One of the founding fathers of the United States, Benjamin Franklin, once famously advised that an ounce of prevention is worth a pound of cure. While this statement was made nearly 300 years ago, it is still true, especially in our modern-day fight against the ongoing increase in cyber threats. Cyberattacks have become a persistent and permanent threat to organizations across all industries. Consider the following:
- There was a 500% increase in ransomware attacks in 2021 compared to 2020.
- 70% of all intrusions last year were malware.
- There was an attack every 11 seconds in 2021.
- On average, there are 90+ monthly vulnerabilities for Windows that require patching.
- More than 1,000 slow and expensive VPN connections can be required to manage and control remote endpoints in a typical enterprise.
- Tens of millions of dollars in fines are levied each year for non-compliance with data protection standards, such as GDPR.
To mitigate the increased exposure to these cyber risks, IT teams must act proactively and swiftly to safeguard the most vulnerable point in the network – the endpoint. Combatting these escalated endpoint threats requires organizations to look at all the ways threats could succeed and tighten up controls in each element, including user activity, policy and access controls, antivirus software, suspect or abnormal byte sequence detection, a chain of trust, and virtualization and cloud-based computing. Experts recommend a “defense in depth” strategy, or multi-layered approach to physical, technical, and administrative controls to safeguard a business from security threats.
Endpoint Security Starts at the OS
The solution to protecting endpoints, however, really starts with the device operating system (OS). Moving Windows to the data center or cloud via virtual desktops and using a lean, inherently secure Linux-based OS can instantly fortify the security posture of any endpoint. For example, moving Windows off the endpoint is the logical strategy as cloud-based apps, like Azure Virtual Desktop, Windows 365 Cloud PC, along with cloud-based offers supported by VMware and Citrix are now the virtualization standard for end-user computing. This approach also consumes less IT staff time since it streamlines patching and other security updates across an organization’s entire IT environment, greatly reducing risk at the endpoint. Users, regardless of their locations, can confidently use their endpoint devices of choice to access the data and apps they need in the cloud, all while minimizing the chances of introducing a threat.
An OS built for VDI, DaaS, and digital workspaces can be structured as a modular, read-only and tamper-proof firmware base, for optimal success. Since the endpoint OS has an extremely small “attack surface” and all the data is stored in the cloud, there is literally nothing for hackers to target on the endpoint. In addition, the inclusion of multiple security-focused features in the OS can be designed to minimize exposure and deter attackers from gaining access to an organization through the endpoint devices.
Giving users what they need to do their jobs effectively and controlling access to non-relevant apps will significantly reduce an organization’s attack surface and can help stop attacks before they even happen. IT teams can set policy controls based on end-user roles to minimize the “human factor” as well. For example, an endpoint device can be “locked down” in appliance mode or kiosk mode to perform only one function and nothing else. Additional measures like multifactor authentication can add another layer of security and protect the organization to minimize harm, even if an endpoint device is lost or stolen.
Securing the Device and Beyond
Organizations also need to think beyond the endpoints and devices and focus on practices that reduce risk regardless of where or what devices an individual is using at the time. Recognizing that a hybrid workforce will likely introduce rogue devices at some point, security protocols must be implemented that are, at a minimum, set with a standard security baseline across devices, to support what is becoming a permanently fluid style of working.
Organizations should also think about adding a chain-of-trust process to their security strategy. A sequence of cryptographic signature verifications that ensure end-to-end integrity really adds an extra level of confidence with every device startup or reboot. A chain-of-trust process can extend from the endpoint device to the digital workspace VDI host or cloud. Every time a device is used, chain-of-trust ensures that none of the firmware and software in the startup sequence have been altered. With a chain-of-trust process in place, the end user is alerted, and IT can take the necessary steps if it detects a failure condition at any step along the way.
Some organizations still focus on the “cure” when it comes to getting hit by cyberattacks and threats. Minimizing harm after getting hit by a cyberattack is possible using the IGEL US Pocket, for example. However, the amount of damage and required work to overcome an attack can be reduced significantly if you simply take the necessary steps and precautions to provide protection in the first place. You need to help your people to have a protected and productive workday, every day, from anywhere. Taking preventative measures by implementing the multi-layered approach to endpoint security outlined in this article, you can protect endpoints with built-in security to increase the overall threat defense against ransomware and other forms of malware. Focus on the prevention rather than the cure.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.