The Post-Perimeter Age: Shifting the Focus to Endpoint Security
- 15 March, 2019 12:32
You’ve spent years building perimeter defenses against cyberattacks. With a strategic combination of VPNs, intrusion detection and prevention systems, firewalls, antivirus software, and SIEM systems, you’ve built a moat around your network that keeps even advanced attackers at bay.
Until recently, that is. As cloud-based applications and remote work become the norm, focusing on perimeter defenses is no longer enough. In fact, the clear perimeter around your valuable assets has blurred to the point that you need an entirely new approach to cybersecurity.
We’ve entered the post-perimeter era of cybersecurity. And to keep your data protected, you need to shift your focus to multi-layered endpoint security.
Three trends changing the nature of cyberattacks
Attackers are always looking to exploit the weakest link in your network. But after decades of evolving cybersecurity defenses and heightened employee awareness, your perimeter is no longer the weakest link.
Instead, there are three key workplace trends that are changing the nature of cyberattacks:
- Bring your own device (BYOD): Allowing employees to use personal devices for work has created a perfect story of productivity. For your workforce, personal devices can increase productivity by 34% and save them nearly an hour per day. And for your company, embracing BYOD can save $350 annually per employee. These personal devices give attackers new entry points to your network while also obscuring your network perimeter.
- Remote work: Advances in technology have made it easier for employees to do their jobs outside of your headquarters. Already, 79% of knowledge workers say they work from home at least sometimes, while 60% of part-time remote workers say they’d leave their jobs for a full-time remote position. Remote work negates the effectiveness of your perimeter security tools, because employees aren’t within the walls of your cyber defenses.
- Cloud-based applications: Studies show that 83% of enterprise workloads will shift to the cloud by 2020. However, 66% of IT professionals say security is their biggest concern with this new reality. Even if BYOD policies and remote work aren’t dissolving your network’s perimeter, cloud-based applications will. And without a way to secure connections to these applications, attackers will compromise your network regardless of perimeter security investments.
To capitalize on these workplace trends, attackers are no longer taking traditional approaches to slip by perimeter defenses. Instead, they’re targeting endpoint devices, compromising vulnerable internet browser activity, and using social engineering to capture employee credentials and gain administrative access to your network.
The problem is that attackers have adapted much faster than most companies. If you haven’t shifted away from traditional perimeter defenses, you could experience costly consequences.
Endpoint attacks are on the rise
The shift from traditional cyberattacks to endpoint attacks that capitalize on new workplace trends isn’t something to look for on the horizon—it has already happened.
A 2018 Ponemon Institute study found that the current state of endpoint security is not strong enough to withstand modern attacks. The study found that traditional antivirus software missed 57% of endpoint attacks, and that it takes IT teams an average of 102 days to patch endpoint vulnerabilities.
As a result, 64% of respondents said their organizations had already fallen victim to an endpoint data breach. And with the cost of a successful attack exceeding $7 million, these are not incidents that can be taken lightly.
However, these attacks are nothing new. In December 2013, Coca-Cola experienced a data breach that saw 74,000 data records compromised. A former employee tasked with decommissioning devices stole several laptops, which enabled him to compromise unencrypted names, Social Security numbers, addresses, and financial information. While the company eventually regained possession of the stolen devices, this attack could have been prevented with basic access control.
In a more recent example, South Korean Bitcoin exchange, Bithumb, experienced a data breach in 2017 due to an unsecure BYOD program. After being targeted by a phishing scam, attackers gained access to the personal computer of a Bithumb employee. With access to that computer, attackers then launched a data breach that lasted from February to June of 2017 and drained the digital wallets of thousands of customers.
In response to the incident, Pete Banham, cyber-resilience expert at Mimecast, said, “This cryptocurrency heist is a prime example of why firms need to think about the sensitive information employees have access to in a remote working world. Assume home PCs are or will be compromised when designing your data protection strategy.”
Rather than assuming your remote endpoints will be (or have been) compromised, you should take a new approach to security that will actually protect them. By adapting to new vulnerabilities with a multi-layered endpoint security strategy, you can reap productivity and cost-efficiency benefits without sacrificing data protection.
Endpoint security for the post-perimeter age
Just because attackers have shifted their focus away from the traditional perimeter of your network doesn’t mean you should get rid of your existing security solutions. However, your perimeter defenses are just one layer of the multi-layered approach that’s now necessary to protect your data.
A new zero-trust model must be applied to both your perimeter defenses and your endpoint security strategy. Rather than assuming internal traffic can be trusted, a zero-trust model requires verification of every user and every device that accesses your resources. With so many new endpoints accessing your network, this is the only way to prevent malicious activity from evading your defenses.
In addition to next-gen firewalls and antivirus solutions, a multi-layered, zero-trust endpoint security strategy depends on:
- URL filtering: Restrict web traffic to prevent users from accessing known-malicious sites that could lead to compromised credentials and endpoints.
- Endpoint detection and response: Continuously monitor endpoints for suspicious activity, sending real-time responses when unusual (potentially malicious) behavior is detected.
- Remote access controls: Secure remote connections with hardened gateways and VPN connections, implement two-factor authentication for all users and devices, log all remote sessions, and deploy a clientless remote access solution so there’s no software for attackers to compromise on your devices.
- Browser isolation: Choose a remote browser isolation solution to run active browser-executable code inside an isolated environment, defending your users from zero-day attacks, drive-by downloads, and other malicious web content.
In the early days of BYOD programs and remote work, traditional enterprises resisted the trends for fear of costly security incidents. But now, they’ve become necessities for both employee experience and productivity.
Rather than fighting against the workplace trends, update your security strategy and adapt to the changes. With the kind of multi-layered, zero-trust security model outlined here, you’ll be able to continuously adapt to new threat vectors and prevent attackers from compromising your most sensitive data.
Author Bio:
Ilan Paretsky is Chief Marketing Officer at Ericom Software and is responsible for the global marketing activities of the company. Prior to joining Ericom in 2005, Mr. Paretsky held various leadership positions in marketing, business development, project management, and software development in the global software and telecom industries.
