Security Begins at the Endpoint

 

The case for prioritising endpoint security

Executive Summary
82% of organisations have experienced a cybersecurity threat/breach in the last 12 months.1 Cybercrime is increasing in attack frequency, severity and cost.

The paradigm of preventing and protect security – defending a firewalled network perimeter – is over. Detect and respond is far more effective.
But IT budgets are failing to keep up with the changing face of cybersecurity. 77% of spending is still to prevent and protect. Only 36% of IT security managers feel they have ample budget for effective endpoint security.
Robust data protection is possible. With the right technology – to detect and respond security solutions down to individual devices – the right strategy and enough resources, organisations can protect themselves from cybercrime.
Failure to increase investment in cybersecurity, and to realign investment towards truly effective defence, will result in an increased frequency of security breaches - at an increased cost to the organisation.

Introduction
Cybersecurity in the age of amorphous networks

60% of IT leaders feel the increasing volume and sophistication of cybercrime is outstripping their defences. 80% of security leaders perceive the threat from Advanced Persistent Threats (APTs), criminal enterprises, state-sponsored hackers and hacktivists as growing, and the top challenge to IT security.
They’re not wrong. In the UK, the government puts the economic cost of cybercrime at £27bn, a figure that is “significant and likely to be growing”, with the loss to businesses comprising £21bn. In Ponemon’s 2016 State of the Endpoint Report, 78% of business reported an increase in the severity of malware attacks, up from 47% in 2011.
But the focus on external threats is somewhat misguided and can lead to a quixotic concentration of resources to prevent and protect perimeter defence.
Although external attacks – viruses, malware, phishing – are more prevalent, insider attacks are costlier. And many of those external attacks come from internal vulnerabilities; negligent employees ignoring security protocols, unsecured devices connecting to the network – something 81% of respondents to the Ponemon survey identified as the greatest threat to IT security.
This will only become truer with time. The endpoint is the weakest node in any network, and with the increase in BYOD, remote working and Internet of Things, the endpoints are multiplying. That means the number of entrances for hackers is multiplying too.
Far from the erstwhile controlled network of desktop PCs tethered by Ethernet, business networks have become amorphous, a tangle of devices both business and personal, accessing data through multiple WiFi nodes both onsite and off.
The situation is not unassailable. It simply means adopting a fresh approach to cybersecurity. New strategies that respond to the changing face of cybercrime. New technology that is capable of deflecting increasing sophistication from a growing threat.
In this white paper, we will examine the nature and scale of the threat – to better know our enemy – before tackling the question of how we tackle cybersecurity in the age of multiple devices, unsecured networks and the cloud.

The scale of the threat
The average information breach costs companies $907,053 to recover from, with a further 13% loss in revenue. On average, it would take an organisation nine weeks to recover.
Approximately 85% of companies surveyed in the HP Printer Security Report 2015 said they had experienced a security threat/breach within the preceding 12 months. 80% of IT professionals surveyed expected the threat to increase in the next three years.
Cybercrime costs real money. Lost value from what is stolen or damaged lost revenue from reputational damage and lost productivity. Lost resources spent on recovery – support desk time, implementation of new security policies, staff losses and other internal responses. Fines and penalties from regulatory bodies. A decline in stock price.
The threat is only going to grow along with the number of devices connected to the network. Thanks to the Internet of Things, Gartner predicts there will be 11.4 billion connected devices by 2018, up from 6.4 billion in 2016. By 2020, more than 25% of identified attacks in enterprises will be IoT related, but IoT will comprise less than 10% of security budgets.
The threat from cybercrime is big, and it’s getting bigger.

The form of the threat
The average information breach costs companies $907,053 to recover from, with a further 13% loss in revenue. On average, it would take an organisation nine weeks to recover.
Approximately 85% of companies surveyed in the HP Printer Security Report 2015 said they had experienced a security threat/breach within the preceding 12 months. 80% of IT professionals surveyed expected the threat to increase in the next three years.
Cybercrime costs real money. Lost value from what is stolen or damaged lost revenue from reputational damage and lost productivity. Lost resources spent on recovery – support desk time, implementation of new security policies, staff losses and other internal responses. Fines and penalties from regulatory bodies. A decline in stock price.
The threat is only going to grow along with the number of devices connected to the network. Thanks to the Internet of Things, Gartner predicts there will be 11.4 billion connected devices by 2018, up from 6.4 billion in 2016. By 2020, more than 25% of identified attacks in enterprises will be IoT related, but IoT will comprise less than 10% of security budgets.
The threat from cybercrime is big, and it’s getting bigger.

The form of the threat
Businesses are assailed by countless cyber attacks every day. Most are low-level virus and malware attacks. 99% of organisations surveyed by Ponemon in 2016 had experienced malware in the preceding 12 months. External web-based attacks like these are relatively benign, costing organisations an average of $4,639.1
But more serious attacks are increasingly common. 51% of organisations surveyed in 2015 had experienced Direct Denial of Service (DDoS) attacks, which can be crippling – costing an average of $127,000. Even more alarming is that 35% had experienced a malicious insider attack, at an average cost of $145,000.
The emerging picture is of relentless minor attacks from outside, with infrequent, but startlingly probable major attacks; which are probably enabled by insider negligence, if not maliciousness. 62% of organisations had experienced phishing/social engineering attacks, exploiting employee weakness for an average cost of $86,000.
A separate survey by Spiceworks – on behalf of HP – broke down attacks experienced in 2014-2015 by 90 UK organisations.

How breaches occur
The headlines portray enterprising hackers besting sophisticated secure networks of governments and enterprises, but the reality is usually soberer.
Viruses may take advantage of compromised networks, but malware usually requires some form of user error. Phishing/social engineering attacks depend on them. Large DDoS and information theft attacks are often the result of user negligence as well.
The by now infamous Dropbox hack was reputedly the result of a careless Dropbox employee who used the same password for internal systems as for his LinkedIn account. The alleged Russian hacking of the DNC was apparently thanks to John Podesta, a former adviser to Mrs Clinton, clicking a link in a phishing email mistakenly flagged as ‘legitimate’ by an aide.
Hackers don’t need active assistance to be successful. Just as dangerous is the ignorance of, or disregard for, security protocols. An increasing threat is employees bringing their own devices to work, using commercial cloud software, both of which introduce unsecured elements to an otherwise secure network; out of the control of enterprise IT, creating an unaccounted for vulnerability.
Most of the time, hackers needn’t employ sophisticated algorithms or cutting edge technology, they simply need one of us to be a little careless.

The firewall is broken
The cornerstone of cyber security has until recently been antivirus and firewall software. Prevent and protect. Creating a secure perimeter. In the current working environment, that’s simply not a credible strategy.
81% of Ponemon respondents say mobile devices on their network have been a target of malware. Other increases to security risks include employee use of commercial cloud applications – cited by 72% of respondents – BYOD (69%) and employees operating from home offices and offsite locations (62%).
Put simply; a firewall made sense when, as a network administrator, you could control which devices were connected. But in an era where employees are bringing their own devices to work – often multiple, often without the knowledge of IT – and increasing numbers of workers are connecting remotely, you simply can’t protect the perimeter. Each unvetted device is a vulnerable endpoint for hackers to exploit.