IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
Sponsored

How to protect your business from endpoint attacks

More endpoints and harder-to-manage endpoints add up to challenges for IT security

Too many businesses approach security by countering yesterday's threats today. True, the network, the server and the data centre will always be targets for attack, but hackers have learnt that there are better ways to get to them than the direct approach ways that make use of more vulnerable points of entry. And while many organisations continue to focus their defences on the perimeter, cyber-criminals increasingly look to bypass it entirely, attacking endpoint devices and then using them as an entry point to spread across the network.

Some of these attacks focus on well-established, well-protected targets, particularly business-owned laptops and desktop PCs. However, the most dangerous are aimed at devices that many businesses might not even consider to be a target, and where there isn't the same level of protection. In the words of G.W. Davidson in a recent SANS Institute White Paper, Even as the network becomes more complex and varied, security and IT professionals have recognized that widely used devices, such as printers, physical security systems, HVAC [heating, ventilation and air conditioning] control systems and point-of-sale devices, represent vulnerable potential attack surfaces.' In the war between business and cyber-criminal gangs, these devices are the new frontline.

Endpoints under threat

There's no doubt that IoT devices can pose real opportunities for businesses, helping them improve their processes and reduce operating costs, but they also open up new vulnerabilities for hackers to exploit. In March 2018 Symantec noted that attacks on IoT devices had increased by 600% between 2016 and 2017. Many such attacks have targeted consumer devices, including webcams, home routers, digital video recorders and baby monitors, but as use of IoT devices spreads into business, more and more companies could be affected. A recent report by the Ponemon Institute suggests that while the number of IoT devices in the workplace is increasing significantly, practices for securing and managing those devices aren't maturing at the same rate. In fact, 56% of those surveyed didn't even keep an inventory, mostly due to a lack of centralised control.

And IoT devices aren't the only vulnerable endpoints that companies routinely ignore. As Davidson explains in the SANS Institute White Paper, in the 2016 report, a common networked device the printer was the least likely to be covered under an organization's security management program, and the results did not change significantly in the 2017 report. Considering the ubiquity of printers, this can represent a large vulnerability for an organization and deserves attention.'

The growth of BYOD devices in the workplace is another cause for concern. A May 2018 study by the SME card payment services company, Paymentsense, found that companies that introduced a BYOD policy were more likely to have experienced a security incident since introduction, and that the likelihood increased with the size of the company, from just 14% in businesses with 1-10 employees to 70% for businesses with 11 to 50 workers and 94% for businesses with 100 to 250 staff. The 2018 Cyber Security Breaches Survey from the UK government's Department for Digital, Culture, Media and Sport came to similar conclusions. Left improperly or totally unmanaged, user-owned laptops, tablets and smartphones are giving hackers a new way inside.

The issue with all these endpoints isn't just that they give cyber-criminals access to the information held within, but a secret gateway into the company network they can use for additional attacks. As another SANS Institute report, Endpoint Protection Response: A SANS survey, puts it, in a discussion of the most frequently compromised endpoints, in most cases more than one endpoint is involved, indicating that once an attacker gains a foothold, compromise of other assets is likely to follow due to lateral movement.'

The problem with the old approach

This ties into a wider problem: that many of the existing security provisions are no longer effective. A bigger, stronger wall at the perimeter will no longer fend off attacks that target the endpoints themselves and then move laterally. In fact, phishing attacks and other forms of targeted attacks are designed to do exactly this. Anti-virus products, meanwhile, are struggling to keep up with the rapid development of malware, not to mention the growth of fileless attacks; malware that resides in memory without ever appearing on a drive.

The SANS survey explains that only 47% of the attacks detailed by respondents were detected through anti-virus, with 32% detected through automated SIEM alerts and network analysis, and another 26% detected through EDR (endpoint detection and response) platforms. For too many companies, the time between spotting an attack and remediation is still measured in hours or even days and with infections spreading across endpoints in minutes, this is a lengthy window for attackers.'

Solving the endpoint equation

What can organisations do? Part of the answer lies in developing and making effective use of automated EDR platforms and attack behaviour modelling, using AI and Machine Learning to accelerate detection and remediation. Companies need both the budget to procure new security technology and the resources to implement them, but this is a long-term play. Businesses need solutions right now.

Simple, practical measures would include a stronger upgrade and patching policy that addresses the full range of devices, including IoT devices and printers. Here robust printer management and security tools, like HP JetAdmin and HP JetAdvantage Security Manager can help, enabling companies to establish a single security policy and apply it across the entire printer fleet.

Training is another effective option. The more informed workers are about malicious apps, malicious websites, phishing and other risks, the less chance there is of attacks creeping through. In fact, workers trained to spot and report strange device behaviour can provide crucial early warning signs. End-users may need help to secure their BYOD devices, and information on why they shouldn't disable security on business devices, even when it seems an inconvenience. But with the right training and policies in place, you can turn end-users from a major vulnerability into the first line of defence.

Most importantly, though, companies can choose and purchase devices where security comes built-in. These devices are designed to be resilient, so that attacks are shrugged off and those responsible denied their foothold. For example, HP PCs and printers incorporate SureStart technologies, that ensure the device's BIOS hasn't been tampered with by malware, and enable it to self-heal if a compromise is detected. They also have intrusion detection, to monitor the device and warn of any attacks, plus built-in encryption to protect any data at rest on the device. HP PCs also add secure browsing technology, SureClick, designed to prevent workers from clicking on a link in an email and being sent to a malicious website or downloading malicious software. Meanwhile, hardened, multi-factor authentication makes it substantially more difficult for hackers to steal credentials and take over endpoints that way.

A more secure PC and printer fleet won't fix vulnerabilities affecting IoT devices or applications, but it gives IT teams more time and space to monitor, manage and update these more vulnerable endpoints. In today's hostile threat landscape, they need all the help they can get.

Find out more about securing your business printer fleet by downloading IT Pro's free report.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

HP Neverstop Laser 1202nw review: A great small office choice
peripherals

HP Neverstop Laser 1202nw review: A great small office choice

19 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Preparing for the 3G sunset
Network & Internet

Preparing for the 3G sunset

18 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022