The recent spate of high-profile security breaches at some of Australia’s largest enterprises has reminded everyone of the importance of security. Cybercrime is estimated to cost the Australian economy around A$42 billion a year, and that number is only rising.
The biggest challenge when it comes to cybercrime is that there are so many different security risks to manage. The three biggest risks going forward in 2023 and beyond are:
Ransomware – in which a malicious program infects a computer, locking access to all files until a ransom is paid to gain access to the unlock key. Most ransomware programs, once infecting one computer, will spread throughout the network, locking down the entire organization’s IT environment. Of course, even if the ransom is paid and the key obtained, there is no guarantee that other malicious code will not remain on the devices for criminals to continue collecting data. Ransomware often starts out as humbly as someone in an organization downloading the wrong file from an email. Misconfigurations and unpatched systems – Cyber criminals can purchase tools from dark web marketplaces that will scan IT networks and devices for misconfigurations and unpatched systems that they can exploit. This has become a particular concern with more people working remotely (and therefore away from IT support teams) during and after the pandemic. In many cases, the management of patching for remote devices has been less robust than it should be. Social Engineering – With social engineering, the cyber criminal will “trick” a victim into releasing confidential information such as passwords and other logins. They achieve this through a number of means, but one of the most common is through phishing, which usually involves persuading someone to download a piece of malware from a legitimate-looking email that then sends login data and Will collect other sensitive information that may provide criminals access. And many more within the organization.
In all three cases, cyber criminals are gaining access through endpoint devices. While firewalls and other “perimeter” security defenses are critical to the safety and security of the organization and its assets, there is renewed focus on the importance of endpoint security, as individual vulnerabilities are often the easiest to exploit. Is.
Endpoint security requires a multipronged approach
“Endpoint protection” means more than the anti-virus installed on a computer. A truly robust endpoint solution will provide security at all levels of the device, from the core BIOS, through the hardware, firmware, and application layers.
That’s what Intel aims to deliver with the Intel vPro® platform. The vPro® platform incorporates performance, manageability and security, and security is intended to cover endpoint devices at all levels – below the OS, above the OS and at the application layer.
This begins with total component traceability that begins on the factory floor. Meanwhile, vPro® has certified security status, which means it uses static and dynamic root-of-trust measurements in the Intel Trusted Platform Module to detect abnormalities that verify below-the-OS security. Is.
At the hardware level, Intel enhances the security of devices with total traceability of devices that starts on the factory floor. Meanwhile, the secure boot-up tool in vPro® means only unmodified firmware and trusted OSes will load, preventing compromised devices from ever connecting to the network in the first place.
vPro also enhances security for virtualized environments. Organizations can run virtual machines across different operating systems for security-based isolation with application compatibility. In addition, virtualized security software, such as Windows Defended Credential Guard and Application Guard, are enhanced through Intel’s own virtualization capabilities. It provides better protection from kernel-level malware through browser-based attacks.
At the application level, vPro® has a hardware-isolated key locker to enable password-less sign-in (useful for mitigating the risk of social engineering by tricking employees into giving up their passwords). vPro® also includes total memory encryption designed to reduce the risk of cold-boot attacks and isolate compromised applications.
Finally, AI-powered CPU threat monitoring is designed to detect malware that has outrun antivirus. Intel has also integrated threat detection technology with leading mobile device management software options, to extend these capabilities holistically to all technologies that may interact with the network.
Building a holistic endpoint security practice
While the Intel vPro® solution is designed to be a powerful and robust baseline security for endpoint devices, the reality is that endpoint security requires a proactive and sustained effort by organizations. This is especially true with lots of devices that connect to company networks remotely.
vPro® will be most effective when supported by several best practices, including:
A zero-trust approach to user privileges. Administrators must maintain tight control over users’ access when accessing sensitive data and parts of the network. This means that there should be a robust approach to access rights by device and user, and that administrator permissions should be reserved for special users. Remote deployment of patches and updates. IT teams have tools available to remotely access PCs and deploy patches. The goal here is to make patching as seamless as possible for the end user, and not rely on their input. Staff training continues. Ultimately, the best defense of all is to train employees to look for security red flags. Research from Stanford University found that about 88 percent of all data breaches are caused by human error. Solutions like vPro® can help mitigate this risk, but ongoing training regimens across the organization are equally important.
Following the recent wave of data breaches, the Australian government has committed to increasing penalties for organizations affected by poor security practices. These penalties are now severe enough to be an existential risk for many organizations. Investing in security solutions that address the gateway to an organization’s data, as do endpoint solutions, and combining that with a new approach to security policy and training, is the key for businesses to secure themselves in 2023 and beyond would be an important method.
For more information on the security features of WePro®, click here.