This year, the SANS annual survey on Endpoint Monitoring in a Dispersed Workforce uncovered new information that disrupts long-term cybersecurity trends. Brian Robison, BlackBerry Senior Director of Product Marketing and Chief Evangelist, joins the SANS discussion panel to analyze how COVID-19 has changed the threat landscape.
The SANS Endpoint Survey
The SANS Institute was founded in 1989 as a cooperative organization focused on information security. Their primary goal is to empower cybersecurity professionals with knowledge and resources vital for their success. The SANS Endpoint Survey provides a yearly look at the current state of endpoint security. It examines how organizations are using auditing and endpoint detect and response (EDR) solutions, and how effectively these countermeasures are performing.
Endpoints are commonly attacked by threat actors intending to infiltrate more deeply into a target organization. Workplace bring-your-own-device (BYOD) policies invite a broad range of connected technology that interface with workplace data, but also complicate endpoint security. In 2020, COVID-19 led to a record number of work-from-home employees, greatly increasing the attack surface of remote-work threat vectors.
The SANS 2021 Endpoint Monitoring in a Dispersed Workforce Survey covers the security impacts of these changes in detail.
What Changed in 2021?
The workforce shift to remote locations greatly impacted endpoint security in several ways, including:
- Exposing large numbers of Internet of Things (IoT) and BYOD endpoints to threat actors because they aren’t centrally managed solutions
- The inability to monitor or collect security data from endpoint devices and off-network assets used by remote employees
- Spearphishing being eclipsed by another threat vector as the most common method of endpoint compromise
- Several organizations reporting a shift toward customized detection capabilities through using central or remote scripts
Many organizations successfully adapted to the security challenges caused by COVID-19 by using improved detection and remediation techniques. A surprising number of companies reported experiencing no endpoint attacks at all.