In this article we discuss five endpoint threats, how they impact organizations and how IT security departments can deal with them.
5 endpoint threats impacting security that organizations struggle with
Organizations around the world are trying to keep up to speed with endpoint security developments by ensuring they have the best in terms of infrastructure to handle threats to their data security. We have compiled a summary of the top five threats that your organization might face trying to keep sensitive data out of reach from the bad guys.
1. Phishing attacks
How does phishing affect companies?
When phishing attacks succeed, hackers gain access into the company’s network and steal sensitive customer data and information. Think of a hospital environment where hackers have obtained medical records of patients and published them online. This has the unfortunate effect of both damaging the people whose records were stolen and the reputation of the brand on a long-term basis: Customers tend to avoid products or services that seem incapable of handling their sensitive information, especially when it is publicly displayed when it isn’t supposed to. The loss of data and information and public reputation is a risk companies cannot afford to suffer and will seek to detect and mitigate.
How hard is it to detect phishing attacks?
Detecting phishing attacks is a matter of the resources at hand. Resources can range from something as simple as conducting security awareness training to endpoint security solutions that employ machine learning and artificial intelligence to detect abnormalities in phishing emails and advanced threats. Improvement in technology is leading to easier detection of these endpoint threats. In light of all this, how do you ensure proper endpoint protection against phishing attacks?
The technical solution
A technical solution would include subscribing to service providers that provide threat intelligence and research on phishing IP addresses and web pages. Examples of some services you can use to combat phishing include Cymon and Firehol. Some organizations may decide to implement machine learning, where they will acquire data sets from websites such as PhishTank and Alexa in order to process the raw data and extract meaningful information showing fraudulent domains. Meaningful datasets will be used to train the company’s machines using powerful algorithms such as the famous Decision Tree Algorithm. Phishing attacks can also be stopped by analyzing inbound traffic for malware and sandboxing inbound email addresses by deploying endpoint security solutions that check on the safety of emails when users click to read.
The educational solution
Organizations that perform regular awareness training are in a better position to detect phishing attacks than those that do not. You could train your employees using solutions such as SecurityIQ, which allows you to execute a test phishing campaign. Conducting such training ensures that user behavior within the company remains in line with policy and that employees understand what to do when they encounter malicious emails.
2. Unpatched vulnerabilities
How do unpatched vulnerabilities affect companies?
Companies may leave vulnerabilities unpatched for long periods of time, and this is leading to attacks becoming more common than ever. Hackers, who are interested in collecting as much data from as many companies as possible and later selling this information on the dark web, have been a challenge faced by many companies for a long time. The reputational damage that results from this is enough to completely shut down a company. Think, for example, of the damage that followed the recent British Airways data breach in which hackers walked away with customers’ financial data. The hackers that perpetrated this attack now have a range of options, from making fake cards to making online purchases with the victims’ money. Think of all the negative implications this could cause to not only British Airways, but your company as well. Such attacks can be controlled by the right endpoint security in place.
How hard is it to detect attacks arising from unpatched vulnerabilities?
Detecting attacks from unpatched vulnerabilities is often the same as detecting any other attacks within your corporate network. Organizations will find it important to invest in a Security Operations Center and a threat-hunting function that will be responsible in hunting for these threats and stopping them before serious financial or data losses are suffered.
The technical solution
Patch management allows you to push out patches to multiple systems within the company, which will help you stay in sync the most recent and up-to-date software versions. Many companies do not handle patch management with the seriousness it requires, and thus end up compromising on their endpoint security. Sometimes, unnecessary bureaucracy and paperwork at the company results in leaving an unpatched vulnerability running for quite a while. There are, however, a number of automated tools that can help with the process of patch management. They include RingMaster’s Automated Patch Management, PatchLink Update, and Gibraltar’s Everguard. Organizations will also find it important to have regular assessments conducted within their environments and infrastructure in order to detect unpatched vulnerabilities before they are exploited. This can be done by conducting penetration testing, vulnerability assessments, source code reviews and red team assessments.
The educational solution
Attaining effective endpoint protection within your company will largely rely on the education your employees get on the importance of having vulnerabilities secured. This can be done by conducting or attending security awareness training or security-based seminars. You can also employ a qualified trainer, create an internal awareness course or create an emergency response team that will be responsible for training your staff on the actions to take when certain threats or attacks are detected.
3. Malvertising
How does malvertising affect companies?
Malvertising infects the websites you own with malware that may further compromise the users that visit your website, infecting them with malicious software or even redirecting them to websites where further attacks await. Once company’s endpoint security has been breached, malvertising reduces the productivity of your company. Employees constantly seeing adverts popping up on their screens during work hours, will have their productivity affected by the unnecessary redirection and distracting content. If not stopped, malvertising may lead to an increase in infections and eventually disruption of business hence huge financial losses.
How hard is it to detect malvertising attacks?
Detecting malvertising is as simple as examining the domains that are advertising ads on websites you own. You can do this easily by cross-checking the domains from which the ads originate against domaintools.com and determining their origin. Your website can be flagged for distributing malicious software by a search engine. In case this happens, you can file an appeal only after removing the affected ads.
