With remote work becoming the new normal, organizations globally are getting usual to connect and secure their remote employees virtually. The demand for advanced endpoint security solutions has increased, as end-user devices like laptops, smartphones, and other Internet of Things (IoT) become a necessity in the current working conditions. Here’s how securing these four endpoints can enhance your endpoint security.
By Rudra Srinivas, Feature Writer, CISO MAG
In tandem with technology and deployment, the growth of end-user devices also created multiple attack vectors for cybercriminals. With remote employees accessing corporate networks via multiple devices (both personal and official), attackers are targeting various endpoints to exploit and access enterprise networks.
Let us first examine some attack vectors that hackers commonly target:
1. Shadow IoT
The surge in shadow IoT devices is a growing concern to enterprise network security. According to a survey from Zscaler, most of the enterprise IT teams are not aware of their organization’s IoT traffic, which is creating new IoT-based attack vectors for cybercriminals. Shadow IoT devices are internet-connected devices or sensors used inside an organization without the knowledge of the company’s IT team. A shadow IoT device can be any smart device like personal laptops, smartphones, fitness trackers, and smart home gadgets.
The number of non-business IoT devices connecting to corporate networks increased over the last year. The devices that regularly connect to corporate networks include smart teddy bears (34%), medical devices (44%), electric vehicles (27%), and connected kitchen appliances (43%), Palo Alto’s survey claimed.
2. BYOD/Mobile Devices
The surge in remote work encouraged businesses globally to embrace BYODs (Bring Your Own Devices) concept to work. Some organizations even allowed their employees to use personal devices for office work. BYOD or mobile devices are the most common attack vectors for hackers and can easily become vulnerable when they are unprotected or unmonitored. Increase of such devices only heightens the possibility of cyberthreats.
According to a 2020 BYOD Report, 69% of businesses allowed their employees to use personal devices for work. It is found that the surge of personal devices in the work environment resulted in varied security incidents. 63% of respondents said they encountered data breach incidents, 53% reported unauthorized access to data and systems, and 52% experienced malware infections.
3. Insider Threat
Insiders are not just the present employees, but also former staff, contractors, or business associates, who could potentially breach your endpoint security infrastructure, either by negligence or malicious intent. Insiders have access to the computer systems and intellectual property or data to perform their on-the-job duties. Hence, organizations need to ensure that all the employees are aware of the company’s endpoint security and privacy policies.
According to a Bitglass research, mitigating insider attacks is challenging for an organization’s IT or cybersecurity team since access to legitimate credentials can put the entire enterprise network in danger. Nearly 61% of respondents reported at least one insider attack in the last 12 months. Several organizations admitted that they cannot detect insider threats from personal devices (82%) or the cloud (50%), and 81% of them find it difficult to assess the impact of insider attacks.
4. Unsecure Applications
Employees often download unsecure applications on their work devices without the knowledge of the IT team. With current working conditions, sensitive corporate data is accessed via multiple devices (both personal and professional), which can be exploited by hackers to break into office network systems.
A cloud and threat research from Netskope reported a surge in the use of risky apps and websites by remote workforce globally, with a 161% increase in visits to high-risk apps and sites by a 64% remote workforce. It also observed that the personal use of managed devices increased by 97%. Organizations need to maintain a proper application control system for better visibility over applications and enforce rules about what employees can and cannot download on office network/device.
The global endpoint security market is estimated to register a CAGR of 11.20% and reach a value of $27.83 billion by the end of 2025. Organizations need to implement efficient security solutions in order to maximize their endpoint security across all layers of the network system to defend against evolving endpoint threats.
About the Author