It’s time to flip our thinking about enterprise information security. For a long time, the starting point of our tech stacks has been the network. We employ a whole series of solutions on servers and networks—from monitoring and alerts to policies and procedures—to prevent a network breach. We then install some antivirus and malware detection tools on laptops and devices to catch anything that might infect the network through endpoints.
But this approach isn’t working. The bad guys are still getting in. We like to think we can just keep building a bigger wall, but motivated cybercriminals and insiders keep figuring out ways to jump over it or tunnel underneath it. How? By targeting users, not the network. Today, one-third of data compromises are caused by insiders, either maliciously and unwittingly.
Just because we have antivirus software or malware detection on our users’ devices doesn’t mean we’re protected. Those tools are only effective about 60% to 70% of the time at best. And with the increasing prevalence of BYOD, we can’t control everything on an employee’s device.
Even when we do control enterprise-issued devices, our security tools can’t prevent a laptop from being stolen. Or keep an employee from downloading client data onto a USB drive. Or stop a high-level employee from emailing sensitive data to a spear phisher posing as a co-worker.
We need to change our thinking. We need to admit that breaches are inevitable and be prepared to quickly recover and remediate. That means starting at the outside, with our increasingly vulnerable endpoints.
With a good endpoint backup system in place, one that’s backing up data in real time, you gain a window into all your data. You can see exactly where an attack started and what path it took. You can see what an employee who just gave his two weeks’ notice is doing with data. You can see if a stolen laptop has any sensitive data on it, so you know if it’s reportable or not.
By starting with endpoints, you eliminate blind spots. And isn’t that the ultimate goal of enterprise infosec?