The technical solution
Google has a neat anti-malvertising guide found here. The first step in ensuring endpoint protection is searching for suspicious iFrames and redirects; if you notice suspicious encryption when checking the ad’s script, remove the ad and report it to your ad network. If you notice similar patterns from your ad network, even after replacing ads, then you should switch to a different ad network.
The educational solution
Train your staff on the importance of using ad blockers on their browsers and educate them about the dangers of various add-ons that are made available. For instance, good add-ons can be found from Geoedge and Media Trust. Your employees should also be educated on endpoint security, such as the importance of having updated antivirus signatures and more capable antivirus engines. These can help combat malvertising.
4. Drive-by downloads
How Do Drive-By Downloads Affect Companies?
Once hackers have gained access to your company network through a successful drive-by download, they have several ways to exploit your systems. They may decide to exfiltrate sensitive data and information from your network, remain hidden while launching silent internal attacks to study daily routines or even use your computing power to mine cryptocurrency. Whatever they do, unauthorized activities within your company network are a ticking time bomb and will definitely lead to data, financial or reputational loss.
How Hard Is It to Detect Drive-By Download Attacks?
Companies today have solutions installed that automatically detect malicious software inbound to the network and stop it before it can cause any harm. Firewalls can be used to detect and stop such software, so investing in a good firewall is something you will definitely have to do as an additional step towards achieving endpoint protection within your infrastructure.
The Technical Solution
There are a few steps you can take towards achieving endpoint protection against drive-by download endpoint threats. They include:
Using updated software: Up-to-date software ensures that you are protected against the vulnerabilities permit drive-by downloads within your systems. This is effective in thwarting some drive-by-download attacks. Removing unnecessary plugins: Some software is no longer supported after a while, meaning it isn’t up to date on the latest threats. Removing software that is no longer being supported will go a long way in improving your endpoint security and preventing potential attacks. Installing an ad blocker: Most drive-by-downloads propagate by means of infected ads. Having an ad blocker ensures that you are protected from being redirected to sites that host drive-by-type malware, eventually protecting you from them. Installing a host-based firewall: Host-based firewalls will help detect malicious links where infections reside and block you and your employees from accessing the sites. A good host-based firewall is Comodo Firewall by Comodo.
The Educational Solution
Conducting cybersecurity awareness training is important in ensuring your employees understand the importance of having updated software running and secure online practices that will come in handy in preventing malware infections.
5. Data loss and theft
How Do Data Loss and Theft Affect Companies?
In 2014, USA Today reported on a Ponemon Institute report which found that “a staggering 43% of companies have experienced a data breach in the past year.” The figures have risen and are expected to keep going up in the coming years, and the likelihood is increasing that your organization may be a victim of such a breach. So how can data loss and theft impact your organization?
Regulatory fines: Most industries have embraced regulations to protect customers and customer data, and these regulations come with hefty fines in the event that you are unable to keep up with them. For instance, if willful neglect leads to data loss, HIPAA might demand fines of $1.5 million just for a single violation. Fines of up to $4.8 million have occurred. Think of what such fines can cost your organization. Ransomware demands: Ransomware attacks can not only lead to hefty financial losses for a company, but in the event that the ransom is not paid, then permanent data losses will most certainly be suffered if you haven’t invested in good backups. Investigation costs: The financial cost involved in determining the methods by which data was lost is an expensive affair, mostly because most data recovery outfits charge based on the amount of data to be recovered. The time and money that can be lost is significant enough to leave a mark on your organization.
How Hard Is It to Detect Data Loss and Theft?
The most effective way of detecting data theft is by deploying a Security Operations Center (SOC). Monitoring traffic on your network and having solutions that will notify you once abnormal data transfer quotas are hit might just save your organization from heavy data losses.
The Technical solution
Some of the actions that may prevent data loss in the event of a breach include:
Securing sensitive data in a locked secure storage that is safe from theft and cyberattacks. Your company will be able to salvage sensitive information even after a security breach (as long as the secured data is intact) Maintaining backups of your data. This is especially effective against ransomware attacks, since paying the ransom is discouraged Properly disposing of outdated data and information. If outdated data is obtained by hackers, it may still have the same undesired effect to your customers Securely accessing your data through encrypted media is a step towards thwarting hackers
The Educational solution
Educating your staff and employees concerning the importance of endpoint security will ensure that they handle data with the seriousness it deserves. Encouraging the encryption of portable devices and removable media greatly reduces the risk of data loss through exfiltration, since the storage media will be inaccessible unless unlocked.
Conclusion
Endpoint security requires constant improvement to combat the five endpoint threats discussed above. Threats will continuously evolve to fit and match the technology of the day, and you should thus ensure that your company is up to speed with the most recent developments and securing your systems against the latest attacks with the best patches and solutions. In addition, training is an important investment in ensuring your staff understand how to handle data and what is expected of their online behavior.
Sources
Five endpoint threats affecting small businesses, Avast Blog Top threats impacting endpoint security decisions, Help Net Security Phishing URL Detection with ML, Towards Data Science BA Data Breach: What Does the British Airways Hack Mean for Customers?, The Independent Data Theft and Its Impact on Your Business, Infiniwiz What is Insider Data Theft? Data Theft Definition, Statistics and Prevention Tips, Digital Guardian 43% of companies had a data breach in the past year, USA Today