Securing the enterprise may never have been a simple task, but now it is far more complex as hackers have become more creative and as the enterprise itself has extended into remote locations and as far as "the cloud."
With new threats, the rising consumerization of IT, handheld smart devices and 16GB flash drives the size of a finger, security within the four walls of the enterprise is no longer enough. The continuing extension of endpoints and the growing number and complexity of threats require that endpoint protection solutions be reviewed and updated on a continual basis.
Today’s hackers go far beyond the mischievous teenager seeking to prove he can get into a company’s systems-though such pranksters still exist. Today’s hackers work in groups, continually refining their tactics to infiltrate networks to obtain financial information, company secrets and to launch DoS attacks.
Whereas the mischievous teenager would hack in and publicize his prowess to his friends, today’s hackers work in stealth mode. They want to unleash infection without detection so that they can obtain sensitive information today and in the future.
Hackers devote themselves to revising and refining their attacks, becoming more creative all of the time. Among some of the more inventive threats:
Compounding this issue is the expansion of the network to an increasing number of remote devices and into the cloud. The endpoints used to be within the four walls of the enterprise. But, today the endpoints extend far beyond the business itself, with employees, contracts and business partners using a variety of laptops, iPhones, Androids and other smart devices to connect to the enterprise.
Though not likely to be attached to a company network, hackers have even gone as far as to target gaming devices with Internet capabilities. Flash drives present another issue. Carrying a presentation or product brochure on a flash drive is much less cumbersome than carrying a load of papers. But it’s just as easy for an employee to download malware-even innocently-to the same device before reattaching it to a company-owned computer.
Mobile device security isn’t as mature as security for more traditional PC desktops and laptops. Criminals know this, so they’re targeting remote-device vulnerabilities left and right. Meanwhile, the more traditional threats continue unabated, making corporate security more complex than ever.
Achieving total security would mean blocking outside access and limiting interior access only to the most trusted senior managers, but such a strategy would stop or severely restrict most businesses. Preventing remote connections is impractical. Salespeople, technicians and other employees all have legitimate reasons to access the network for business-related reasons.
The evolving threat environment should motivate every company to review its endpoint protection solutions to see if they’re positioned to thwart the evolving myriad of security attacks.
Endpoint protection solutions should include:
Employee training needs to complement the endpoint protection solutions. Educate them about common security threats and those found "outside of the box." And, make sure they have a clear understanding of how security is changing now that mobile is leading the way.
Hackers have updated their attacks in number, scope and complexity, and businesses are struggling to outpace consumerization threats. More than ever, endpoint protection solutions need to evolve beyond the traditional model to keep up with the times.
By Phil Britt