Tony Lee, Managing Director, Panda Security UK
For decades, firewalls were considered the principal method of online security; providing a threat originated from outside a business’ security network, the firewall would intercept it and manage it accordingly.
However, while cyber attacks have evolved and become more sophisticated in their execution, the basic function of a firewall has remained the same: prevent unauthorised access to or from a private network.
So what if a threat originates from inside the network perimeter and via an endpoint such as a smartphone, IoT device or even a printer? Sure, most businesses are able to protect their corporate network(s) from intrusion using advanced firewalls, but do they have protection in place for the endpoint devices that are authorised to connect to it?
In most instances, the answer is no.
Endpoints have quickly become the main targets for cyber criminals due to the lack of protection they have – but despite them being the target, few businesses are actually investing in protection for them.
Businesses need more than just a firewall
Aware of the fact most businesses focus on perimeter protection (such as a firewall) rather than individual device protection, cyber criminals target a business’ smartphones, routers, printers and even faxes to gain access to its corporate network.
And many businesses are unaware of this fact; so instead of protecting every potential access point, they instead invest heavily in network security thinking it will prevent any and all access from unauthorised users.
But for businesses to properly shield their corporate network from attacks, they need to protect the individual devices that connect to it as well as educate employees on the importance of doing so. The approach must be twofold. Firstly, it requires business-wide education on the risks of unsecured equipment connecting to the business’ secure network, and secondly, the implementation of appropriate solutions to protect those devices before they connect and after they disconnect so that they cannot be accessed by third parties.
Securing devices in a BYOD environment is a difficult task
Even with businesses educating employees on the importance and necessity of protecting their appliances, they must also develop a procedure to ensure that before new devices are vetted, protected and then authorised to connect to the business’ corporate network.
Managing such a procedure, however, is made infinitely more difficult in today’s BYOD world. A large majority of businesses allow employees to use their own personal devices to connect to the corporate network – which saves time and money but can also compromise endpoint security.
The reality is that most people don’t have firewalls or anti-virus solutions on their personal equipment – and if they do, chances are they are not configured correctly. Subsequently, cyber criminals can easily access these devices and leave malware on them. Once that device connects to a business’ corporate network, the malware uploaded on it acts as a backdoor which gives the cyber criminal access.
To prevent such an occurrence, businesses would need a network policy that includes scanning new appliances for malware, installing an online protection or encryption solution (perhaps a combination of a firewall and VPN) and finally, authorising the device via its IP or Media Access Control (MAC) address (a unique identifier assigned to a device when it’s manufactured). Alongside this, businesses should also educate employees on the dangers of unsecured online activity and how that information can be accessed and used by cyber criminals. Such an approach may be costly to implement, but compared to the costs arising from a data breach the cost is relatively insignificant.
Businesses neglect endpoints in favour of the perimeter
Despite endpoints being a primary target, enterprises spend less than 4% of their budget on endpoint security and instead invest in the protection of their network perimeter.
In many cases this comes down to a lack of awareness and education around endpoints. Obsessed with protecting the network, businesses invest heavily in firewalls rather than taking the time to protect the equipment on that network and become complacent, thinking it’s all they need.
In addition, some security vendors themselves are guilty of talking a lot about a business’ perimeter, IoT devices and other vectors that need protection, and as a result, the most important part – the endpoint – is overlooked.
Cyber attackers operate on the basis that if they are able to access just one computer or device, they can move deeper into a business’ network.
Cyber security needs to be deployed throughout the enterprise. Every device needs to be considered in isolation and as part of a wider security infrastructure. If appliances are protected at device level and network level, cyber criminals have significantly less points of access. It’s not all about the perimeter. Attacks in the past may have originated from outside but today, employee devices often provide the way in.
A new approach to endpoint security is needed
Some businesses have caught on to the need for endpoint protection but many take a traditional approach to it. What this means is that while they have protected endpoint devices – smartphones, IoT devices, printers, faxes and anything that can connect to the business’ network – they don’t regularly review policies or upgrade software.
Cyber threats are constantly evolving and changing – and on that basis, businesses need to regularly review their approach to enterprise security as well. Having some form of cyber security solution in place to manage enterprise security goes a long way but businesses also need to make it mandatory that policies and software are reviewed on a monthly basis. In doing so, they can identify areas for improvement or potential loopholes cyber criminals could exploit.
Ultimately, endpoint security must be considered as a fundamental for overall enterprise protection. Starting with the devices that are routinely compromised and working inwards will allow businesses to develop a more robust and ‘complete’ security strategy.