Endpoint/Device Security, Identity, Security Staff Acquisition & Development

Threat actors target remote endpoints to conduct BECs, steal credentials and load malware


Today, companies spend a fortune erecting walls around their core IT infrastructure, but they fail to secure the stragglers in their midst. These are the thousands of remote devices — laptops, phones, IoT sensors — that operate at the network’s edge and give workers the flexibility to do business on the move and at home in ways previous generations could never have imagined.

Click for more special coverage

Endpoint devices are great for productivity, but they are a potential nightmare for security. Like stragglers breaking away from the horde, vulnerable endpoints present easy targets to adversaries. Poor endpoint security can lead to business email compromise, stolen credentials, data loss, malware infections, and advanced persistent threats with the ability to move laterally on the network undetected.

A lack of strong endpoint security has resulted in some of the most destructive breaches of the past several years: Equifax in 2017, SolarWinds in 2020, Colonial Pipeline in 2021, and HCA Healthcare in July of this year.

Looking to learn more about how companies can improve endpoint security, CyberRisk Alliance (CRA) conducted an online survey in August 2023 among 200 security and IT leaders and executives, practitioners, administrators, and compliance professionals in North America. Here are four of the most important takeaways:

  • Compromises of endpoints are rampant. Three out of five respondents admitted to one or more compromised endpoints in the last year. That’s a lot of compromises, considering 63% reported having 1,000 or more endpoints on their network. Desktops, mobile devices like laptops and tablets, and servers were the most common targets.
  • Too many devices are not being monitored. CRA found that not all endpoints are observed equally. Just 59% of respondents are confident that at least 75% of their endpoints receive monitoring around the clock. That means a huge proportion of devices are essentially being left unattended — either operating off the grid or receiving only periodic attention.
  • Security pros are looking to AI for help, but at a slow pace. The CRA survey found that multi-factor authentication, strong password enforcement, and security awareness training are still the most common tactics used for endpoint security. Many respondents employ an EDR or EPP tool in their endpoint security strategy, and some plan to leverage AI, but the pace is slow: only one-third plan to incorporate an AI or machine learning-based approach to their strategy in 2024.
  • Human error still plagues organizations. Employee negligence and user carelessness are still considered the top challenges to securing endpoints. Half of all respondents are concerned that users will fall prey to phishing emails or social engineering attacks that give threat actors a foothold into the network. As one respondent put it: “all it takes is one rogue click to compromise the entire organization.”

Today’s reality: With enough persistence and a bit of luck, opportunistic threat actors will eventually find the opening they’re looking for.

Some CRA’s recommendations in the report include the following: explore the market for new solutions and make AI a priority for new endpoint products; offer mandatory training for the company; and establish a zero-trust framework, particularly to support remote work. endpoints.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.