Tom Lysemose Hansen, CTO of Promon, discusses the importance of securing endpoints for government organisations
More than a year on from the beginning of the Covid-19 pandemic, remote working seems to be here to stay and government organisations are no exception. The problem is, many are failing to grapple with one notable downside of the shift to WFH: the gap in the security of endpoints (or remote computing devices). There is now a heightened risk of cyberattacks stemming from the increased number of endpoints that have access to government networks, as employees no longer solely rely on office desktop computers, and resolving this problem will continue to be highly important going into the future. Even when the Covid-19 threat has receded entirely, ‘hybrid working’ is likely to be embraced by most government organisations; therefore, long-term solutions are needed to ensure endpoint cybersecurity is robust.
As workers from all sectors have shifted to working from home, they have increasingly been using their own endpoints, such as laptops and smartphones, for work, rather than company-owned desktops. At a certain point, even if the organisation has supplied company-issued devices, it’s never entirely possible to prevent someone from checking their work emails, or remotely accessing documents from their personal devices. Unfortunately, this comes with its own set of risks, particularly when those devices are connected to government networks: for example, as a worst case scenario, if a family member gets hold of a work device or a personal device with access to a government network, and illegally streams a film from a non-secure website, they may unwittingly allow the device to be infected with spyware that can propagate through a government network with unknowable consequences.
Ensuring endpoints are secured is a task that, although objectively important, seems to be lower down on the priority list than it should be. Unfortunately, cybercriminals are becoming more and more sophisticated, increasingly employing AI, bots and machine learning to exploit their victims. Phishing emails and Whatsapp messages sent to employees, often posing as their manager, are often very difficult to distinguish from the real thing, and hackers are exploiting the opportunity to send emails posing as urgent Covid-related messages; thus it is that 70% of successful cybersecurity breaches originate on endpoint devices according to intelligence firm IDC. And as with Covid, new spyware variants are constantly emerging, with the potential to evade existing anti-malware coding.
The importance of ensuring that such spyware is repelled from endpoints can hardly be understated in the public sector, where the importance of sensitive information remaining confidential could not be greater. “Hacktivists” and nation-state attackers have become extremely opportunistic, utilising targeted attacks to exploit government workers and organisations. Examples of damaging cyberattacks are ever present in the news, such as the 2020 breach of various US government IT systems and the very recent ransomware attack against the Irish national healthcare provider that forced them to shut down their entire IT system.
Government organisations need to make sure that their endpoint cybersecurity measures are nothing short of the most up-to-date and sophisticated on the market. It’s not just about ensuring that devices have the latest software or antivirus technology. The most effective solutions not only use signature detection technology, but also newer methods such as behavioural analysis, threat intelligence and predictive analytics to combat the advancing AI capabilities of cyberattackers. It is also vital to have a secure dedicated execution environment for the organization’s security sensitive apps, for example, shielding emails, clients and remote sessions, as well as ensuring spyware cannot fetch and harvest sensitive information. While such technology often requires a significant investment, it is more than worth it given the national security risks of cyberattacks, not to mention the damage to public trust in government that they incur.
The news that President Biden has just signed an executive order aimed at updating the federal government’s cybersecurity approach, by implementing a government-wide endpoint detection and response system and enhancing the ability to detect hacks, is very welcome. It falls on other governments around the world to likewise ensure that they do not get caught out by the ever more cunning strategies of cybercriminals – and when it comes to implementing an effective cybersecurity strategy, addressing endpoint vulnerabilities is arguably the most important place to start.