2017. Many such attacks have targeted consumer devices, including webcams, home routers, digital video recorders and baby monitors, but as use of IoT devices spreads into business, more and more companies could be affected. A recent report by the Ponemon Institute suggests that while the number of IoT devices in the workplace is increasing significantly, practices for securing and managing those devices aren’t maturing at the same rate. In fact, 56% of those surveyed didn’t even keep an inventory, mostly due to a lack of centralised control.
And IoT devices aren’t the only vulnerable endpoints that companies routinely ignore. As Davidson explains in the SANS Institute White Paper, ‘in the 2016 report, a common networked device – the printer – was the least likely to be covered under an organization’s security management program, and the results did not change significantly in the 2017 report. Considering the ubiquity of printers, this can represent a large vulnerability for an organization and deserves attention.’
The growth of BYOD devices in the workplace is another cause for concern. A May 2018 study by the SME card payment services company, Paymentsense, found that companies that introduced a BYOD policy were more likely to have experienced a security incident since introduction, and that the likelihood increased with the size of the company, from just 14% in businesses with 1-10 employees to 70% for businesses with 11 to 50 workers and 94% for businesses with 100 to 250 staff. The 2018 Cyber Security Breaches Survey from the UK government’s Department for Digital, Culture, Media and Sport came to similar conclusions. Left improperly or totally unmanaged, user-owned laptops, tablets and smartphones are giving hackers a new way inside.
The issue with all these endpoints isn’t just that they give cyber-criminals access to the information held within, but a secret gateway into the company network they can use for additional attacks. As another SANS Institute report, Endpoint Protection Response: A SANS survey, puts it, in a discussion of the most frequently compromised endpoints, ‘in most cases more than one endpoint is involved, indicating that once an attacker gains a foothold, compromise of other assets is likely to follow due to lateral movement.’
The problem with the old approach
This ties into a wider problem: that many of the existing security provisions are no longer effective. A bigger, stronger wall at the perimeter will no longer fend off attacks that target the endpoints themselves and then move laterally. In fact, phishing attacks and other forms of targeted attacks are designed to do exactly this. Anti-virus products, meanwhile, are struggling to keep up with the rapid development of malware, not to mention the growth of file-less attacks; malware that resides in memory without ever appearing on a drive.
The SANS survey explains that only 47% of the attacks detailed by respondents were detected through anti-virus, with 32% detected through automated SIEM alerts and network analysis, and another 26% detected through EDR (endpoint detection and response) platforms. For too many companies, the time between spotting an attack and remediation is still measured in hours or even days and ‘with infections spreading across endpoints in minutes, this is a lengthy window for attackers.’
Solving the endpoint equation
What can organisations do? Part of the answer lies in developing and making effective use of automated EDR platforms and attack behaviour modelling, using AI and Machine Learning to accelerate detection and remediation. Companies need both the budget to procure new security technology and the resources to implement them, but this is a long-term play. Businesses need solutions right now.
Simple, practical measures would include a stronger upgrade and patching policy that addresses the full range of devices, including IoT devices and printers. Here robust printer management and security tools, like HP JetAdmin and HP JetAdvantage Security Manager can help, enabling companies to establish a single security policy and apply it across the entire printer fleet.
Training is another effective option. The more informed workers are about malicious apps, malicious websites, phishing and other risks, the less chance there is of attacks creeping through. In fact, workers trained to spot and report strange device behaviour can provide crucial early warning signs. End-users may need help to secure their BYOD devices, and information on why they shouldn’t disable security on business devices, even when it seems an inconvenience. But with the right training and policies in place, you can turn end-users from a major vulnerability into the first line of defence.
Most importantly, though, companies can choose and purchase devices where security comes built-in. These devices are designed to be resilient, so that attacks are shrugged off and those responsible denied their foothold. For example, HP PCs and printers incorporate SureStart technologies, that ensure the device’s BIOS hasn’t been tampered with by malware, and enable it to self-heal if a compromise is detected. They also have intrusion detection, to monitor the device and warn of any attacks, plus built-in encryption to protect any data at rest on the device. HP PCs also add secure browsing technology, SureClick, designed to prevent workers from clicking on a link in an email and being sent to a malicious website or downloading malicious software. Meanwhile, hardened, multi-factor authentication makes it substantially more difficult for hackers to steal credentials and take over endpoints that way.
A more secure PC and printer fleet won’t fix vulnerabilities affecting IoT devices or applications, but it gives IT teams more time and space to monitor, manage and update these more vulnerable endpoints. In today’s hostile threat landscape, they need all the help they can get.