Many companies may overlook that last point, however; the focus is often on securing communications, not endpoints, author Ravi Das said. In the wake of the COVID-19 pandemic, that must change because many endpoints now sit outside the traditional perimeter and often lack adequate protections on their own.
In Business Recovery and Continuity in a Mega Disaster: Cybersecurity Lessons Learned from the COVID-19 Pandemic, Das looked at how companies can use lessons learned from the pandemic to prepare their organization against future catastrophic events and create effective disaster recovery and business continuity plans.
In the following Chapter 3 excerpt, Das breaks down the importance of endpoint security when preparing for the next pandemic or natural disaster.
Check out an interview with Das, where he explains why endpoint security can't be forgotten, as well as the biggest cybersecurity takeaways from the pandemic and how to use them to be proactive in the future.
The Need for Endpoint Security
Even after the first wave of the COVID-19 pandemic, and with the emergence of the near 99% remote workforce, many businesses are still only concerned with securing the network lines of communications, and not the point of origination and point destination. Thus, these have become neglected areas which the cyberattacker is now taking full advantage of.
In this subsection of this chapter, we will examine just how critical this area is, especially when the next disaster strikes.
There is no doubt that the cybersecurity threat landscape is changing on a daily basis. It seems like that hardly one type of attack comes out, new variants of it are launched at a subsequent point in time. There is no doubt that it is difficult to keep up with this cat and mouse game, literally giving the IT staff of any organization a serious run for their money.
Remember, the cyberattacker of today is no rush to launch their threat vectors. As opposed from their "smash and grab" style from some time ago, they are now taking their time to select, profile, and carefully study their potential victims. This is done in an effort to find any unknown vulnerabilities and weaknesses, so that they can stay for much longer periods in the confines of their victim.
Then, once they are in, they can then accomplish their specific objectives, bit by bit, unbeknownst to their victim, until it is too late. But very often, businesses and corporations only think of protecting of what lies within their IT Infrastructure. For example, this includes the servers, the workstations, the network connections, wireless devices, etc.
The Importance for Endpoint Security
Very often, little attention is paid to fortifying the lines of defense of the endpoints of these systems. For instance, a CIO or a CISO is probably more concerned with securing the lines of network communications by using a VPN, rather than the starting and ending points of it. In this aspect, the cyberattacker is well aware of this, and is starting to take full advantage of it in order get in and stay in forever long as they can.
Thus, as one can see, securing the endpoints of an IT Infrastructure is thus becoming of paramount importance. In this blog, we examine some of the latest, best practices that an organization can take to further enhance their endpoint security.
The Best Practices
Here is what is recommended:
- Make use of automated patching software: One of the first cardinal rules of security in general is to have your IT staff to stay on top of the latest software upgrades and patches. In fact, there will be some experts that will claim that you should even have a dedicated individual to handle this particular task. Perhaps if your organization is an SMB, this could be possible. But even then, this can be quite a laborious and time-consuming process. But what about those much larger entities that perhaps have multiple IT environments and thousands of workstations and servers? Obviously, the number of endpoints that you will have to fortify can multiply very quickly. Thus, it is highly recommended that you have a process is place that can automatically look for the relevant patches and upgrades, as well as download and deploy them.
- Have a well-trained and very proactive cyber response team: Once your organization has been impacted by a cyberattack, there is no time to waste. Every minute and second that is lost just delays your recovery that much more. Therefore, you need to have a dedicated cyber response team whose primary function is to respond and mitigate the impacts of a cyberattack within a 48-hour time span, at the very maximum. In order to do this, they must be well trained, and practice on a regular basis (at least once twice a month) to real world scenarios. They also must be equipped with the latest security tools to determine if there are any other security weaknesses or vulnerabilities that have not been discovered as yet. This primarily involves finding and ascertaining any malicious behavior or abnormal trends that are occurring from within the IT Infrastructure. Also, the cyber response team needs to have a dynamic alert and warning system in place in order to notify of them any potential security breaches, especially at the endpoints.
- Perform routine security scans on your endpoints: Just as important it is to maintain a routine schedule for keeping up to date with software upgrades and patches, the same holds true as well for examining the state of the endpoints in your IT Infrastructure. In fact, it should be the duty for the network administrator to formulate such a schedule, and this should include conducting exhaustive checks for any signs of potential malware. Sophisticated antivirus software needs to be deployed at the endpoints and maintained regularly. As a rule of thumb, it is recommended that these endpoint security Scans should be conducted on a weekly basis.
- Disable any ports that are not in use: Although this sounds like an obvious task that should be done, but very often, this goes overlooked. Many organizations leave their network ports wide open, thus leaving an extremely easy point of entry for the cyberattacker. It is highly advised that your IT security staff should check for any open ports that are not being used on a weekly basis. If any are discovered, they should be closed off immediately. Of course, if there are any network ports that are open and being used, they must be secured as well, especially at the endpoints. This is critical for wireless devices, especially where Bluetooth is being used.
- Make use of multifactor authentication: Many cybersecurity experts advocate the use of 2FA, but even this is not proving to provide adequate levels of security. Therefore, it is recommended that more than two layers of authentication should be implemented, especially at your endpoints. Perhaps consider implementing at least three to four layers of authentication, one of them which should be making use of biometric technology. This can guarantee much higher levels accuracy when confirming the identity of an individual.
- Implement the "Zero Trust Model" established by Forrester: The traditional security models basically state the following:
The fundamental problem in network security is the broken trust model where cybersecurity pros, by default, trust the users and traffic inside their network, and assume that all those external to the network are untrusted.
In other words, you can implicitly trust the objects and daily interactions within your IT infrastructure, but not outside of it. But with the Zero Trust Model, you there is absolutely no level of trust whatsoever, internal of external. Generally speaking, this can be implemented onto your endpoints with these five steps:
- Identify and classify your sensitive information;
- Map the data flows that are coming to it and leaving it;
- Craft and implement your own unique Zero Trust Model to fit these particular data flows;
- Establish an automated rule-based system that will trigger the appropriate alerts and warnings;
- Keep monitoring the Zero Trust Model ecosystem on a daily basis.
- Make sure that your endpoints are well protected: This means that you have implemented the right mixture of security technologies, primarily those of firewalls and routers. But the cardinal rule here is that do not simply use the default settings that have been set up by the vendor and assume that they will provide the adequate levels of security. These settings must be set up and established that are dictated by specific security needs of your organization. Also keep in mind that many network infrastructures remain static in nature unless there is a specific reason to change them. Because of this, make sure that your VPN stays up to date and secure, especially when it comes to your employees accessing the endpoints through this.
- Make use of the Office 365 "Secure Score": Many businesses and corporations are now heavily dependent upon the tools and applications that reside within Office 365; and as a result, this has become a prime target for the cyberattacker. Microsoft provides a specialized tool called the "Secure Score", which is made available exclusively to the network administrator. With this, all of the Office 365 packages that are being used in your organization are closely scrutinized, such as the daily activities of your employees, and all of the relevant security settings. Once this task has been accomplished, you get a score (this is very similar to that of receiving a credit score). The higher it is, the more secure your Office 365 environment is, the lower it is, the less secure it is. All of this means that you need to tweak and adjust the settings and configurations of the Office 365 portals that fit the security needs of your organization.
About the author
Ravi Das is a cybersecurity consultant and business development specialist. He also does cybersecurity consulting through his private practice, RaviDas.Tech Inc. He is also studying for his CompTIA Security+ certification.