As companies continue to move more of their employees across widely dispersed areas, shift processes to the cloud, and see the elimination of the network perimeter, endpoint security becomes more important.
But according to a survey conducted by Tanium, too many companies are letting their cyber security strategies slide. Among those responding, 55% said that approximately 75% of potential endpoint attacks wouldn’t be hindered by their current tools or policies.
Why Endpoints Aren’t Being Protected by Zero Trust
Cyber-attacks often focus on endpoints, with hackers looking for gaps in a variety of areas, with endpoints, infrastructure, and its corresponding application programming interfaces (APIs) and hybrid configurations offering some of the more vulnerable entry points.
In another survey entitled, “How Enterprises Plan to Address Endpoint Security Threats in a Post-Pandemic World,” conducted by Dark Reading, the findings showed that while 67% had taken steps to build protection around virtual environments, nearly one-third, or 29%, had not been keeping up with patching or updates.
A little more than a third (36%) had introduced some endpoint controls, there was a lack of complete visibility to every device on the network. Up to 40% of endpoints may not be identified by location or status at any given time for these companies.
While enterprises recognize that zero trust network access (ZTNA) is the right approach, 68% say they have yet to implement the policies that would support it.
ZTNA is a strategy that describes more of a mindset than a particular practice or tool. It assumes that every device and user is a threat and applies a variety of strategies and tools to vet any person or device trying to gain access to the network. In most cases, an IT team overwhelmed with projects is the barrier to getting the right cyber security strategy in place.
IT teams report that, in many cases, patch management is seen as too time-consuming and complex. When security teams have a choice between patching and other projects, they tend to consistently choose other projects. What may lead to improved motivation is Ivanti’s finding in its Patch Management Challenges report: it takes only 72 hours to weaponize SAP vulnerabilities through patch management gaps.
Some teams cling to an inventory-based approach, one that is seen as outdated and vulnerable to ransomware attacks. It simply isn’t fast enough to keep up with threats.
Ransomware is different from other types of cyber security threats. Once the attack is launched, the company is on a countdown and risk is worsened by any delays in decision-making.
If your company is struggling to keep pace with endpoint security, contact us at Independent Connections for help. We can assist you in identifying potential vulnerabilities and establish cyber security practices assisted by the right tools to secure your environment.