What 2019 endpoint threats should your enterprise prioritize preventing?
Granted, for many enterprises IT security teams and researchers, the above query must appear like a trick question. “What shouldn’t enterprises fortify against?” might be closer to the real question.
Among some of our endpoint security research from the past year, we found:
- More and more hackers embrace cryptocurrency mining malware. One of the top threats from 2018, its evasiveness and effectiveness almost guarantee it as one of the top 2019 endpoint threats.
- Ransomware attacks and adoption declined last year, but enterprises shouldn’t assume its complete disappearance in 2019. If cryptocurrency continues to decline in value, ransomware could come roaring back among the top 2019 endpoint threats.
- Fileless malware, an insidious threat which utilizes native enterprise processes to achieve its malicious ends, has also seen a rise in popularity. Given the ineffectiveness of legacy endpoint security solutions to prevent fileless malware, no list of 2019 endpoint threats would be complete without fileless malware.
The above list merely scratches the surface of potential 2019 endpoint threats. Trojans, adware, phishing attacks, other social engineering attacks all could disrupt your enterprise’s business process and compromise its databases. Yet we acknowledge we can dive deeper in our the 2019 endpoint threats list. To gain some better insights, we took a look at the recent research from Trend Micro, a recognized endpoint security solution provider.
Here’s what they warned us:
Potential Work-From-Home Infiltration
Anyone with even a passing knowledge of endpoint security knows the risks inherent in the bring-you-own-devices (BYOD) culture. While a boon to productivity and worker flexibility, it poses a challenge by flooding the network with new devices with their own configurations and security vulnerabilities.
Trend Micro, in their Mapping the Future: Dealing with Pervasive and Persistent Threats report, points to the other side of the equation: work-from-home security risks. More and more employees take advantage of work-from-home policies, but this means they connect to your professional network through unprotected devices or through unprotected applications.
Of course, this threat also intersects with IoT issues and their well-known security vulnerabilities. If an employee discusses their work at home near a smart speaker, the results can be just as disastrous as if a hacker penetrated your firewall.
Business Process Compromises
According to a press release by Trend Micro, 43% of enterprises suffered a business process compromise (BPC). Simultaneously, 50% of enterprise management teams don’t know about BPCs and the risks they pose.
A BPC uses loopholes or vulnerabilities in your business processes, practices, or systems, modifying them remotely to benefit the hacker in some way. Neither the enterprise nor their client may be any the wiser to the change; however, it can completely disrupt an entire line of business.
Rik Ferguson, Vice President of Security Research for Trend Micro, said on BPCs: “In a BPC attack, they could be lurking in a company’s infrastructure for months or years, monitoring processes and building up a detailed picture of how it operates.”
“From there they can insert themselves into critical processes, undetected and without human interaction. For example, they might re-route valuable goods to a new address, or change printer settings to steal confidential information.”
A business process compromise could start at any endpoint and could damage any enterprise in any industry. Is your current endpoint security solution capable of recognizing and preventing them?
Radio Remote Controllers and Industrial Machines
Manufacturers cannot neglect their endpoint security either. Hackers can infiltrate industrial IoT (IIoT) devices and disrupt their vital business processes. In some cases, threat actors can hold entire manufacturing lines hostage with ransomware. New research from Trend Micro indicates a new threat of type: using remote radio frequencies to spoof commands.
With radio frequencies, hackers don’t even need to be on an explicit endpoint. All they need is some inexpensive equipment and to be just within range to create serious malfunctions. The problem with radio frequencies resembles the problems with the IoT: they are designed without necessary security protocols. Endpoint security solutions must pick up the slack.
What 2019 Endpoint Threats most concern you and your enterprise? How are you preparing for them? Will your current endpoint security be capable of handling them? Only by answering these questions can you ensure a successful new year in the digital marketplace.
Thanks to Trend Micro for their research and expertise!
Latest posts by Ben Canner (see all)
- Endpoint Protection Capabilities You Need for the Cloud - April 18, 2019
- Endpoint Monitoring, EDR, and Endpoint Security: What Do You Need? - April 17, 2019
- Opinion: Can Your Cybersecurity Be a Competitive Advantage? - April 12, 2019