Category: Endpoint

New research by Lookout has revealed that there is a lack of awareness towards the NCSC Cyber Essentials framework. The endpoint-to-cloud security provider found only 28% of organisations had fully implemented Cyber Essentials, with over a third (40%) of security professionals claiming they were unfamiliar with the scheme. Of those that had not implemented the scheme, over half (58%) said a lack of awareness or understanding as the reason why their organisation had not done so. 

Having evaluated the opinions of 246 security professionals towards the NCSC Cyber Essentials framework at Infosecurity Europe 2023 (20 – 22 June), it is clear more works needs to be done to raise awareness for the UK government backed programme that aims to help UK organisations improve their cyber resiliency against the most common cyberattacks. There are two levels of certification provided by Cyber Essentials, a basic level and ‘plus’, which organisations can achieve when showing commitment to cyber security. Achieving the basic Cyber Essential certificate indicates the organisation knows how to prevent the vast majority of common cyberattacks. With Cyber Essentials Plus, there is an added hands-on technical verification and vulnerability scanning that is conducted on the systems used by the organisation.

Of those that answered they were Cyber Essential certified, 58% stated they had the standard level while 42% had completed Cyber Essential Plus. The top three benefits experienced from being certified were: an improvement in cybersecurity measures (60%), an increase in customer trust and confidence (54%), and compliance with regulatory requirements (48%). 

“The findings from the study are concerning and showcase the work needed to be done to not only build awareness around the NCSC Cyber Essentials framework, but also to get more organisations accredited,” said Bastien Bobe, Field CTO EMEA at Lookout.
“In the modern, remote-working world, with mobile and cloud-based threats on the rise, it is imperative to deploy cloud-native defences that can deliver zero-trust security to safeguard corporate data from any location, device, application or network. The objective for many businesses is to reduce their overall risk. However, to achieve this, they must have a proactive security strategy that enhances their own cybersecurity practices as well as ensures compliance with industry standards and accreditations –  specifically frameworks like UK Cyber Essentials.”
To see the results in full, click here.

The post Security professionals unaware of NCSC Cyber Essentials framework – Lookout appeared first on IT Security Guru.

How important is endpoint security management for organizations? If you ask security managers, not that much. A recent poll shows that it is not a concern for 60 percent of organizations. Around 49 percent of the poll’s respondents say that endpoint security is nonexistent for them, while 11 percent regard it as a lowest-priority matter.

This state of endpoint security is a disaster waiting to happen. Endpoints refer to any device that is literally an end point of a network. These can be mobile phones, workstations, desktop and laptop computers, tablet computers, smartphones, IoT devices, wearable smart devices, as well as virtual environments, among many others. Everyone who uses the internet or deals with a digital file or task uses an endpoint device. In other words, not having endpoint security is akin to recklessly using connected devices exposed to various cyber threats.

Is endpoint security complex?

Why don’t most organizations readily implement an endpoint security management system? Is it too complex and costly? Unfortunately, it is no longer as simple as it used to be in the past. Back then, endpoint security focused on computers, which meant the installation of antivirus, malware protection, firewall, and (sometimes) VPN in every computer.

Nowadays, endpoints are way more than their numbers from a couple of decades ago. Based on numbers from Statista, there will be over 40 billion connected devices by 2030, and most of these are IoT products. Only around a quarter of them are computers and other conventional web-connected devices that have cybersecurity software tools installed in them. Most devices have limited storage, RAM, and processors to bear their own security tools.

The complexity of endpoint security at present stems from the nature of the endpoint devices in use and their overwhelming numbers. The multitude of connected devices now ranges from smart cameras to small IoT appliances used for office management or supply chain control, wearables, and tracking and automating devices employed in various scenarios. They have different operating systems and some devices are not compatible with others. It is a challenge to secure all of them and coming up with a system to effectively cover all possible attack surfaces.

Organizations typically have several of these connected devices, and sometimes they are no longer being monitored because they may have already been forgotten or there is no one to keep track of them. These ignored, forgotten, and un-updated (OS/firmware) connected devices can become vulnerabilities exploited by cybercriminals to gain access to networks and cloud resources.

Certainly, endpoint security management has become more complex and difficult over the years because of the evolving nature of endpoint devices and their overwhelming numbers. There are no generic cybersecurity plans that work for all organizations operating different kinds of endpoint devices. Endpoint security management would have to be specific to particular situations to be effective and efficient.

Modern endpoint security solutions

What’s encouraging to know is that there are existing endpoint security management solutions that can approximate the specificity and reliability needed to address the varying needs of organizations. These are comprehensive cybersecurity solutions that involve a combination of security tools or controls, including next-generation antivirus, data leak protection, device access management, and threat detection and response tools.

Modern endpoint protection veers away from the conventional system of installing a cyber defense application in each and every device connected to the network. Instead, it brings together various security controls suitable for different categories of devices. Commonly referred to as endpoint detection and response (EDR), it serves as a platform to consolidate security information or alerts generated at different points of a network and by several security apps and enable unified, prompt, and efficient responses to threats.

Endpoint detection and response tools address the different ways through which threat actors use endpoints in making their way into enterprise networks and IT resources. They are designed to detect and block file-based malware attacks, examine network activities for malicious operations, and facilitate incident investigation and remediation. EDR tools also examine process executions, the communication between endpoints, user logins, and data movements to discover possible anomalies.

