New Year, New Plan; Secure your Endpoints
Steve provides research, analysis, insight and commentary on topical issues and events.
He lives in New Zealand and has been working at FastTrack Software for 10 years as a cyber security analyst and technical writer.
The ‘unprecedented year’ saw remote working become the norm for many organizations.
But throughout the chaotic scramble to safely move to a remote workforce, all while maintaining productivity and staying afloat in the chaos – cybercriminals have continued on as normal.
The Proof is in the Percentages
The team at Verizon investigated 32,002 security incidents; 3950 of these were confirmed breaches.
- 70% of these were perpetrated by external actors.
- 55% were perpetrated by organized crime groups.
- 45% of breaches involved hacking.
- 86% of breaches were financially motivated.
- 72% of breaches involved large businesses.
Interpreting the Integers
, which considers Verizon’s report as "the definitive source of annual cybercrime statistics", took a closer look at these stats – and from their commentary we can take several key lessons and use them to plan a better defense:
1. Organizations need to be more diligent with monitoring their assets and devices.
Do you have full visibility of all of your company devices? Do you know their exact locations and current configurations?
According to Forbes, not having access to this information for all devices means complete protection cannot be guaranteed.
For every endpoint that isn’t sufficiently monitored, an attack surface exists – ripe and ready for exploitation by cybercriminals.
Monitoring every endpoint minimizes your organization’s threat surface.
2. Protected endpoints can prevent a large-scale attack.
A single, unprotected endpoint can be the foothold for a large-scale attack on an entire organization – and we know that cybercriminals do not shy away from large targets.
According to Verizon’s DBIR, the vast majority of security breaches targeted large businesses.
But a large target is often compromised by small weaknesses, which frequently present themselves in the form of unprotected endpoints – endpoints that organized crime groups are relentless in scoping out.
Only one inadequately protected endpoint is required for a cybercriminal to wreak havoc among several thousand endpoints.
Forbes describes an ‘unbreakable digital tether’ connecting each of your endpoints as being key to ensuring the security of every device and the wider network.
3. Cloud-based is the way of the future.
Many organizations have already made, or are in the process of making, the move to cloud-based operating, with working-from-home becoming the preferred, and often enforced, method in times of global pandemic.
As well as allowing organizations to provide a larger scale of applications for their remote workforce, cloud-based over on-premise operating comes with several cybersecurity benefits:
- Cloud-based assets had a much lower rate of involvement in security breaches according to Forbes; 24% compared to 70% involvement for on-premise assets. These statistics suggest that you’re less likely to be targeted if you’re operating in the cloud.
- Cloud-based endpoint security also provides a higher level of security, with real-time monitoring, analysis and alerting available to help prevent cyberattacks. In addition, cloud-based security solutions often come in much easier-to-deploy and cost-efficient packages than their on-premise counterparts.
4. Managing privileged access can shut down breach attempts.
According to the DBIR, credential theft is one of the three most common culprits in security breaches: of the 45% of breaches that saw hacking as a contributing factor, 80% of these involved brute force or lost/stolen credentials.
This confirms just how sought-after credentials are for cybercriminals.
And the higher the privilege of a set of user credentials, the more valuable they are to hackers looking to exploit; local administrators can do much more on their device than regular users – such as make changes that affect other user accounts and the wider system and network.
For that reason, a single compromised endpoint that has administrator access is not a single compromised endpoint at all – instead, it can mean an entirely compromised network.
Because of this, managing privileged access on company devices is paramount.
If you have full visibility and control over who has administrator access and who doesn’t, and you can monitor any changes in this area as well as administrator activity, cybercriminals have a much more difficult job of successfully using stolen credentials to infiltrate a network.
Attempts at privilege escalation can be stopped in their tracks, and changes to system configurations can’t fly under the radar unnoticed.
We know that cybercriminals are often part of high-tech, organized crime groups that relentlessly scope out victims to exploit for financial gain.
We know that most security breaches are perpetrated by outsiders trying to get in.
The endpoint is that way in.
The overwhelming takeaway from Verizon’s DBIR and the Forbes commentary is:
Secure your endpoints.
For every endpoint you have that is uncontrolled, unmonitored and unprotected, an attack surface exists to be exploited.
Planning ahead with PAM
Privileged Access Management (PAM) is a form of endpoint security that does as the name suggests: manages who has privileged access within your organization.
But not all PAM solutions are created equal; a good one will go above and beyond.
Admin By Request
is a cloud-based PAM solution that covers each of the points mentioned above, featuring extensive monitoring capabilities, real-time malware detection and user-friendly reporting, all accessible within the online user portal.
1. Be more diligent with monitoring devices.
For every endpoint that has Admin By Request deployed, data is collected and displayed within the software’s user portal; geographical location, elevated users, installed applications, local administrators, new computers, and other data and activity is monitored for each and every device and displayed within the Reports tab of the user portal.
Keeping track of as much user and device data as possible, and subsequently any unexpected changes in this data, ensures endpoint threat surfaces are minimized.
2. ‘Digital tether’
Admin By Request’s user portal is the heart of the software – the single location from which to access the inventory, auditlog, settings, and requests for elevation.
From here you can customize settings for endpoints and users, with the software’s mobile application ensuring you’re always connected to your endpoints and users, even while on the move.
Having this central vantage point from which to view and configure endpoints means the likelihood of a cybercriminal being able to exploit a single endpoint unnoticed is much lower.
3. A cloud-based future.
Cloud-based operating provides several advantages, both for productivity and cybersecurity reasons.
Admin By Request is a cloud-based software service, which can be deployed and set up for both small and large enterprises remotely, quickly and easily.
The PAM software integrates OPSWAT
’s MetaDefender Cloud API
to protect all endpoints from malware using more than 35 anti-virus engines – because a single, endpoint ant-virus solution doesn’t cut it against the advanced tactics employed by cybercriminals today.
MetaDefender scans files in real-time, flagging malicious files before they can do any harm to your endpoints and wider network.
4. Manage privileged access.
Admin By Request’s privileged access management capabilities are integral to keeping your endpoints and organisation safe.
The less privileges a user has on their device, the less ability they have to make system wide changes that compromise security – and the safer your organisation is.
Admin By Request revokes local administrator rights, while still allowing users to temporarily gain elevated access when they need it – but never by elevating the user.
Instead, the application gains elevated privileges while in use. That way, the user – and cybercriminals looking to exploit – never gain administrative access to the system.
While a user is running an application with privileged access, session information such as the user details, software installs, and executed programs, are logged within the Auditlog in the user portal, so you can access all necessary data in the case of a breach.
The number one lesson on cybersecurity for 2020 was to secure and protect your endpoints.
And although a new year doesn’t simply allow us to hit the reset button, we can start somewhat afresh with a clean slate and a new plan in place.
Part of that plan should be a comprehensive PAM solution that does more than just keep your local administrators in line.