By David Grady
Time for a little group therapy, fellow IT and cyber security professionals: If you’re feeling defeated and wondering what the (professional) point of everything is, you are not alone. More than half of IT managers (60 per cent) in a recent study said their defenses are not strong enough to stop the depressingly-diverse array of attacks they’d witnessed over the previous year. Clearly, many in the field feel they’re losing the battle against a foe that’s capable of constantly reinventing itself. The organisations are still not equipped enough to stop the depressingly-diverse array of attacks they’d witnessed over the previous year.
Talk about an inferiority complex! The bad guys always seem so cool and creative – and free to invent new methods of attack. The good guys? They’re stuck in another governance committee meeting justifying their team’s headcount. But please, don’t despair. We can get through this together. The first step toward cyber-wellness is admitting that we have a cyber security problem.
This is the end (point)
If you’re still focused on perimeter security, we’re sorry to inform you that you are in denial. Traditional endpoint security, a.k.a. antivirus (AV), has long been a crutch in the fight against cyber attackers, but AV alone just doesn’t cut it anymore. Those tools rely on known malware signatures to be effective, but they can’t defend against zero-day attacks and new ransomware variants. And because the attack surface continues to grow, cyber criminals have much more room to work with. Think about how many workstations, laptops, mobile devices, IoT sensors and BYO devices litter your IT landscape. It’s almost enough to cause a panic attack.
Verizon’s Data Breach Investigation Report revealed that out of 2,216 confirmed data breaches across 65 countries, ransomware was the top variety of malicious software, responsible in 39 per cent of cases where malware was identified. More importantly, ransomware has started to impact business critical systems rather than just desktops leading to bigger ransom demands, making the life of a cyber criminal more profitable with less work.
Here are a few areas that IT and cyber security professionals can address to ease their endpoint suffering and prevent cyber crime:
What’s your risk score?
If you’re in charge of ensuring the integrity of your IT infrastructure or in risk management, wouldn’t you want to know what your risk posture is within your industry? The ability to measure or score your security posture and compare that score against your peers will help determine the “current state” of an organisation’s security infrastructure and allocate security spend accordingly.
Embrace Machine Learning
Endpoint solutions are beginning to leverage machine learning to sift through massive piles of data to identify new malware strands that humans can’t with the naked eye or first-generation analytics tools. Machine learning algorithms look for anomalies and other telltale signs to isolate samples of code and determine if they are malicious. Machine learning is becoming an essential tool in combatting cyber crime, and organisations should look for endpoint solutions with this capability for better protection.
Integrate threat intelligence
Credible information about possible or likely cyber attacks is only as good as an organisation’s ability to leverage it. Deploying endpoint solutions that can take in and utilise dynamic threat intelligence feeds will give a major boost to your organisation’s cyber protection.
Demand ease of management
Managing endpoint tools isn’t always easy, especially with many vendors adding complexity to their solutions in an effort to keep pace with sophisticated and creative bad guys. If your toolkit is causing you stress and anxiety, speak up! Let your vendors know that their solutions have become too complex to manage effectively. Remind them that ease of use is as important as the latest bells and whistles, even when those bells and whistles are highly effective.
Employ a layered defense
Even when updated, endpoint solutions may not stop all ransomware; the Sophos report found 77 per cent of organisations were running up-to-date endpoint security when they were nonetheless hit by ransomware. Fighting ransomware requires a layered approach, including good overall cyber-hygiene (patching); anti-phishing tools; website filters and domain name system controls to prevent users from landing on sites suspected of being infected. Backing up data frequently, of course, is crucial to weathering a ransomware attack because you can always revert if your systems and data are being held hostage. And don’t forget the importance of user training and phishing awareness campaigns: IT security depends on people, too.
Ask for help
There’s no shame in turning to a managed security services partner for help in the ongoing management of complex endpoint tools, especially if you’re a small or medium business with very limited IT and security staff. Outside expertise can help ease the burden you carry when toiling to protect your organisation’s data.
The author is a Certified Information Security Manager (CISM) and a Senior Client Partner in Verizon’s Security Solutions practice.
If you have an interesting article / experience / case study to share, please get in touch with us at [email protected]