Whether you like it or not, endpoints have become part of the growing attack surface, and this has become more complicated by the growing use of highly insecure Internet of Things (IoT) devices. Organisations simply cannot afford to “go dark” or have their assets literally taken from under their noses, so they must maintain a constant connection with devices whether or not they are on the corporate network. Failing to do so can have potentially disastrous repercussions.
The Hong Kong breach at the end of March, which exposed the data of 3.7 million voters, is a perfect example of the growing threat of lax endpoint security. In this particular case, two laptops were stolen from a locked room at the AsiaWorld Expo conference centre. These laptops contained a large database of voter ID card numbers, addresses, and mobile phone numbers.
Not only does this attack highlight the problems that can occur with poor endpoint security, but also the risks associated with them. According to Gartner, the number of endpoints will reach more than 20 billion by 2020, so the risk is definitely a growing one. Unfortunately, the rise in the number of devices connecting to corporate networks has not been met with an equally motivated increase in security. Businesses are struggling to manage and control the many smartphones, tablets and laptops that connect to their networks - and as the breach in Hong Kong demonstrated, the impact of losing just one device can be hugely damaging.
With this in mind, it has become imperative for organisations to have persistent, continuous insight into every single endpoint on their network – and more importantly to have the ability to remotely wipe data on lost, stolen or infected devices. Complete visibility and remote access to endpoints - whether they are on or off network - is important to mitigate any suspicious activity as soon as it happens, detect the problem at the source and ensure the constant protection of the data on that device. Even if a device has encryption tools, anti-virus software and firewalls in place, businesses are still not protected from the threats that the proliferation of endpoints has created. The risks are too high, and cyber-criminals are determined – so it's a very real possibility that sensitive information will get into the wrong hands.
To thwart attempts to disable, disarm or uninstall encryption or anti-virus protection, organisations must look at solutions that provide proactive, automated, self-healing endpoint capabilities. Failing to address this not only leaves businesses wide open to security risks and leaves network teams “blind” as to where their data is headed, but in Europe it can also render them non-compliant with internal and external regulations such as the EU's GDPR. Full implementation of the GDPR, which will force businesses to prove that their data is protected in a breach situation, is rapidly approaching, so it's imperative that new security policies are drafted and existing ones are adapted to manage the influx of security-poor devices that will continue to flood organisations.
With smart devices increasingly saturating the market, the risk of hacking or simply stealing endpoints for valuable information is rising significantly. What's more worrying is that hackers no longer need the advanced skills or expertise traditionally required to gain access. The criminals in Hong Kong didn't use a highly technical virus to steal the data, they simply took the entire laptop and walked out the door. Clearly, devices are often inadequately protected, which means that attackers can quickly exploit the endpoint and have very easy access to a company's confidential data. Endpoints, and in particular internet-enabled ones, are considered low-hanging fruit for cyber-criminals.
Organisations must ensure that they have all eyes on their connected devices - either literally or virtually through persistent, self-healing endpoint security software. Furthermore, if these devices are connected to a company's corporate network, businesses must implement full management of these devices, tracking and monitoring them to secure enterprise data and network access at all times. While there has been some speculation in this particular case as to whether such vast amounts of personal information should have been stored so insecurely on a laptop, the point remains that endpoints are inherently insecure, and it's down to the organisation to make sure they have the right tools in place for when things go wrong.
Contributed by Richard Henderson, global security strategist, Absolute
*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.