You’re working from home going about your business. You respond to an email that looks like it’s from one of your vendors. Their request for your login credentials for your line-of-business software is a little odd but you think they must have a good reason or else they wouldn’t ask. You comply.
You go on about your day as usual, not knowing that the email wasn’t really from your vendor and the action that you took opened the door and let a cyber criminal into your laptop. You have no idea that they’re making their way through your computer turning off security and changing permissions.
You aren’t their ultimate target, however. They want to use you to get control of administrative accounts where they can manipulate privileges and get ultimate power over your network.
It might take a while before they’re ready to strike. That’s okay because no one knows that the intruder is there while they snoop around, read your email, help themselves to your information, and position themselves to expose, steal or kidnap your data, or use you to get to that bigger target.
This type of situation happens all too often but it’s avoidable if Endpoint Detection and Response (EDR) is on every device connected to your network.
EDR Looks For Suspicious Activity on Devices
EDR is a layer of security between your employees’ computers and the rest of your network. This tool learns about the normal traffic patterns on the device so that it can recognize suspicious activity the moment it appears.
When something out of the ordinary happens, it sends out an alert and simultaneously responds to the suspected intruder. Sometimes the activity is harmless, but sometimes it’s not. A security team trained in managing EDR responds to alerts and trigger any additional follow up that’s needed.
In our scenario, it looks like the follow up should include cybersecurity awareness training for the employee. Training and enforcement of policies that document how vendors can access your network should be revisited or reviewed.
Even with training, though, errors in judgment happen so you can’t always count on people to be a strong line of defense. Additionally, criminals are going to keep coming up with new ways to circumvent your security which brings us to another reason why you need EDR.
EDR Defends Against Unknown Threats
It’s not enough to defend against known threats. You have to defend against unknown threats and that’s what EDR does.
Traditional cybersecurity strategy was about keeping your firewalls, antivirus and antimalware up to date with the latest information about the worms, viruses and other bad stuff that cyber criminals were using to compromise IT systems. In order to protect against it, they had to know about it.
These days, cyber bad guys are using Artificial Intelligence (AI) and that allows them to iterate new variants of malware quickly. EDR uses AI too, to seek out these new threats and stop them in their tracks.
Your Network Perimeter is Gone
Get the idea that the cat and mouse game of cybersecurity has changed? You bet it has and it’s not just because cyber criminal tactics have changed. Your network perimeter has changed as your organization has evolved.
Chances are good that you have remote workers and all kinds of devices connected to your network that weren’t there 10 or even five years ago. Your people are probably using a lot of cloud services and you’re using the cloud for your server needs or even your entire infrastructure.
This expansion of your technology has allowed your business to grow and transform but it’s increased the attack surface that cyber criminals can target. If you don’t have EDR then this attack surface is not adequately protected.
Ask Your IT Team About EDR
As an executive, you’re not expected to know all the technical details about the cybersecurity tactics that your IT team uses to defend your organization against cyber threats, but you can ask – Are we using EDR? If the answer is no (or I don’t know) then you're more vulnerable to cyber attack than you realize.
Up Your Security Game with XPERTECHS
Here at XPERTECHS, we work with clients to create cybersecurity strategy that meets modern and evolving threats with sophisticated security strategy and tactics. If you’d like to have confidence in how you’re managing cyber risks, contact us to schedule a security consultation.