Last year saw a dramatic increase in cyberattacks, in part due to institutions struggling to ensure their security controls were fit for large-scale remote working. No longer protected by the hard outer shell of the corporate firewall, insider vulnerabilities were dangerously exposed.
According to Verizon’s 2020 Data Breach Investigations Report, 70% of breaches are perpetrated by external actors targeting end users, while attacks in web apps accessed from endpoints play a role in 43% of incidents. In addition to incalculable reputational damage, data from the IBM and Ponemon Institute reveals the average cost of a data breach last year was a staggering $3.86m – a 10% rise over the past five years.
“Accessibility has made a huge difference,” reflects BlackBerry senior director of international consulting, Luke Hull. “Whereas before you would have a particular group trying to get access to a small number of companies, it’s now far easier for threat actors to spread the attack across the corporate landscape – they don’t necessarily mind who falls victim.”
A shifting threat landscape
Covid-19 has rapidly accelerated digital adoption and fundamentally altered work practices – at least for now. But the last 18 months has also seen the scale and scope of existing security threats intensify. Has the pandemic laid the groundwork for a golden age of cybercrime?
The relatively low-risk, potentially high-reward nature of the illicit activity can certainly be tempting. “There’s a much faster monetisation of attacks, and the barrier to entry is definitely lower,” says Hull. Those looking to set themselves up as a threat actor and send out ransomware no longer need significant technical expertise, or to have the same supporting infrastructure that would have been necessary a few years ago.
A sharp increase in user devices has seen a shift in tactics employed by criminals. Hull points to the huge trend in scanning remote desktops in the early stages of the pandemic. “It’s really hard to effectively secure [the systems] of people that work remotely,” he explains. “So [threat actors] can just leave a programme guessing passwords on 2,000 systems across different companies until one of them comes up with a bad password. It’s more of a numbers game now.”
When it comes to securing this proliferation of endpoints, Hull has seen a variety of approaches – from those for whom security was an afterthought, to the risk-conscious institutions that are investing significant time and money to figure out a “new normal” which reflects the evolving threat landscape. One thing is certain: the increase in criminal activity and coverage around high-profile attacks is making it difficult to opt out of the conversation.
Amid all this change, businesses must try to strike a balance between competing priority sets: ensuring security without hindering productivity. Introducing new security measures that go beyond the traditional, minimally invasive solutions designed before large-scale remote working came into play brings fresh challenges.
“I think usability is still a key factor of security,” says Hull. “Ultimately you can mandate stricter ways of working but it’s hard to find systems now that [users] aren’t going to work around or ignore, so it’s still collaborative in terms of approach. [Businesses] that are doing well at the moment are those that are thinking about the types of attack they’re worried about and putting together very targeted investments.”
Harnessing AI for endpoint protection
As the sheer scale and scope of threats continue to rise, artificial intelligence has a valuable role to play in long-term cybersecurity strategies. The use of this technology enables smaller teams to carry out higher-value work.
“It’s about having an automated, real-time, scalable response to prevent as many [breaches] as possible and have the visibility to be able to tell what’s happening on the endpoints so that you can start planning to stop the next steps of the attack,” explains Hull.
In doing so, he continues, a “feedback cycle” is created whereby patterns of malicious activity are identified and data is analysed to produce intelligence which passes back into the ongoing loop, helping organisations to determine a better way to respond to threats.
“If you’re not continually evolving, the maturity of today’s threat actors and increase in attack surface means you’re never going to keep up”, says Hull. Unfortunately, he adds, security solutions which can make a real difference – like 24/7 threat hunting – are often the last thing companies put into play.
However, going forward the senior director of international consulting expects to see a “proliferation of automation” and believes the adoption of these technologies will increasingly go beyond protection and start being used for prevention and response.
This preventative approach, which uses AI to proactively stop attacks before they start, is at the heart of the latest BlackBerry endpoint security solution: BlackBerry Protect. On top of this sits BlackBerry Optics, a cloud-native endpoint detection and response tool which enables ongoing threat hunting and remediation across online and offline devices.
Finally, BlackBerry Guard is a managed detection and response service which takes the first two platforms and merges them with 24/7 support from prevention experts who produce threat intelligence and help organisations develop comprehensive security initiatives.
“What interests me is that we’re taking three big steps there: the automated detection, prevention and response, and we’re giving CISOs the bits they want,” reflects Hull. “It’s a fitting engagement model for the current landscape.”
Flexible working models look set to stay. For those leveraging AI to bolster their endpoint protection for this new reality, there is an opportunity to evolve in line with emerging threats and stay one step ahead of attackers.