Cybersecurity Insiders: Endpoint, IoT Cyberattacks Plaguing Businesses

A new Cybersecurity Insiders report shows endpoint and IoT cyberattacks increased in the past year and we can expect more in the year ahead.

The report was produced by Cybersecurity Insiders and sponsored by Pulse Secure. It polled 325 IT and cybersecurity decision makers in the United States. They represent a cross-section of organizations from financial services, health care and technology, to government and energy.

Seventy-two percent of organizations saw an increase in endpoint and IoT security incidents in the last year. And 56% expect an endpoint or IoT-originated attack with the next 12 months.

The top three issues are related to malware (78%), insecure network and remote access (61%), and compromised credentials (58%). More than 40% of respondents expressed “moderate to unlikely means to discover, identify and respond to unknown, unmanaged or insecure devices accessing network and cloud resources.”

Clear and Present Escalation

Scott Gordon is Pulse Secure‘s chief marketing officer. The findings show a “clear and present escalation of threats,” he said.

The threat has grown significantly due to work-from-home mandates. But organizations are responding quickly and effectively to this new reality, he noted.

Pulse Secure’s Gordon Scott

“Many organizations have accelerated their zero-trust initiatives to address their lack of visibility and policy enforcement issues,” Gordon said. “Validating endpoints’ security postures and extending multifactor authentication are some of the key methods for improving an organization’s security posture.”

With many new endpoints in many new locations, a zero-trust model for security brings an adaptive and context-based approach, Gordon said. It minimizes the gaps in organizations’ security policies.

The Cybersecurity Insiders research found 41% will implement or advance on-premises device security enforcement (NAC). Thirty-five percent will advance their remote access devices checking. And 22% will advance their IoT device identification and monitoring capabilities.

For those victimized by an endpoint or IoT security issue, the most significant negative impact was a reported loss of user and IT productivity, followed by system downtime.

MSSPs Can Help

The Cybersecurity Insider report said the biggest endpoint and IoT security challenges are insufficient protection against the latest threats; high complexity of deployment and operations; and inability to enforce endpoint and IoT device access/usage policy.

The most critical capabilities include monitoring for malicious or anomalous activity, locking or isolating unknown or at-risk endpoint and IoT devices’ network access, and blocking at-risk devices’ access to network or cloud resources.

Most organizations plan to invest more in secure remote worker access and endpoint security technology in the year ahead.

“MSSPs and other cybersecurity providers have an opportunity to bring user-friendly, comprehensive solutions that avoid complex deployment and operational requirements, and that aren’t cost prohibitive,” Gordon said. “A solution that provides a user-friendly experience minimizes the tickets the already stretched-thin IT team has to manage. A solution that provides adaptive and holistic policy management across all people, devices and locations gives the IT team the ability to effectively manage an ever-changing landscape of access points to their organization’s data.”

“The diversity of users, devices, networks and threats continue to grow,” said Holger Schulze, Cybersecurity Insiders’ CEO and founder. “New zero-rust security controls can fortify dynamic device discovery, verification, tracking, remediation and access enforcement.”