The explosive growth of smart devices and the commercial application of the Internet of Things (IoT) means that there are an ever increasing number of endpoints that produce and consume corporate data. It is probably no surprise, therefore, that some estimates suggest that around 70% of breaches start at the endpoint, making this vector the most targeted by cyber criminals.
Last year, our own Global Threat Intelligence Report (GTIR) found that 7 of the top 10 vulnerabilities reside within user systems – this is further evidence that the perimeter is shifting and that the endpoint cannot be ignored when defining and operating a cybersecurity policy.
Alarmingly, over three-quarters of the vulnerabilities identified in the GTIR had been known in the market for two or more years and, worse still, almost 10% were older than 10 years. Whilst the threat landscape is continually changing and threats becoming more sophisticated, these statistics show us again that attacks do not need to be sophisticated to succeed. This again outlines the importance of putting the basics in place as part of a comprehensive approach to cybersecurity.
So what can organisations do to close these vulnerabilities? Well it starts with a well-defined and communicated plan which is supported by a consistent and efficient process:
Define a uniformed package of standard configurations to be consistently applied. This should outline approved operating systems, browsers, and applications. The tighter the control on these standards, the easier it is to manage and maintain. Where there are exceptions to the defined list, keep a record so that a risk register can be maintained and regularly reviewed.
Communicate the approved standards to your users, underlining that any unapproved software is not only unapproved, but unauthorised too. Mirror this in any appropriate documentation such as acceptable use policy for thorough understanding and so that any breach of these standards can be dealt with swiftly.
Ensure the right level of user permissions and system access rights are correctly applied. Regular review of these permissions should be carried out to reflect changing requirements and job roles.
Routinely apply the latest software patches to end user systems to help close vulnerabilities before they are exploited. Also ensure anti-virus and anti-malware solutions are up to date on all end user devices, which have access to company networks or data. Although a simple control, properly maintained anti-virus does play a key role in detecting malware.
Conduct regular reviews both internally and externally and perform vulnerability scans to help identify systems that are out of policy. Put into place a robust process to update the systems in a timely manner, and for the systems agreed to be out of policy, manage and review an exceptions list along with the users who have access to such systems.
It is important to remember that organisations do not need “go it alone” – it can be seen as a daunting task to get all the relevant measures adequately covered and to embed policies and procedures into the fabric of an enterprise. To help get the right level of cybersecurity and to create a collective responsibility within an organisation, businesses may choose to work with a trusted third party who can understand their business needs and translate these into a comprehensive cybersecurity approach. This may include consultancy, professional services or managed security services that are all underpinned by best practice and supporting technologies that enable organisations to continually manage risk and operate a robust approach to cybersecurity.