As 2022 rolls on, the latest threat intelligence data from makes it clear that endpoint devices are a ripe target for cyberattacks. “In this new normal of hybrid workforces, endpoints can no longer rely on a strong perimeter to identify and catch the bulk of threats,” the report noted. Turning the focus on the endpoint itself and looking at ways to better secure end-user computing makes sense given that endpoint and ransomware attacks in the first three quarters of 2021 alone exceeded all of 2020.
Malware is also becoming an increasingly simple endeavor for cybercriminals, even those who are new to the space. “With tools like PowerSploit, PowerWare and Cobalt Strike, even low-skilled attackers can take everyday malware payloads and execute them using sophisticated memory injection techniques to evade detection,” the report said. Similarly, ransomware-as-a-service is helping escalate ransomware attacks. “Would-be criminals no longer need coding skills to carry out devastating attacks against organizations thanks to commoditized offerings available on the dark web and underground forums,” WatchGuard noted.
Combatting these escalated threats at the endpoint requires organizations to look at all the ways threats could succeed and tighten up controls in each element: User activity, the operating system itself, policy and access controls, antivirus software, suspect or abnormal byte sequence detection, a chain of trust, virtualization and cloud-based computing. This defense-in-depth strategy is a multi-layered approach that uses physical, technical and administrative controls to safeguard an organization against ransomware threats.
Be Security Agnostic
We need to extend our thinking beyond just being device agnostic to being entirely security agnostic; recognizing that a hybrid workforce will introduce rogue devices at some point. IT security should focus on practices that reduce risk regardless of where or what device(s) an individual is using at the time. Being security agnostic is the answer to another hybrid workforce trend: Hoteling— which is now gaining steam in 2022 as businesses rethink the expensive office space they probably still have. Just like hotel reservations, workers can reserve office space or just a desk to work on-site as needed. They may or may not bring a device with them, so security protocols must be agnostic, or at least standardized across devices, to support what is becoming a permanently fluid style of working.
Leverage Virtualization and Inherently Secure Operating Systems
Moving Windows to the data center or cloud and using a lean, inherently secure operating system (OS) can enable more secure access to apps and data. For example, moving Windows off the endpoint is the logical strategy as cloud-based applications like Azure Virtual Desktop with Windows 365 and those from VMware and Citrix are now the virtualization standard for end-user computing. This also helps consume less staff time since it streamlines patching and other security updates across the entire endpoint environment; also greatly reducing risk at the endpoint. A user, whether remote or on-site, can open up their device, access data and apps in the cloud and minimize the chances of introducing a threat.
For optimal success, a Linux-based OS built for VDI, DaaS and digital workspaces can be structured as a modular, read-only and tamper-proof firmware base. This base won’t hold any business data for hackers to target as all data is stored in the cloud. A broad array of security-focused features in the OS can be designed to minimize exposure and deter attackers from infiltrating an organization through the endpoint.