Modern endpoint security solutions automate most of the attack detection, investigation, and remediation tasks to achieve continuous protection. They help block malware infection by automatically scanning email attachments and file downloads, implementing runtime protection against file-less attacks, and keeping track of phishing sites and schemes in real time.

Moreover, the top-tier endpoint security platforms take advantage of shared threat intelligence and cybersecurity frameworks to boost attack detection and remediation capabilities. They are built to collaboratively work with other cybersecurity providers, cyber threat information institutions, and others that readily provide threat information and insights.

Are existing endpoint security solutions effective enough?

Forrester released its 2022 State of Endpoint Security report in July this year, saying that buyers are seeking better product efficacy and integrated data security. Many of the less-than-majority of organizations that use endpoint security solutions believe that they are not getting enough from the endpoint security platforms they are using.

This does not mean that all or most of the endpoint security platforms available now are ineffective. A good number of them are actually designed to address most user needs and preferences especially when it comes to process automation, comprehensive endpoint protection, up-to-date threat intelligence, advanced behavioral analysis to anticipate zero-day or yet-to-be-identified attacks, automatic data analysis, and cyber forensics reports, and high catch rates.

However, organizations may not be exposed to the more dependable endpoint security solution options. Also, those that have been using decent EDR platforms may not be making the most out of the features and functions available to them. It is possible that they are not well-versed in enabling comprehensive integration and conducting meaningful data analysis and correlation. Administrators could also be abusing access privileges and suspending controls recklessly.

Many security solution providers indeed overpromise and underdeliver. However, to be fair, there are those that actually provide genuinely effective solutions when used the right way and with proper technical support.

In conclusion

To say that endpoint security management needs improvement in 2022 is probably an understatement, with the backdrop of increasingly sophisticated and aggressive cyber attacks. It is urgent. It is clear that there is a need to boost endpoint security, and it should start with the desire of organizations to actively pursue effective and efficient endpoint security solutions.

While not every available endpoint security solution is effective and efficient enough, many of the options provide satisfactory outcomes especially in terms of unified threat monitoring and response, automated threat detection, and sensible efforts in reducing the human proneness to fall prey to phishing and other social engineering attacks.

The post The State of Endpoint Security Management in 2022: It’s Worse Than You Suspect appeared first on Cybersecurity Insiders.

Many organizations are implementing a zero trust security model with data protection as a top priority. This is largely due to the increase in remote work and unmanaged personal devices playing a growing role in the enterprise.

While corporate-owned devices can be secured using anti-virus software, endpoint scans, and MDM, many users don’t apply the same level of security to their personal endpoints. To deliver a best-in-class employee experience that keeps data secure in any scenario, IT needs tools that balance business continuity planning, BYOD, and zero trust.

Troye technical director Kurt Goodall says App Protection is here for Citrix Virtual Apps and Desktops service. “We’re excited to announce that App Protection is now generally available to our Citrix Virtual Apps and Desktops service customers.”

“This adds a critical layer of defense against social engineering, phishing events, key logging, and screenshot malware for end users accessing corporate resources through any Windows or Mac devices, whether personal, unmanaged, or managed,” he explains.

IT and end users alike have seen the benefits of BYOD programs, which have led to an increase of personal devices in the workplace. Additionally, many companies need gig workers and contractors to use their personal devices to get work done.

While IT takes measures to ensure that corporate-owned and managed devices are secure through policy administration, regular health checks, and web filtering, gig workers and contractors might not take the same measures on their personal devices.

“It’s unlikely that they are monitoring the health of their devices at all, despite the fact that they likely visit social media and other popular sites that are havens for malware. So, while IT invests in security solutions at double-digit growth rates, the risk of a data breach is still high because personal devices infected with malware can enter any corporate network,” he adds.

ATM cash-out attacks are on the rise and can be caused by silent keyloggers sitting on the computer. These attacks are carried out by inserting malware via phishing or social engineering methods into a financial institution or payment processor’s systems. Once infected, the system can transmit users’ personal data back to a third-party attacking system, causing huge financial liability.

Key logging and screen capture malware commonly affect unmanaged endpoints. When present on a device, key logging malware captures each key stroke entered by a user, creating a significant risk for an organization. The malware captures all the information end users type into a device, including user names and passwords.

Screen-capture malware periodically takes a snapshot of the user’s screen, saving it to a hidden folder on the device or directly uploading it to the attacker’s server. This also creates significant risk because the attacker can exfiltrate all the information on the user’s screen.

Even with managed devices, there is still the threat of social engineering. A common attack through social engineering is using screen sharing to steal data, money, and more. In a screen share attack, the attacker will call and pretend they are tech support or IT and convince an unsuspecting target to screen share their device.

At this point, the attacker can infiltrate the device and take financial information, sensitive data, and more. This is even riskier in businesses such as call centers, financial institutions, healthcare, and any business handling sensitive customer and patient data.

Goodall says App Protection defends against accidental screen sharing by turning apps delivered through Citrix Virtual Apps and Desktops into black screens. “App Protection can complement your IT security strategy with a zero trust security approach, assuming all Windows or Mac devices whether they are personal, unmanaged, or managed are compromised and protecting from data exfiltration.”

To defend against key loggers, App Protection scrambles keystrokes entered in the device, sending the attacker undecipherable text. It also prevents screen shot malware by turning all screen shots into a blank picture.

The post Citrix App Protection helps secure remote workers appeared first on Cybersecurity Insiders.