The Evolution of Cybersecurity: What Poor Endpoint Protection Entails (Part 1)

Considering March is fraud prevention month, it brings with it a wake-up call for businesses to evaluate their cybersecurity practices. The statistics confirm that this should be of your concern.  With a 600% increase since the pandemic, the cost of cybercrime is estimated to be around 1% of global GDP. Canada is no exception—nearly 60 percent of Canadian organizations were targeted by ransomware attacks in 2022, costing Canadian organizations $5.6 million USD.

With the majority of businesses in North America adopting the latest in IT services along with cloud hosted infrastructure and services, things are made to look simple. After all, if everyone is doing it then what is stopping you from doing it too? Likewise, navigating through a plethora of online advertisements which all claim that migrating to these services are “as easy as the click of a button” can give the same impression. This can mislead people to develop a false sense of security, when the reality is that the digital environment is complex and unforgiving.

The takeaway is that working with security experts is not only insightful, it is essential. Whether your business is small, medium, or large, it is ideal to leverage the expertly managed services and resources such as those available from Cloud Metric. A company who oversees the cybersecurity of a network of business, from a variety of different industries, including healthcare, education, government, or finance, has the expertise to prevent, and respond to, security incidents in a far more efficient, and cost effective, manner than a small dedicated IT team.

This multi-part series, titled “The Evolution of Cybersecurity”, will outline expert advice and the very best cybersecurity practices, in light of the recent challenges to Canadian businesses. The series will get increasingly detailed, with each part focusing on a different aspect of cybersecurity.

Antivirus Software is No Longer Sufficient

One primary concern is endpoint protection. In the past, the most common form is antivirus (AV). Examples of this consist of Norton, AVG, or Microsoft Defender. Now, AV is only aware of the cyber threats which are listed as “virus definitions”. In other words, this is a list of software which the AV blocks, or prevents from running, because the software has performed an action in the past which fit the criteria of something undesirable, like a virus manipulating files. Therefore, any software which is not on this list is considered safe to run, and is not blocked from in any way. However, a major problem with this is that the harmful software has to have been seen before in order to have been placed on the list in the first place. As such, any new threats aren’t recognized and therefore are free to manipulate the system.

In order to address this, heuristic analysis was introduced by AV developers. This is essentially a method of detecting harmful software through searching for suspicious properties. Therefore, the AV will be able to detect viruses which were previously unknown, or in other words those which were not explicitly listed under the virus definitions. If a file exhibits unfamiliar content, then using a specialized virtual machine, the AV program can simulate what actions the file under question would perform if given access to the real system. If it begins acting like a virus, by doing things like manipulating files in undesirable ways, then it is flagged and reported to the user as a potential virus. Of course this is considered an improvement to endpoint protection compared to strictly blocking the known viruses on a list.

However, AV is proven once again to be an inadequate form of endpoint protection. Sophos, a global leader in cybersecurity, claimed that 72% of ransomware attacks targeting state and local governments had their data encrypted. The problem is that encrypted files can only be decrypted by users who have access to the key. AV programs are proven to be ineffective in processing encrypted files. As such, ransomware and other viruses go unnoticed, and sound endpoint protection is sacrificed. Furthermore, encrypted files are common, so when harmful viruses take this form they remain hidden in the crowd.

Finally, AV also proves to be lacking when it comes to securing various devices like fax machines and printers which communicate directly to other devices or with the internet. Their software varies, and as such AV must be configured appropriately for each unique device. However, many businesses fail to update or appropriately manage AV, which is the primary form of endpoint protection for these sorts of office devices. Oftentimes they are left vulnerable due to this neglect, which acts as a weak point and enables intrusions. Cybercriminals can exploit these devices to cause damage.

All in all, AV is an insufficient form of endpoint protection against criminal activity, and yet it is still a commonly employed measure. The next entry in The Evolution of Cybersecurity series will detail how to properly establish endpoint protection, with reference to endpoint detection and response (EDR), managed detection and response (MDR), and extended detection and response (XDR).

Multi Part Series: The Evolution of Cybersecurity Part 1: What Poor Endpoint Protection Entails Part 2: Ideal Endpoint Protection Part 3: The Need for Multi Factor Authentication Part 4: The Risks of Working from Home – A Zero Trust Approach Part 5: Running Virtual Penetration Tests Part 6: Is Your MSP Keeping You Secure?

Featured Download