Majority of Organizations Unprepared to Handle Targeted Cyberattack

Majority of Organizations Unprepared to Handle Targeted Cyberattack

By Greg Tavarez

Endpoints often refer to devices such as computers, laptops, smartphones, tablets, servers and any other device that can connect to a network. The rise of remote work and IoT have only increased the number of endpoint devices, which makes endpoint security even more of a crucial aspect of IT security. These devices need to be protected from various cyber threats, such as malware, viruses and unauthorized access.

IT teams must implement security measures and solutions to safeguard the data and resources accessed and stored on these endpoints. Solutions often included antivirus software, firewalls and intrusion detection/prevention systems. The main question is, are these solutions working? Are they enough?

Well, 61% of CISOs and 53% of CEOs unfortunately believe that their organization is unprepared to cope with a targeted cyberattack in the next 12 months, according to Verizon Business’ 2023 Mobile Security Index report. (Though managing endpoints is a complex task, so it makes sense that many feel unprepared.)

As stated previously, bring-your-own-device policies due to a hybrid/remote workforce only adds to the complexity, and some of this complexity comes down to the Wi-Fi endpoint users are connected to.

According to the report, 71% of users don't change the default password on their home Wi-Fi, and nearly a third don't password-protect their home Wi-Fi at all. Using a unique, personalized credential adds an extra layer of protection, limiting access to those aware of the new password. This practice safeguards personal information, reducing the risk of data compromise.

Also, regular password changes promote good security hygiene, encouraging users to explore settings, check for updates, and avoid predictability. It prevents network abuse, minimizing legal consequences for potential malicious activities traced back to the connection, and it ensures Wi-Fi network isolation, which prevents unauthorized access from neighbors or nearby individuals.

Being remote also means endpoint users don’t have to stay home, unless company policy says so. And many endpoint users don’t stay home at all times. The report found that 90% of remote workers access corporate resources from locations other than their home with the average being five different locations. This could be to coffee shop down the road, the library or even the airport when traveling.

Accessing corporate resources on public Wi-Fi exposes users to various security risks, including the potential for Man-in-the-Middle attacks, unencrypted connections, rogue hotspots, network sniffing, endpoint vulnerabilities, session hijacking, device exposure and DNS spoofing.

Managing the location of endpoints and the networks they are on is enough to give one a headache, right? It doesn’t get any easier, unfortunately.

Generative AI, something many business have used to their advantages, is proving to be a cybersecurity challenge. Attackers are exploiting this technology to make phishing attacks even more effective. Just a sample of someone’s voice is enough to create a believable impersonation of their voice. That online video interview with the CEO could easily be turned into a convincing voicemail instructing an employee to change the payment details of a large supplier or reset credentials to an important system.

“A lack of understanding of the potential consequences combined with the blurring of boundaries between home and work make a dangerous combination,” said Mike Caralis, Vice President of Business Markets at Verizon Business. “Cybercrime is getting more sophisticated by the years, and it doesn’t always come in the form that you’d expect.”

One way IT teams are better protecting endpoint users is by implementing a zero-trust approach. It enhances company security by automating user access and detecting threats. This improves user experience, avoids onerous authentication, prevents unintentional blocks and ensures no unauthorized access to sensitive data.

The model fosters employee flexibility, focusing on verification for a better experience and agility in the threat landscape—integral to the SASE framework.




Edited by Alex Passett
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

SHARE THIS ARTICLE
Related Articles

TD SYNNEX Invests in Brazilian Cloud Future with IPsense Acquisition

By: Greg Tavarez    9/18/2024

TD SYNNEX, a global technology distributor, recently announced the acquisition of IPsense Cloud Migration, a cloud solutions provider based in Brazil.

Read More

Embedded AI Security Comes to Lenovo PCs, Powered by SentinelOne

By: Greg Tavarez    9/18/2024

Lenovo, along with SentinelOne, announced a multi-year collaboration to bring AI-powered endpoint security to millions of Lenovo devices across the gl…

Read More

CrowdStrike and 1Password: A Powerful Duo for SMB Cybersecurity

By: Greg Tavarez    9/18/2024

CrowdStrike expanded its partnership with 1Password to simplify security for 150,000 customers, with a focus on SMBs in particular.

Read More

MSP Expo Silver Sponsor Granite to Cut Ribbon on New HQ as it Looks Forward to 'Granite 2.0'

By: Greg Tavarez    9/17/2024

Granite announced that it will officially open its new headquarters on September 20 at 1 Heritage Drive, Quincy, Massachusetts.

Read More

EasyDMARC Secures $20M, Vows to Strengthen Email Security Solutions and Global Channel Partner Ecosystem

By: Alex Passett    9/16/2024

Earlier this morning, email security company EasyDMARC announced that it successfully closed its $20 million Series A funding round, led by Radian Cap…

Read More