Just about every cyberattack follows a similar pattern: an end-user is fooled into clicking on a malicious link, downloading malware, or opening an infected file. This is one of the early stages of the famous Lockheed Martin "kill chain."
Given this pedestrian malware workflow, endpoint security is absolutely key – catch an attack early when it compromises a few endpoints and you can avoid the more ominous phases of the kill chain, including data exfiltration.
To pull off today's endpoint security requirements, you can't assume that you can block all attacks using AV or patching software vulnerabilities. Rather, you need smart security analysts skilled at detecting and responding to attacks on endpoint devices.
Unfortunately, this is where the enterprise security model often breaks down. Why? Once again, the global cybersecurity skills shortage gets in the way.
According to ESG research, 43% of enterprise organizations have a moderate to severe lack of human resources capable of supporting endpoint technologies and processes (note: I am an ESG employee). So there's a shortage of endpoint security staff, but that's not the only problem here. When asked to identify their top endpoint security challenges, 38% of enterprise security professionals stated that their organization's endpoint security staff spends too much time attending to high-priority issues and not enough time on process improvement and strategic planning. Granted, some of these high-priority issues are associated with incident detection and response, but constant fire-drills will certainly have an impact on the security staff's overall efficiency and effectiveness. So when it comes to endpoint security, it's safe to say that many organizations are under-skilled and understaffed.
Since it's unlikely that CISOs can simply hire their way out of this problem, what else can be done? Well, organizations with acute cybersecurity skills shortages should probably look toward service providers like BT, Dell SecureWorks, Symantec, Unisys, or Verizon for expertise and staff augmentation. It may also be worthwhile to investigate security analytics tools that apply algorithms and intelligence to network and endpoint forensic data to accelerate detection, pinpoint problems, and streamline remediation. Vendors like Blue Coat, Cisco, FireEye, Hexis Cyber Solutions, Palo Alto Networks, Raytheon Cyber Products and RSA Security, offer solutions in this area.
I often tell CISOs that they should consider the impact of the cybersecurity skills shortage as part of every decision they make. Based upon the ESG research presented in this blog, endpoint security certainly demands this type of consideration.