Well-rounded disaster recovery and business continuity plans should consider all aspects of securing a business, from data security to malware prevention to endpoint protection.
However, many companies may overlook this last point; the focus is often on securing communications, not endpoints, said author Ravi Das. In the wake of the COVID-19 pandemic, this needs to change as many endpoints now sit outside the traditional perimeter and often lack adequate protections on their own.
In Business Recovery and Continuity in a Mega Disaster: Cybersecurity Lessons from the COVID-19 PandemicDas discussed how companies can leverage lessons learned from the pandemic to prepare their organization for future catastrophic events and create effective disaster recovery and business continuity plans.
In the following excerpt from Chapter 3, Das details the importance of endpoint security when preparing for the next pandemic or natural disaster.
Check out an interview with Das, where he discusses why endpoint security can’t be forgotten, as well as key cybersecurity takeaways from the pandemic and how to use them to be proactive in the future.
The need for endpoint security
Even after the first wave of the COVID-19 pandemic and with the emergence of a nearly 99% remote workforce, many companies are still only concerned with securing network communication lines, not from the point of origin and the point of destination. Thus, these have become abandoned areas from which the cyberattacker now takes full advantage.
In this subsection of this chapter, we will look at how critical this area is, especially during the next disaster.
There is no doubt that the cybersecurity threat landscape is changing daily. It seems that hardly one type of attack comes out, new variants of it are launched at a later time. There’s no doubt that this cat-and-mouse game is hard to keep up with, literally giving IT staff in any organization a serious run for their money.
Remember that today’s cyber attacker is in no rush to launch their threat vectors. Unlike their “smash and grab” style of some time ago, they now take their time to select, profile and carefully study their potential victims. This is done in an effort to find unknown vulnerabilities and weaknesses, so they can stay in their victim’s compound much longer.
Then, once inside, they can then accomplish their specific goals, bit by bit, unbeknownst to their victim, until it is too late. But very often businesses and corporations only think about protecting what is inside their IT infrastructure. For example, this includes servers, workstations, network connections, wireless devices, etc.
The importance of endpoint security
Very often, little attention is given to fortifying the defense lines of the extremities of these systems. For example, a CIO or CISO is probably more concerned with securing network communication lines using a VPN, rather than the starting and ending points of it. In this aspect, the cyberattacker is well aware of this, and begins to take full advantage of it to enter and stay indefinitely for as long as he can.
Thus, as can be seen, securing the terminals of an IT infrastructure thus becomes of paramount importance. In this blog, we take a look at some of the latest best practices an organization can adopt to further improve their endpoint security.
Here is what is recommended:
- Use automated correction software: One of the first cardinal rules of security in general is to have your IT staff stay up to date with the latest software updates and patches. In fact, some experts will claim that you should even have a dedicated person to handle this particular task. Maybe if your organization is an SME, it could be possible. But even then, it can be quite a laborious and time-consuming process. But what about those much larger entities that may have multiple computing environments and thousands of workstations and servers? Of course, the number of endpoints you need to fortify can multiply very quickly. Thus, it is highly recommended that you have a process that can automatically check for relevant patches and upgrades, as well as download and deploy them.
- Have a well-trained and highly proactive cyber response team: Once your organization has been impacted by a cyberattack, there is no time to waste. Every minute and second lost further delays your recovery. Therefore, you should have a dedicated cyber response team whose primary function is to respond and mitigate the impacts of a cyber attack within 48 hours, maximum. To do this, they must be well trained and practice regularly (at least once twice a month) in real-world scenarios. They should also be equipped with the latest security tools to determine if there are any other security weaknesses or vulnerabilities that have not yet been discovered. This primarily involves finding and verifying any malicious behavior or anomalous trends that occur within the IT infrastructure. Additionally, the cyber response team should have a dynamic alert and warning system in place to notify them of any potential security breaches, especially at endpoints.
- Perform routine security scans on your endpoints: As important as it is to maintain a routine schedule to stay current with software updates and patches, so is reviewing the status of endpoints in your IT infrastructure. In fact, it should be the duty of the network administrator to formulate such a schedule, and this should include performing exhaustive checks for any signs of potential malware. Sophisticated anti-virus software should be deployed on endpoints and maintained regularly. As a general rule, it is recommended that you perform these endpoint security scans once a week.
- Disable all ports that are not in use: Although it seems like an obvious task that should be done, but very often it goes unnoticed. Many organizations leave their network ports open, leaving an extremely easy entry point for the cyberattacker. It is strongly recommended that your IT security personnel check all open ports that are not in use weekly. If found, they should be closed immediately. Of course, if network ports are open and in use, they must also be secure, especially at endpoints. This is essential for wireless devices, especially when Bluetooth is used.
- Use multi-factor authentication: Many cybersecurity experts advocate the use of 2FA, but even that is not found to provide adequate levels of security. Therefore, it is recommended to implement more than two layers of authentication, especially on your endpoints. Perhaps consider implementing at least three to four layers of authentication, one of which should use biometric technology. This can ensure much higher levels of accuracy when confirming an individual’s identity.
- Implement the “Zero Trust Model” established by Forrester: Traditional security models basically state the following:
The fundamental problem in network security is the broken trust model where cybersecurity professionals, by default, trust users and traffic inside their network, and assume that everyone outside the network is not not reliable.
In other words, you can implicitly trust everyday objects and interactions within your IT infrastructurebut not out of it. But with the Zero Trust Model, you’re absolutely there. no confidence level whether internal or external. Broadly speaking, this can be implemented on your endpoints in five steps:
- Identify and classify your sensitive information;
- Map the data flows in and out of it;
- Create and implement your own unique Zero Trust model to fit these particular data streams;
- Establish an automated rules-based system that will trigger appropriate alerts and warnings;
- Continue to monitor the Zero Trust model ecosystem daily.
- Make sure your endpoints are well protected: This means that you have implemented the right mix of security technologies, mainly those of firewalls and routers. But the cardinal rule here is that don’t just use the default settings set by the vendor and assume that they will provide adequate levels of security. These settings must be implemented and established that are dictated by the specific security needs of your organization. Also keep in mind that many network infrastructures remain static in nature unless there is a specific reason to change them. For this reason, make sure your VPN stays up-to-date and secure, especially when it comes to your employees’ access to endpoints through it.
- Use the Office 365 “Secure Score”: Many businesses and corporations now rely heavily on the tools and applications that reside in Office 365; and hence, it has become a prime target for the cyber attacker. Microsoft provides a specialized tool called “Secure Score”, which is available exclusively to the network administrator. Thus, all Office 365 packages used in your organization are closely examined, such as the daily activities of your employees and all relevant security settings. Once you complete this task, you get a score (this is very similar to receiving a credit score). The higher it is, the more secure your Office 365 environment is, the lower it is, the less secure it is. All of this means that you need to modify and adjust the settings and configurations of Office 365 portals that meet your organization’s security needs.
About the Author
Ravi Das is a cybersecurity consultant and business development specialist. He also does cybersecurity consulting through his private practice, RaviDas.Tech Inc. He is also studying for his CompTIA Security+ certification.