Cloud architectures and remote workforces have effectively dissolved the network perimeter, the traditional line of defense for IT security. Lacking that decisive boundary, the work of security teams has changed. Now to guard against data breaches, ransomware, and other types of cyber threats, protecting network endpoints is more important than ever. \n\nBut protecting endpoints is a priority with a massive scope. Endpoints encompass everything from employee laptops, desktops, and tablets to on-premises servers, containers, and applications running in the cloud. Endpoint security requires a comprehensive and flexible strategy that goes way beyond what security teams relied on a decade or more ago. Then IT assets were nearly all on-premises and protected by a firewall. Those days are over.\n\nRansomware continues to evolve\n\nRansomware continues to be a major threat to organizations of all sizes. After declining for a couple of years, ransomware attacks are on the rise again. They increased 23% from 2021 to 2022. \n\nNot only are attacks more frequent, they\u2019re also more disruptive. In 2021, 26% of attacks led to disruptions that lasted a week or longer. In 2022, that number jumped to 43%.\n\nOn average, each of these attacks cost its victim $4.54 million, including ransom payments made as well as costs for remediation. As bad as these numbers are, they\u2019re poised to get worse. That\u2019s because in the past year, attackers have adopted new models for extorting money from victims.\n\nBusiness email compromise attacks\n\nAnother prevalent form of attack is business email compromise (BEC), where criminals send an email impersonating a trusted business contact, such as a company CEO, an HR director, or a purchasing manager. The email, often written to convey a sense of urgency, instructs the recipient to pay an invoice, wire money, send W-2 information, send serial numbers of gift cards, or to take some other action that appears legitimate, even if unusual. If the recipient follows these instructions, the requested money or data is actually sent to the criminals, not the purported recipient.\n\nBetween June 2016 and December 2021, the FBI recorded over 240,000 national and international complaints about BEC attacks, which cumulatively resulted in losses of $43 billion. Ransomware might make more headlines, but BEC attacks are 64 times as costly. And they are becoming more frequent, increasing 65% between 2019 and 2021.\n\n\u201cEndpoint monitoring won\u2019t stop a BEC attack,\u201d explains Tim Morris, Chief Security Advisor, Americas at Tanium. \u201cBut it might tell you a little more about the person who opened the email and what they did with it. Context can give you the clues you need for determining whether the attack is part of a broader campaign, reaching other recipients with deceptive messages.\u201d\n\nPractical tips for endpoint management\n\nHow should CIOs and other IT leaders respond to these evolving threats? Here are five tips.\n\nWith so many people working remotely and 48% of applications running in the cloud, it\u2019s time to recognize that the new line of defense is around every endpoint, no matter where it is and what type of network connection\u2014VPN or not\u2014it\u2019s operating with.\n\n2. Identify all devices connecting to the network, even personal devices not officially authorized.\n\n\u201cYou can\u2019t secure what you can\u2019t manage,\u201d says Morris. \u201cAnd you can\u2019t manage what you don\u2019t know.\u201d Security Operations Centers (SOC) need to know all the endpoints they\u2019re responsible for. Audits of enterprise networks routinely find endpoint management systems miss about 20 percent of endpoints. SOC teams should put tools and processes in place to ensure they have a complete inventory of endpoints and can monitor the status of endpoints in real time.\n\n3. Patch continually.\n\nPatching has always been important to ensure endpoints have access to the latest features and bug fixes. But now that software vulnerabilities have emerged as a major inroad for attackers, it\u2019s critically important to ensure patches are applied promptly. Organizations can\u2019t hope to respond to supply chain attacks like Log4j without putting in place automated solutions for software bills of materials and patching.\n\n4. Drill.\n\nOnce you have a cybersecurity plan, a cybersecurity toolset, and a trained staff, it\u2019s important to practice hunting for threats and responding to attacks of all kinds. It\u2019s helpful to take a Red Team\/Blue Team approach, assigning a team of security analysts to break into a network while another team tries to defend it. These drills almost always uncover gaps in security coverage. Drills also help teams build trust and work together more effectively.\n\n5. Get endpoint context.\n\nWhen attacks occur, it\u2019s important to respond as quickly as possible. To respond effectively, security teams need to understand what\u2019s happening on affected endpoints, no matter where they are. Which processes are running? What network traffic is taking place? What files have been recently downloaded? What\u2019s the patch status?\n\nAnalysts often need answers in minutes from endpoints thousands of miles away. And they don\u2019t have time to install new software or hope the remote user can help them set up a connection. Security teams need to have a system already in place for analyzing endpoints and collecting this data, so that when any type of attack occurs\u2014even attacks like BEC attacks\u2014they can collect the contextual information needed for understanding what happened and what threats remain active.\n\nCyber threats are becoming more prevalent, more sophisticated, and harder to identify and track. For more tips\u2014five more in fact\u2014on how to reduce the risk of cyberattacks and ensure that when attacks occur, they can be contained quickly and efficiently, check out this eBook.