Article

Why Is Endpoint Security Important?

Terence Jackson

Terence Jackson won CyberArk’s
SME of the Year award in 2016

According to Panda Labs, more than 4,000 ransomware attacks occurred in 2016, and 18 million new malware samples were collected in Q3 of 2016. Experts predict that these numbers will be even higher for 2017. What do most, if not all, of these attacks have in common? They all start on an endpoint of some kind: a PC, laptop, tablet, mobile phone, etc. These endpoints, and the users who operate them, are vulnerable to many types of attack, such as phishing.

Phishing e-mails are still one of the most effective ways that hackers deliver their payloads. Hackers bank on the fact that enough people will take the bait and click a malicious link or open a compromised attachment.

Dr. Zinaida Benenson conducted two studies about mock phishing attacks, and the results were surprising. Her studies, conducted at Friedrich-Alexander University (FAU) of Erlangen-Nuremberg, Germany and presented at Black Hat USA 2016, revealed that users are even more vulnerable to phishing attacks than we thought.

According to her study, 78 percent of participants stated in a questionnaire that they were aware of the risks of unknown links. However, users are not always careful—or honest—about exposing their systems to these links. Among the first group tested with a mock phishing email, 20 percent said they clicked the link in the e-mail…but 45 percent actually clicked. Among the second group tested, 16 percent said they clicked the link in the e-mail, but 25percent actually clicked. In both cases, a higher percentage of users actually clicked than the percentage who admitted doing so.

How do we get from a phishing attack to a compromised endpoint?

One compromised endpoint in your environment can give hackers access to your most critical assets if the initial attack is not detected. For example, in Windows environments, hackers like to compromise an endpoint, look for super-user password hashes, and then move laterally in the environment trying to find the company’s most critical systems and cripple them. This is commonly known as a “Pass-the-Hash” attack. (See: Pass the Hash definition).

The diagram below is an example of how one compromised endpoint can be used to take control of an entire network:

Source: CyberArk

Vulnerable systems need to be identified before a hacker can exploit them through its endpoints. Using CyberArk’s Patented Discovery and Audit (DNA) tool, these systems can be identified. By using CyberArk’s Privileged Account Security and Endpoint Privileged Manager Solutions, these types of attacks can be quickly identified, isolated, and stopped.

____________________________________________

To get more information on Endpoint Security or to schedule your DNA scan, please reach out to one of our Privileged Account Management experts by sending an email to: info@dtec.com

Leave a Comment