Tom Lysemose Hansen, CTO of Promon, explains the importance of securing endpoints to government organizations
More than a year into the Covid-19 pandemic, remote working seems to have become an integral part of it, and government organizations are no exception. The problem is that many fail to grapple with one notable downside of moving to WFH: the loophole in the security of endpoints (or remote computing devices). With the increasing number of endpoints accessing government networks, there is now an increased risk of cyberattacks as employees no longer rely solely on office desktop computers, and solving this problem will continue to be of great importance. Even if the threat from Covid-19 has completely subsided, the “hybrid work” is likely to be welcomed by most government organizations; Therefore, long-term solutions are required to ensure robust cybersecurity of the endpoints.
As workers from all sectors work from home, they are increasingly using their own endpoints such as laptops and smartphones instead of corporate desktops. At some point, even if the organization has provided company-issued devices, it is never entirely possible to prevent someone from checking their work email or remotely accessing documents on their personal devices. Unfortunately, this has its own risks, especially when these devices are connected to government networks: For example, in the worst case scenario, if a family member gets their hands on a work device or personal device with access to a government network and illegally streams a movie from an unsafe website, They can unwittingly allow the device to be infected with spyware that can spread over a government network with undreamt-of consequences.
Securing the endpoints is a task that, while objectively important, appears to be lower on the priority list than it should be. Unfortunately, cyber criminals are becoming more sophisticated and increasingly using AI, bots, and machine learning to exploit their victims. Phishing emails and WhatsApp messages sent to employees who often pretend to be their boss are often very difficult to distinguish from reality, and hackers take advantage of the opportunity to send emails that turn out to be urgent Output Covid-related messages. According to the IDC, 70% of successful cybersecurity breaches originate from end devices. And as with Covid, new spyware variants are constantly emerging that have the potential to bypass existing anti-malware coding.
The importance of defending against such endpoint spyware can hardly be underestimated in the public sector, where the importance of maintaining the confidentiality of sensitive information could not be greater. “Hacktivists” and nation-state attackers have become extremely opportunistic and use targeted attacks to exploit government officials and organizations. Examples of malicious cyberattacks are ubiquitous in the news, such as the attack on various U.S. government IT systems in 2020 and the recent ransomware attack on the Irish national healthcare provider that forced them to shut down their entire IT system.
Government organizations need to ensure that their endpoint cybersecurity measures are no less than the most current and advanced on the market. It’s not just about making sure the devices have the latest software or antivirus technology. The most effective solutions use not only signature recognition technology but also newer methods such as behavior analysis, threat analysis and predictive analytics to combat the advancing AI skills of cyber attackers. It is also important to have a secure, dedicated execution environment for the company’s security-critical applications, shielding, for example, email, clients, and remote sessions, and ensuring that spyware cannot get and collect sensitive information. Although this technology often requires significant investment, it is more than worthwhile given the national security risks of cyberattacks and the associated loss of public trust in government.
The news that President Biden has just signed an executive order aimed at updating the federal government’s approach to cybersecurity by implementing a government-wide endpoint detection and response system and improving the ability to detect hacks is very welcome. It is up to other governments around the world to make sure they don’t get caught by the increasingly sophisticated strategies of cybercriminals – and when it comes to implementing an effective cybersecurity strategy, fixing endpoint vulnerabilities is arguably the number one starting point.