A recent spate of high-profile security breaches at some of the largest enterprises in Australia has reminded everyone of the importance of security. Cyber crime is estimated to cost the Australian economy around $42 billion per year, and that number is only increasing.
The biggest challenge when it comes to cyber crime is that there are so many different security risks to manage. Three of the biggest risks moving into 2023 and beyond are:
Ransomware – in which a malicious program infects a computer, locking access to all files until a ransom is paid to gain access to an unlock key. Most ransomware programs, once they’ve infected one computer, will proliferate across the network, and lock down the entire organisation’s IT environment. Of course, even if the ransom is paid and the key received, there’s no guarantee that other malicious code won’t remain on the devices to continue to gather data for the criminals. Ransomware often starts from something as humble as someone in the organisation downloading the wrong file from an email.Misconfigurations and unpatched systems – cyber criminals can purchase tools from dark Web marketplaces that will scan IT networks and devices for poor configurations and unpatched systems that they can exploit. This has become a particular concern with more people working remotely (and therefore away from the IT support team) during and post-pandemic. In many cases, the management of patching for remote devices has been less robust than it should be.Social engineering – with social engineering, the cyber criminal will “trick” a victim into releasing confidential information, such as passwords and other logins. They achieve this via several means, but one of the most common is via phishing, which typically involves convincing someone to download a piece of malware from a legitimate-looking email that will then gather login data and other sensitive info that can give the criminals access to much more within the organisation.
In all three cases, the cyber criminals are gaining access via the endpoint devices. While firewalls and other “perimeter” security defences remain critical for protecting and organisation and its assets, there has been a renewed focus placed on the importance of endpoint defences, because it is that individual’s vulnerability that is too often the easiest thing to exploit.
Endpoint security needs to a multifaceted-approach
“Endpoint security” means more than an anti-virus installed on the computer. A truly robust endpoint solution will provide protection at all levels of the device, from the core BIOS, through to the hardware, firmware and application layers.
This is what Intel has aimed to deliver with the Intel vPro® platform. The vPro® platform encompasses performance, manageability, and security, and in security aims to cover endpoint devices at all stages – below the OS, above the OS and at the application layer.
It starts with total component traceability that starts at the factory floor. Meanwhile, vPro® features attestable security status, meaning that it uses static and dynamic root-of-trust measurements in the Intel Trusted Platform Module that confirms below-the-OS security to detect abnormalities.
On the hardware layer, Intel boosts the security of devices with total component traceability that starts at the factory floor. Meanwhile, the secure boot-up tool in vPro® means that only untampered firmware and trusted OSes will load, preventing compromised devices from connecting to the network in the first instance.
vPro also boosts security for virtualised environments. Organisations can run virtual machines for security-based isolation with application compatibility, across different operating systems. In addition, virtualised security software, such as Windows Defended Credential Guard and Application Guard are boosted through Intel’s own virtualization capabilities. This delivers superior protection against kernel-level malware through to browser-based attacks.
At the application layer, vPro® features a hardware-isolated Key Locker to enable password-less sign-ins (useful for mitigating the risk of social engineering tricking the employee into giving away their password). vPro® also features total memory encryption that has been designed to mitigate against the risk of cold-boot attacks and isolate compromised applications.
Finally, AI-driven CPU threat monitoring has been designed to detect malware that has slipped past the anti-virus. Intel has also integrated the Threat Detection Technology with the major mobile device management software options, to extend these capabilities holistically to all technology that might be interacting with the network.
Building a holistic endpoint security practice
While the Intel vPro® solution has been designed to be a powerful and robust baseline security for endpoint devices, the reality is that security at the end point needs to be a proactive and ongoing effort by organisations. This is particularly true with so many devices connecting to company networks remotely.
vPro® will be most effective when backed by several best practice policies, including:
A zero-trust approach to user privileges. Administrators should maintain tight control over the access that users have when accessing sensitive data and parts of the network. This means have a robust approach to access rights by device and user, and administrator permissions should be reserved for specialised users.Remote deployment of patches and updates. There are tools available to IT teams to remotely access PCs and deploy patches. The goal here needs to be to make patching as seamless as possible for the end user, and not rely on their input.Ongoing training of employees. Ultimately the best defence of all is to train employees so they know the security red flags to watch out for. Research from Stanford University found that around 88 per cent of all data breaches occur because of human error. Solutions such as vPro® can help to mitigate against this risk, but an ongoing training regimen across the organisation is of equally critical importance.
Following the recent wave of data breaches, the Australian government has committed to increasing the penalties for organisations that have been impacted by poor security practices. These penalties are now stiff enough to be an existential risk to many organisations. Investing in security solutions that address the gateways to the organisation’s data, as endpoint solutions do, and combining that with a renewed approach to security policy and training, will be a critical way for a business to protect itself into 2023 and beyond.
For more information on the security features of vPro®, click here.