Make no mistake about it: employee behavior is, has been, and will continue to be the greatest vulnerability to a company’s endpoint security. Far, far too often corporate employees are the unwitting allies of malware, ransomware, and other growing digital threats. Many are using devices with highly sensitive data and corporate network access for their own personal browsing, where a single errant click can open the door for malicious hackers (and subsequent losses to a company’s bottom line and brand reputation). Other cautionary – and common – data breach trails involve employees who lost their devices, or had them stolen, or were careless about safeguarding their access credentials.
Proper employee training is often cited as the correct prescription for this issue, and can certainly have an effect. Guidance in data security best practices can, for example, enable employees to study potential phishing emails with enough scrutiny not to fall for them. It can help workers gain the savvy to optimally store and protect their credentials, and to ensure that devices with active, logged-in sessions are never left unattended. But, unfortunately, while employee training in security protocols can reduce risky behavior, it will never abolish it completely. And all it takes is one mistake for data to become exposed, and the details of incidents are such that it’s often unrealistic to expect the employee involved to have done better (perhaps especially in cases where device theft is a factor). Training has long been championed as a solution, yet is anyone all that surprised that data breaches continue to occur?
Just as employee education is a proactive measure, businesses also need better security strategies in place to automatically detect and respond to threats upon arrival. Endpoint detection and response (EDR) tools can step in to help prevent breaches even after malware is present or an unauthorized party gains network access. When an employee makes the mistaken, split-second decision to click an email link pointing to malware – or, say, connects a laptop to an unsecured WiFi network where a cybercriminal can take advantage – EDR can save the day.
Employing a mindset – which Gartner calls “Continuous Response” – that is focused on rapid detection and response allows for the continuous anomalous behavior monitoring of all devices on a company’s network. If and when any activity occurs that is out of the ordinary – e.g. malware, spike in activity, or an unfamiliar user performing unauthorized actions – security teams can identify this as anomalous. From there they can address the risk appropriately, and with the right tools, even automatically assess and neutralize the threat. By overseeing processes on the endpoint, including traditional machines (laptops and workstations) and emerging ones (smart devices, connected industrial structures, POS systems, etc.), businesses can be better prepared to remotely and systematically stop unknown activities and delete malicious files – even clearing the device’s registry of threats.
Previously, an incident involving malware might have required that devices be reset or hard drives wiped and reimaged, resulting in employee downtime. However today, the right forensic strategy can discover and remove malicious threats with highly targeted remediation capabilities, resulting in little or no downtime.
With the substantial risk organizations face from data breaches stemming from compromised endpoint devices, and because even the best employee training is less than 100% effective, implementing a technology strategy designed to remove threats once the walls are breached is a wise decision.
[su_box title=”About Charles Choe” style=”noise” box_color=”#336588″][short_info id=’101662′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.