Endpoint security used to be about protecting your enterprise against viruses and malware. However, in the light of high-profile data breaches in both the US government (Snowden) and major retailers (Target, Home Depot, etc.), endpoint security is increasingly evolving toward protecting your sensitive corporate, competitive, and consumer data.
Securing the endpoint has become a “big data” problem. Nowadays, companies need to both secure and track the interactions within the organization’s critical data as well as with any system that transacts this data. So why has properly securing endpoints become such a critical part of securing data networks in general?
According to IBM Security Services 2014 Cyber Security Intelligence Index, 1.5 million monitored cyber-attacks occurred in the US in 2013. Some of the financial ramifications for companies experiencing these attacks include the following:
- 29% experienced reputation and brand damage
- 21% lost productivity
- 19% lost revenue
- 10% experienced a rise in the cost of technical support
- 8% had to spend more on regulatory compliance
If you are thinking that your industry isn’t at risk – think again. In the last week, Identity Theft Resource Center published their data breach reports findings, and virtually no area is untouched by cyber-attacks. Here is a list by category, which includes the number of breaches as well as the number of records breached:
In addition to all of these alarming statistics, more research indicates exactly where the weaknesses in endpoints reside. For instance, in the financial industry, breached credit cards and debit cards represent 62% of the data breached. Furthermore, another 8% of breached data comes from online banking usernames and passwords.
Despite these DLP weak points, financial institutions and card providers are still the most common sources for alerting consumers to fraud occurrences, often through phone calls, emails, or even texts. In the healthcare industry, an estimated 1.84 million people were victims of medical identity theft in 2012. It has been speculated that a lot of these breaches occur via unauthorized access to computer endpoints connected to healthcare systems or the improper handling of paper records. These security holes have been the most costly across all industries at $233 per compromised record. In the field of education, one area of concern is that 50% of colleges and universities allow for sensitive data to be sent across email, unprotected. And a quarter of these institutions have encouraged students to send personal information in forms containing sensitive data through unencrypted channels. In the fields of telecommunications and e-commerce, there are many other areas where endpoint weaknesses occur. For example, it was found that less than half of all mobile users use security software on their devices. With malicious and high risk apps reaching 1 million on the Android platform, greater diligence is necessary for proper endpoint protection. In the area of e-Commerce, e-Commerce websites were the #1 targeted assets for hackers, increasing the importance of putting web security measures into place.
So how do companies go about securing their enterprises? With the sheer number of exposed endpoints and security weaknesses found in the majority of today’s organizations, it is obvious that a more comprehensive approach is needed.
Securing the Human Layer of the OSI Stack
One critical piece of the endpoint security puzzle that cannot be overlooked is the human factor. Insider threats from disgruntled employees, contractors, or business partners with data or system access can use and abuse that access in a way that negatively affects the integrity and sensitivity of the data accessed. While companies would like to think that every employee is 100% loyal and trustworthy, Forrester Research reported last year that is not always the case – insiders were the top source of breaches.
There are several steps involved in protecting corporate data from insider threats. One is by ascertaining employee motivation for leaking data. The main reasons are: for financial gain, coercion, helping a cause, or simply because they have a large ego and want to see what they can get away with. Another reason is determining which targets are likely to be pursued. Sometimes data targeted may not just be high-profile but also that which is easily accessible from outside server repositories or cloud servers. It could also be through the transmission of unencrypted sensitive data on a local mail client, through a mobile device, external hard drive, or thumb drive.
Data Leakage Prevention
Traditional security measures such as basic antivirus, firewalls, and unencrypted passwords are no longer effective at stopping or preventing advanced malware and data threats from insiders with malicious or negligent intent. To effectively cover all areas of potential insider threat, organizations need to know where their vital data is saved, who is accessing it, and how it could possibly leave the organization.
With increasing incidents of data leakage reports and their rising costs for response and containment, an appropriate response would be for companies to invest in electronic tools to aid in the prevention, monitoring, detection, containment and response. One such tool that could meet this ever-growing need is Intelligent ID. This product enables companies to: secure company or customer-protected data, combat potential insider threats, continuously monitor data usage both on and off the network, and know exactly what processes are running on any system at any time.
Why Infrastructure Monitoring?
Why should infrastructure monitoring be a key part of your endpoint security solution? This piece of the security puzzle provides many of the features of traditional endpoints: preventing the running of malicious or threatening processes in your network, identifying if virus signatures or hotfixes are out of date, and so on. But today’s infrastructure monitoring tools take this process several levels deeper, such as monitoring for efficient allocation of resources and reviewing endpoint health and performance – even if they are unreachable in person. Using a tool that allows complete whitelisting or blacklisting of endpoint applications, provides alerts and the option to allow the endpoint to automatically terminate or re-launch listed applications would be ideal. Implementing infrastructure monitoring with these features will help to maintain a safe and productive endpoint environment.
Auditing Sensitive Data
Why is it important to analyze the data stored on your endpoints and files shares? One important reason is so you know exactly how many copies of a confidential or proprietary document exist, where they reside and who has ownership of each document. Why might having this knowledge be meaningful? If data is found in unauthorized formats, residing outside of secure file shares, or duplicated onto unauthorized endpoints, immediate action can be taken to secure the data and discover why the issue occurred. Using a sensitive data crawler can provide many benefits. For example, it can report if secure data has been accessed and moved to unsecure locations; it can conduct targeting scans; it can also help lessen data loss risks.
Identity Activity Monitoring
Another need becoming more vital for data breach prevention is monitoring for activity related to identity. Companies need to look for tools that proactively monitor for keywords that could threaten organizational data, monitor social media and related app activity in which sensitive data is shared, and monitor server shares and print servers for access of sensitive files and data. An effective tool that can be implemented to safeguard against these threats is Intelligent ID. Intelligent ID’s Identity Activity monitors for a variety of activities taking place on the endpoint that research shows could indicate insider threat potential, such as logging into web-based applications with another user’s credentials, accessing files or folders that are not job-relevant, performing bulk file actions, or identifying unusual print activity.
While traditional security measures such as firewalls and antivirus protection still make up important pieces of your security infrastructure, adding in infrastructure monitoring, a sensitive data crawler, and other tools for data leakage prevention (DLP) – while increasing awareness and prevention of insider threats – will help to tighten and reshape your endpoint security into a complete and effective security solution.
Tags: data breach, endpoint security, IT Infrastructure