Getting your head around endpoint protection for business isn’t easy. Matt White, CEO of software-as-a-service platform XaaS Ltd, has a knack for explaining it simply – with a balloon and a toothpick.
In Episode 4 of Hacker:HUNTER Behind the Screens, Endpoints: Friend or Foe? White blows up a balloon and pops it with a toothpick. The balloon is an organization’s expanded ‘attack surface’ and the toothpick is just one cybercriminal reducing it to shreds. In reality, White says, there are thousands of toothpicks trying to pop your balloon at any time.
And the toothpicks are getting stabbier. “Cybercriminals are now using AI and machine learning to make their attacks more sophisticated,” says Kaspersky senior security researcher Noushin Shabab.
What are endpoints and why do they need protecting?
Organizations’ attack surfaces are so big today because now almost anything is an ‘endpoint’ – a device connected to the network, from mobile phones, to webcams, to fridges. Together they make, as White puts it, “a total chaotic mess” from a security perspective.
“Endpoints are the heart of the risk. They’re the route in for your employees and the machinery you use for your work. But they’re also a route in for attackers.” Matt White, CEO, XaaS Ltd
It’s clear endpoints are cybercriminals’ favorite way to enter infrastructure. Market data analysis firm IDC’s 2019 study found 70 percent of breaches started on an endpoint.
What’s the best way to protect endpoints?
While once businesses could rely on antivirus software to do the heavy lifting, White says they must go further to respond to a new threat landscape. “Endpoint detection and response (EDR) is like antivirus on steroids. It doesn’t just detect and identify, it isolates malicious code and repairs. Spending more on that kind of system is like an insurance policy – it may protect you from a lot more damage down the line.”
He likens endpoint detection and response to a COVID-19 vaccination. “You know you may still catch it, but you can make it far less serious by getting a vaccine upfront.”
White believes the new level of cyberthreats demands a new way of working. “It’s not just plugging in the latest shiny box that’s going to secure a network. Everyone has to work together – all parts of a company, regulators, financial authorities – to create collaboration. It’s a team game.”