How ‘bring your own device’ policy complicates endpoint securityhttps://totalsecuritysummit.co.uk/wp-content/uploads/2020/11/Abloy.jpg 918 612 Stuart O'Brien Stuart O'Brien https://secure.gravatar.com/avatar/9defd7b64b55280442ad2d7fb546a9db?s=96&d=mm&r=g
In 2020, each person had 6.58 network-connected devices on average, and the connectivity grows exponentially. Deloitte’s security experts estimate that the cost of a successful endpoint attack is over $5 million in lost productivity and remediation.
Broadly speaking, endpoint devices are the gadgets that can access the network. Laptops, tablets, mobile phones, printers, and many more fall into this category. However, when it comes to corporate endpoints, the situation can get tricky: not only are the number of business’ devices greater, but servers also come into play.
“Protecting the servers is challenging as they constantly receive numerous inbound requests and have to process all of them. Given this, corporate security systems have to be far bolder, and able to protect diverse endpoints. However, when companies have been operating within the office perimeter, all the traffic was being inspected by a common security stack. With the shift to remote workplaces, companies are focusing on end-user protection,” says NordVPN Teams’ CTO Juta Gurinaviciute.
Are BYOD and WFH compatible?
Half of the business leaders will allow their staff to work remotely at least part of the time after the lockdown, but initially, the pandemic transition wasn’t smooth and many exposures remain up to this day. In fact, 85% of chief information security officers (CISOs) admitted having sacrificed cybersecurity in an effort to establish a remote workplace for employees.
To ensure a swift and efficient transition, some managers suggested employees use their own laptops, monitors, and smartphones to work from home. These devices can’t be remotely managed by system administrators, opening up a plethora of potential vulnerabilities.
“The majority of the enterprise endpoints, such as laptops, PCs, or servers, can be supervised remotely. Security officers and IT admins can easily log into every device, make alterations, change users’ permissions and track their activity. Their hands, however, are tied when employees’ own machines are concerned, and the resilience lies only in the user’s consciousness,” says Gurinaviciute.
In addition to remote management, IT teams can effortlessly patch the vulnerabilities in corporate machines. Individual endpoint devices can also be updated automatically, but it lacks the finesse of patching in the corporate environment.
In this case, patches are downloaded once and deployed to all relevant machines via a centralized system. The latter can also fix vulnerabilities within servers, and the patching process is overseen and managed by professionals. They, for example, can run tests before putting updates into action and push them into every business device connected to the internal network.
“Among other precautions, work computers do not grant the administrator rights to the end-user. This prevents them from installing irrelevant programs and, in some cases, malware. Home devices are more susceptible as every user controls them without any limitations. If this type of device is used for work, classified information might be leaked in a data breach, caused by negligence,” comments NordVPN Teams’ expert.
The company perimeter has been changing in recent years. It is no longer sufficient to talk about the secure connection to the office, and telecommuters have to be protected no less than the HQ office perimeter itself.
Security professionals now implement Zero Trust Access (ZTA) to limit the employees’ access to the corporate data. There are various types of zero-trust—network, transport, session, application, or data, to mention a few,—but the biggest focus is on the device and user area. It shouldn’t be surprising as cybersecurity today is mostly approached from an identity and authentication perspective.
“With ZTA, users can only reach information needed to complete the task, and for a limited time only. However, with systems being increasingly complex, information security teams have to focus on app and data levels, as it is important to monitor which applications invoke suspicious queries. With this information, security officers can identify hackers trying to leverage open ports or services for an attack,” says Gurinaviciute.
While robust software is necessary, numerous cybersecurity solutions can cause confusion. Today, endpoints are protected by 10.2 security agents on average, but they create conflicts and might leave the vulnerabilities exposed. This is also the case in an emergency, as organizations using more cybersecurity tools ranked 8% lower in their ability to detect attacks.
“Before implementing ZTA and rethinking your data breach containment plan, make sure to cut the deadweight of unused devices and user accounts. Unpatched and forgotten mobile phones or the software that some of your employees never use can broaden the surface area for a cyberattack. Apply a minimalist approach, but resort to trusted and effective protection measures,” recommends NordVPN Teams’ CTO.