How to protect your business from endpoint attacks

More endpoints and harder-to-manage endpoints add up to challenges for IT security

Too many businesses approach security by countering yesterday's threats today. True, the network, the server and the data centre will always be targets for attack, but hackers have learnt that there are better ways to get to them than the direct approach ways that make use of more vulnerable points of entry. And while many organisations continue to focus their defences on the perimeter, cyber-criminals increasingly look to bypass it entirely, attacking endpoint devices and then using them as an entry point to spread across the network.

Some of these attacks focus on well-established, well-protected targets, particularly business-owned laptops and desktop PCs. However, the most dangerous are aimed at devices that many businesses might not even consider to be a target, and where there isn't the same level of protection. In the words of G.W. Davidson in a recent SANS Institute White Paper, Even as the network becomes more complex and varied, security and IT professionals have recognized that widely used devices, such as printers, physical security systems, HVAC [heating, ventilation and air conditioning] control systems and point-of-sale devices, represent vulnerable potential attack surfaces.' In the war between business and cyber-criminal gangs, these devices are the new frontline.

Endpoints under threat

There's no doubt that IoT devices can pose real opportunities for businesses, helping them improve their processes and reduce operating costs, but they also open up new vulnerabilities for hackers to exploit. In March 2018 Symantec noted that attacks on IoT devices had increased by 600% between 2016 and 2017. Many such attacks have targeted consumer devices, including webcams, home routers, digital video recorders and baby monitors, but as use of IoT devices spreads into business, more and more companies could be affected. A recent report by the Ponemon Institute suggests that while the number of IoT devices in the workplace is increasing significantly, practices for securing and managing those devices aren't maturing at the same rate. In fact, 56% of those surveyed didn't even keep an inventory, mostly due to a lack of centralised control.

And IoT devices aren't the only vulnerable endpoints that companies routinely ignore. As Davidson explains in the SANS Institute White Paper, in the 2016 report, a common networked device the printer was the least likely to be covered under an organization's security management program, and the results did not change significantly in the 2017 report. Considering the ubiquity of printers, this can represent a large vulnerability for an organization and deserves attention.'

Advertisement - Article continues below
Advertisement - Article continues below

The growth of BYOD devices in the workplace is another cause for concern. A May 2018 study by the SME card payment services company, Paymentsense, found that companies that introduced a BYOD policy were more likely to have experienced a security incident since introduction, and that the likelihood increased with the size of the company, from just 14% in businesses with 1-10 employees to 70% for businesses with 11 to 50 workers and 94% for businesses with 100 to 250 staff. The 2018 Cyber Security Breaches Survey from the UK government's Department for Digital, Culture, Media and Sport came to similar conclusions. Left improperly or totally unmanaged, user-owned laptops, tablets and smartphones are giving hackers a new way inside.

The issue with all these endpoints isn't just that they give cyber-criminals access to the information held within, but a secret gateway into the company network they can use for additional attacks. As another SANS Institute report, Endpoint Protection Response: A SANS survey, puts it, in a discussion of the most frequently compromised endpoints, in most cases more than one endpoint is involved, indicating that once an attacker gains a foothold, compromise of other assets is likely to follow due to lateral movement.'

The problem with the old approach

This ties into a wider problem: that many of the existing security provisions are no longer effective. A bigger, stronger wall at the perimeter will no longer fend off attacks that target the endpoints themselves and then move laterally. In fact, phishing attacks and other forms of targeted attacks are designed to do exactly this. Anti-virus products, meanwhile, are struggling to keep up with the rapid development of malware, not to mention the growth of fileless attacks; malware that resides in memory without ever appearing on a drive.

The SANS survey explains that only 47% of the attacks detailed by respondents were detected through anti-virus, with 32% detected through automated SIEM alerts and network analysis, and another 26% detected through EDR (endpoint detection and response) platforms. For too many companies, the time between spotting an attack and remediation is still measured in hours or even days and with infections spreading across endpoints in minutes, this is a lengthy window for attackers.'

Solving the endpoint equation

What can organisations do? Part of the answer lies in developing and making effective use of automated EDR platforms and attack behaviour modelling, using AI and Machine Learning to accelerate detection and remediation. Companies need both the budget to procure new security technology and the resources to implement them, but this is a long-term play. Businesses need solutions right now.

Simple, practical measures would include a stronger upgrade and patching policy that addresses the full range of devices, including IoT devices and printers. Here robust printer management and security tools, like HP JetAdmin and HP JetAdvantage Security Manager can help, enabling companies to establish a single security policy and apply it across the entire printer fleet.

Advertisement - Article continues below

Training is another effective option. The more informed workers are about malicious apps, malicious websites, phishing and other risks, the less chance there is of attacks creeping through. In fact, workers trained to spot and report strange device behaviour can provide crucial early warning signs. End-users may need help to secure their BYOD devices, and information on why they shouldn't disable security on business devices, even when it seems an inconvenience. But with the right training and policies in place, you can turn end-users from a major vulnerability into the first line of defence.

Most importantly, though, companies can choose and purchase devices where security comes built-in. These devices are designed to be resilient, so that attacks are shrugged off and those responsible denied their foothold. For example, HP PCs and printers incorporate SureStart technologies, that ensure the device's BIOS hasn't been tampered with by malware, and enable it to self-heal if a compromise is detected. They also have intrusion detection, to monitor the device and warn of any attacks, plus built-in encryption to protect any data at rest on the device. HP PCs also add secure browsing technology, SureClick, designed to prevent workers from clicking on a link in an email and being sent to a malicious website or downloading malicious software. Meanwhile, hardened, multi-factor authentication makes it substantially more difficult for hackers to steal credentials and take over endpoints that way.

A more secure PC and printer fleet won't fix vulnerabilities affecting IoT devices or applications, but it gives IT teams more time and space to monitor, manage and update these more vulnerable endpoints. In today's hostile threat landscape, they need all the help they can get.

Find out more about securing your business printer fleet by downloading IT Pro's free report.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020

The IT Pro Products of the Year 2019: All the year’s best hardware

24 Dec 2019

Best free malware removal tools 2019

23 Dec 2019

Most Popular

operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020

Windows 10 and the tools for agile working

20 Jan 2020
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020