The need to achieve responsible enterprise security has taken center stage in enterprise IT management in recent years, precipitated by a deluge of public data breaches that damaged company reputations. However, lacking information on the most critical modern attack vectors, many organizations continue to rely solely on traditional virus scanning tools as their sole method of enabling endpoint security.
Many business professionals seem to cling to a common misconception that the implementation of a malware protection tool provides blanket protection against all potential security risks. The broad availability of free scanning tools and Window’s native Defender software has lulled individuals who are not particularly risk-conscious into a false sense of security when it comes to protecting their IT resources.
To be clear, it is certainly true that scanning and remediation tools for malware — including viruses, Trojans, ransomware and adware — continue to be critical components of any security arsenal. According to Enterprise Management Associates (EMA) research, 73 percent of surveyed organizations indicated they have been affected by a malware attack, and only 58 percent reported a high level of confidence that they can detect a malware incident before it causes a business-impacting event.
These challenges are only accelerating due to a new generation of advanced malware attacks that are designed to target specific environments or conditions and are more resistant to removal or cleanup. However, it is important to recognize that these threats represent only a portion of the total risks posed by the use of endpoint devices in modern business environments.
Modern Endpoint Security Attack Vectors
Beyond the threat of malware infection, the broad reliance on distributed endpoint devices — including desktops, laptops, tablets, smartphones and wearables — poses a number of challenges to enterprise security assuredness. In traditional environments, endpoint devices (primarily desktops) and the applications and data they utilized were kept contained on controlled business networks.
Today, however, critical business IT services are distributed across numerous public and private cloud, web, and server-hosting environments. Additionally, the “mobile revolution,” which began a decade ago, introduced more portable endpoint devices, allowing users to access business IT services from any location at any time. The consequence of these foundational changes to IT service delivery is that there is no longer a secure perimeter