How should CIOs and other IT leaders respond to evolving cyber threats? Here are five tips.
Cloud architectures and remote workforces have effectively dissolved the network perimeter, the traditional line of defense for IT security. Lacking that decisive boundary, the work of security teams has changed. Now to guard against data breaches, ransomware, and other types of cyber threats, protecting network endpoints is more important than ever.
But protecting endpoints is a priority with a massive scope. Endpoints encompass everything from employee laptops, desktops, and tablets to on-premises servers, containers, and applications running in the cloud. Endpoint security requires a comprehensive and flexible strategy that goes way beyond what security teams relied on a decade or more ago. Then IT assets were nearly all on-premises and protected by a firewall. Those days are over.
Ransomware continues to evolve
Ransomware continues to be a major threat to organizations of all sizes. After declining for a couple of years, ransomware attacks are on the rise again. They increased 23% from 2021 to 2022.
Not only are attacks more frequent, they’re also more disruptive. In 2021, 26% of attacks led to disruptions that lasted a week or longer. In 2022, that number jumped to 43%.
On average, each of these attacks cost its victim $4.54 million, including ransom payments made as well as costs for remediation. As bad as these numbers are, they’re poised to get worse. That’s because in the past year, attackers have adopted new models for extorting money from victims.
Business email compromise attacks
Another prevalent form of attack is business email compromise (BEC), where criminals send an email impersonating a trusted business contact, such as a company CEO, an HR director, or a purchasing manager. The email, often written to convey a sense of urgency, instructs the recipient to pay an invoice, wire money, send W-2 information, send serial numbers of gift cards, or to take some other action that appears legitimate, even if unusual. If the recipient follows these instructions, the requested money or data is actually sent to the criminals, not the purported recipient.
Between June 2016 and December 2021, the FBI recorded over 240,000 national and international complaints about BEC attacks, which cumulatively resulted in losses of $43 billion. Ransomware might make more headlines, but BEC attacks are 64 times as costly. And they are becoming more frequent, increasing 65% between 2019 and 2021.
“Endpoint monitoring won’t stop a BEC attack,” explains Tim Morris, Chief Security Advisor, Americas at Tanium. “But it might tell you a little more about the person who opened the email and what they did with it. Context can give you the clues you need for determining whether the attack is part of a broader campaign, reaching other recipients with deceptive messages.”
Practical tips for endpoint management
How should CIOs and other IT leaders respond to these evolving threats? Here are five tips.
Treat endpoints as the new network edge.
With so many people working remotely and 48% of applications running in the cloud, it’s time to recognize that the new line of defense is around every endpoint, no matter where it is and what type of network connection—VPN or not—it’s operating with.
2. Identify all devices connecting to the network, even personal devices not officially authorized.
“You can’t secure what you can’t manage,” says Morris. “And you can’t manage what you don’t know.” Security Operations Centers (SOC) need to know all the endpoints they’re responsible for. Audits of enterprise networks routinely find endpoint management systems miss about 20 percent of endpoints. SOC teams should put tools and processes in place to ensure they have a complete inventory of endpoints and can monitor the status of endpoints in real time.
3. Patch continually.
Patching has always been important to ensure endpoints have access to the latest features and bug fixes. But now that software vulnerabilities have emerged as a major inroad for attackers, it’s critically important to ensure patches are applied promptly. Organizations can’t hope to respond to supply chain attacks like Log4j without putting in place automated solutions for software bills of materials and patching.
Once you have a cybersecurity plan, a cybersecurity toolset, and a trained staff, it’s important to practice hunting for threats and responding to attacks of all kinds. It’s helpful to take a Red Team/Blue Team approach, assigning a team of security analysts to break into a network while another team tries to defend it. These drills almost always uncover gaps in security coverage. Drills also help teams build trust and work together more effectively.
5. Get endpoint context.
When attacks occur, it’s important to respond as quickly as possible. To respond effectively, security teams need to understand what’s happening on affected endpoints, no matter where they are. Which processes are running? What network traffic is taking place? What files have been recently downloaded? What’s the patch status?
Analysts often need answers in minutes from endpoints thousands of miles away. And they don’t have time to install new software or hope the remote user can help them set up a connection. Security teams need to have a system already in place for analyzing endpoints and collecting this data, so that when any type of attack occurs—even attacks like BEC attacks—they can collect the contextual information needed for understanding what happened and what threats remain active.
Cyber threats are becoming more prevalent, more sophisticated, and harder to identify and track. For more tips—five more in fact—on how to reduce the risk of cyberattacks and ensure that when attacks occur, they can be contained quickly and efficiently, check out this eBook.