Complacency reigns: CISOs, IT and cybersecurity professionals overlook endpoint security

By Mary Ann Yule, President and CEO, HP Canada

 

Any defence is only as strong as its weakest point.

History is full of mighty fortifications designed to defend against threats, but century after century, we’re reminded once again just how ineffective they are. Savvy attackers don’t target strengths, they exploit weakness. Many of today’s most precious and valuable resources are sensitive digital information and, while countries and companies may build robust security around data centres and cloud-based data, it only takes one malicious link opened on a PC or mobile device or a few lines of malware inserted into a printer to open the gates and compromise an entire organization.

Connected devices have proliferated and endpoint devices — a category that includes desktop and laptop PCs, mobile devices and printers — have become the new front lines of cybersecurity. Cybercriminals are not trying to overtake the big wall, they’re going to attack each brick, or endpoint device, to find the weakest point where they can stealthily enter without being detected.

With pre-made tools to hack devices on the dark web, malicious actors can attack an organization millions of times each day in hopes of finding a way in. Once access to a single device is gained, hackers bide their time, working their way into an organization over weeks or months until they are capable of inflicting significant damage, compromising core data for ransom or worse.

Last year, there were more than 7.9 billion records exposed in data breaches costing nearly an average of $3.92 million USD per business. Despite the known vulnerabilities, it’s striking that only 30 per cent of IT professionals identify endpoint device security as a significant component of their organization’s cybersecurity strategy, according to a recent IDC survey.

The IDC research, which focuses on the security protocols and viewpoints of IT leaders in 14 industries across five countries in the EU and North America, highlights pronounced cybersecurity under-awareness and under-preparedness especially amongst the devices most at-risk of attack: PCs and printers.

An incredible 64 per cent of Canadian IT professionals don’t include printers as a consideration within their endpoint security strategy. Often the trojan horse, printers can be compromised just as readily and, in many cases, more readily than PCs, making this lack of protection a pointed area of concern.

Not only this, but security leaders also show a problematic understanding when it comes to the full breadth and importance of endpoint security. When asked about printers, 78 per cent of Canadian respondents believe these devices to be low or no risk. Printers have all the same components as a PC – a hard drive, wired or wireless access connecting directly into your IT infrastructure, and access to some of the most important and sensitive information the organization has. If not protected properly, vulnerability is a massive understatement.

So, who are the culprits unknowingly opening the doors for attack? Most often, it’s found in the procurement department, as they’re responsible for the purchasing decisions. According to the survey, among Canadian respondents, 22 per cent say security requirements are not even taken into consideration. When choosing PCs, leading companies place security as the top consideration, whereas others see it as the lowest level of consideration and remain focused on cost and performance.

As an industry, it is critical IT leaders do more to create stringent industry standards for endpoint security. Programs like Keypoint Intelligence Buyers Lab (BLI) Security Validation Testing program, are leading the way as the first of its kind to define a clear set of security standards for connected Multi-Function Printers (MFPs) and printers. These initiatives drive higher standards for security and give customers third-party information they need to evaluate security features when making purchasing decisions.

Today’s IT professionals and procurement departments must treat every purchasing decision as a security decision. Examining the most resilient devices for their organization and supporting the industry with standardized testing ultimately benefits everyone by fortifying endpoints and protecting the sensitive data customers trust us with.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

IT World Canada in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Latest Blogs

Senior Contributor Spotlight