Tom Lysemose Hansen, CTO of Promon, discusses the importance of securing endpoints for government organizations
More than a year after the start of the Covid-19 pandemic, remote working appears to be here to stay and government organizations are no exception. The problem is, many fail to tackle a notable downside to the move to WFH: the gap in the security of endpoints (or remote computing devices). There is now an increased risk of cyber attacks due to the increased number of endpoints that have access to government networks as employees no longer rely solely on desktops, and addressing this issue will continue to be very important in the future. . Even when the threat of Covid-19 has completely receded, “hybrid work” is likely to be embraced by most government organizations; therefore, long-term solutions are needed to ensure the robustness of endpoint cybersecurity.
As workers in all industries have made the switch to working from home, they increasingly use their own devices, such as laptops and smartphones, for work, rather than company-owned desktops. At some point, even if the organization has provided company-provided devices, it is never entirely possible to prevent someone from checking their work emails or remotely accessing documents from their personal devices. Unfortunately, this comes with its own set of risks, especially when these devices are connected to government networks: for example, in the worst case scenario, if a family member gets their hands on a work device or a personal device with accessing a government network, and illegally streaming a movie from an unsecured website, they may unintentionally allow the device to be infected with spyware that can spread through a government network with unknown consequences.
Ensuring that endpoints are secure is a task that, while objectively important, appears to be lower on the priority list than it should be. Unfortunately, cybercriminals are getting more and more sophisticated, increasingly using AI, bots and machine learning to exploit their victims. Phishing emails and Whatsapp messages sent to employees, often masquerading as their manager, are often very difficult to distinguish from reality, and hackers take the opportunity to send emails masquerading as urgent messages related to Covid; 70% of successful cybersecurity breaches come from terminals, according to intelligence firm IDC. And as with Covid, new spyware variants are constantly appearing, with the potential to evade existing anti-malware coding.
The importance of ensuring that such spyware is pushed out of devices can hardly be underestimated in the public sector, where the importance of the confidentiality of sensitive information could not be greater. State hacktivists and attackers have become extremely opportunistic, using targeted attacks to exploit government employees and organizations. Examples of harmful cyber attacks are still in the news, such as the breach in 2020 of various US government computer systems and the very recent ransomware attack on the Irish national healthcare provider that forced them to shut down the set. of their computer system.
Government organizations need to ensure that their endpoint cybersecurity measures are the latest and most sophisticated on the market. It’s not just about making sure devices have the latest software or antivirus technology. The most effective solutions use not only signature detection technology, but also newer methods such as behavioral analysis, threat intelligence, and predictive analytics to combat the advanced AI capabilities of cyber attackers. It is also essential to have a dedicated and secure runtime environment for the organization’s sensitive applications, for example, protecting emails, clients and remote sessions, as well as ensuring that spyware cannot retrieve and harvest sensitive information. While such technology often requires a large investment, it is more than worth it given the national security risks of cyber attacks, not to mention the damage to public trust in government they incur.
The news that President Biden has just signed an executive order to update the federal government’s approach to cybersecurity, implementing a government-wide endpoint detection and response system and improving the ability to detect hackers, is welcome. It is also the responsibility of other governments around the world to ensure that they do not get caught up in the increasingly cunning strategies of cybercriminals.