More than half of businesses have cited scaling endpoint security as their main pain point in 2020.
According to new research of 1005 key business stakeholders including C-Suite, IT and cybersecurity leaders by Asavie, 53% cited endpoint as their number one issue, followed by protecting against vulnerabilities (44%), and provisioning for remote workers (38%).
The research also found that 44% of organizations acknowledged facing a cyber-attack during the COVID-19 pandemic, specifically due to remote working. However, the research did find organizations are pushing ahead with their digital transformation journeys, with 61% prioritizing improving customer experience and 56% improving employee experience.
Terence Jackson, CISO at Thycotic, agreed that the endpoint is one of the main problems, as the pandemic has definitely highlighted the need for robust Endpoint Detection and Response (EDR) solutions to help combat attacks against the remote workforce. “Since phishing still remains the top delivery methods of malicious payloads, EDR is all the more important,” he said.
Hank Schless, senior manager, security solutions at Lookout, said lack of visibility into endpoints is a massive issue that has only been exacerbated by remote work. “Endpoints and vulnerabilities as pain points are not mutually exclusive,” he said. “Everyone has hundreds of apps on their mobile devices. Many of these apps we rely on to stay productive and be able to access corporate infrastructure from anywhere. Apps are now so deeply integrated into mobile devices that an exploited vulnerability in a mobile app could compromise any corporate data the device has access to.”
The Asavie research also determined the top three industry sectors reporting cybersecurity attacks to be media and telecoms (62%), financial services (60%) and health and life sciences (50%).
Schless said media and telecoms are an attractive target for threat actors because of their influence. “Taking over an influential publication’s social media account to spread misinformation or share a malicious link is a common tactic,” he said.
He also said the financial services industry is consistently one of the most targeted verticals for any type of cyber-attack as they were forced into remote working too, and “threat actors know that this means those remote workers are vulnerable to attack without all of the network-based protections they had in the office.”
Also, he pointed to the fact that the health and life sciences industry is leading the charge in discovering a COVID-19 vaccine, and there is evidence of foreign adversaries actively targeting the US-based companies that are at the forefront of this vaccine development.
He said: “This industry has a long chain of research and development, and employees around the globe are always collaborating across various platform and devices. Without proper visibility into all endpoints, there are countless opportunities for a malicious actor to slip into the corporate infrastructure unnoticed and exfiltrate highly sensitive data without throwing any red flags.”