Dave Henderson, co-founder of cybersecurity specialist, BlueFort, will give best practice advice to help organisations identify and deploy the strategies and tools needed to not only detect anomalies on all endpoints but then continually re-assess and adjust those strategies to keep up with the influx of unmanaged devices coming onto an organisation’s network.
March 2021 marks one year since the beginning of what has been called the most widespread remote working experiment in history. The pandemic has undoubtedly taught organisations to rethink their perspective on many things – from business continuity to employee wellbeing – but one thing is certain: the cybersecurity threat landscape has changed immeasurably over the last year.
From an endpoint security perspective, the pandemic and resulting shift to remote working both exacerbated and highlighted a challenge already facing most organisations. Enterprise-deployed Internet of things (IoT) devices were already predicted to reach 5.8 billion devices in 2020 and, according to research from F-Secure, already both a top concern and a top driver of internet attack traffic. With employees now working from home, the corporate network extends far beyond the four walls of the office – to people’s homes, personal networks and consumer IoT devices.
You are the weakest link
Organisations are only as strong as their weakest link. In the current remote working environment, how many can say with confidence they know exactly what devices are connected to their corporate data repositories and networks? For organisations not already versed in home working, laptop shortages at the start of the pandemic forced many IT teams to take a more lenient approach to the devices employees were using to connect to the corporate network from home. And, while personal laptops and tablets present a significant risk on their own, the wider threat stems from consumer IoT devices connected to the home network. As the pandemic began to materialise in January 2020, Aviva estimated the average UK home had 10.3 – or a total of more than 286 million – internet-enabled devices connected to their home network.
Modern authentication frameworks, such as Security Assertion Markup Language (SAML), 0Auth, and OpenID Connect make it very easy for a home worker to enrol, connect and potentially leak data out of corporate cloud services through an IoT device without the IT organisation ever knowing about it. Equally, these types of authentication are often ‘one time’ occurrences, so it is not immediately obvious to the user that anything has happened. A crude example might be connecting a digital assistant to a corporate Office365 account to gain a central view of a calendar or appointments. This may seem harmless, but the reality is it creates both the risk of leaking corporate data and yet another entry point into the corporate network for bad actors to gain access and move laterally. For a lot of organisations, this simple event would go completely unnoticed by the IT department.
Assessing the risk
The increased endpoint / IoT security risk is a clear and present danger for organisations in 2021. Indeed, SonicWall’s 2021 Cyber Threat Report reported a 66% increase in IoT malware detections last year, with attackers targeting remote workers’ home networks, as well as a 74% increase in previously undetected malware variants and a 67% increase in malicious Office files. A recent Bitdefender report revealed a shocking 715% increase in year-on-year ransomware attacks. Taken together, these threats are further compounded by the risks associated with insecure network access and compromised credentials.
The 2020 Zero Trust Endpoint and IoT Security Report from Cybersecurity Insiders and Pulse Secure surveyed IT decision-makers ranging from technical execs to practitioners to understand how organisations are advancing Zerto Trust endpoint and IoT security capabilities. When asked about the key drivers for invoking greater Zero Trust endpoint detection & response (EDR) capabilities, 42% said they were unable to efficiently identify, classify and monitor endpoint and IoT devices, with 39% experiencing endpoint security issues despite using protection tools.
What’s more, over half (56%) anticipate a moderate to extreme likelihood of being compromised by a successful cyberattack originating from endpoints or IoT devices. It may come as no surprise then to learn that – given the continued challenges associated with home working – a majority of organisations (61%) expect to increase or significantly increase both capabilities and investment to secure remote worker access and endpoint security.
During times of uncertainty, trust no one
It may seem like a cliché from a classic spy thriller, but in times of uncertainty and significant threat, organisations should trust no one – Zero Trust, in fact. While not a new concept, Zero Trust frameworks have made serious headway in the cybersecurity community in recent years. In the current business environment, it is a concept few organisations can afford to ignore.
Zero Trust allows an organisation to defend itself against identity-based attacks. In its simplest form, it acts as a secondary security control that assumes an attacker will breach the corporate network. Instead of prevention, a Zero Trust architecture acts as a guardian against lateral movement once an attacker is inside the corporate network. It does so with three key steps: validation – of both users and devices; control, using granular policy enforcement to grant access, and protecting and encrypting data transactions.
With devices, network connections and employee locations all in a constant state of flux, security policies must also remain mobile, under constant review and continuous adjustment to ensure the corporate network is protected at any given time. Just as endpoint security products secure and collect data on the activity that occurs on endpoints, network security products do the same for networks. To effectively combat advanced threats, both need to work together in an integrated approach that combines endpoint and network security, ensures visibility into connected devices, and provides the ability to contain any single user or device if a threat is identified.
- Experts share the top five ways you can improve upon your password security this World Password Day
- Transforming the inventory process with Proptech – meet InventoryBase
- Groundbreaking Research From Xactly Highlights the Disruptions that Transformed Sales Organisations in 2020, Presents an Outlook for the Future
- What can corporates learn from digital transformation in the COVID era?
A final word
Despite what many IT teams may have thought in the past, a Zero Trust architecture is an achievable goal. Fundamentally, it’s about achieving a state of continuous verification and authentication throughout the network, with centralised policy enforcement. This ensures any device – whether that’s a company-issued laptop, an employee’s personal tablet or a stray IoT device – can only connect to authorised applications on the corporate network in a compliant manner. In today’s perimeterless, ever-changing and increasingly hostile IT environment, it is abundantly clear that organisations should consider Zero Trust as a foundation of their security strategy moving forwards.