The endpoint security problem persists - MEAD offers a new approach
How can IT teams close the endpoint cybersecurity gap?
We spend a lot of time talking about gaps in cybersecurity, but weak points are often the bigger problem. Case in point: a recent TAG report found that 93% of cybersecurity teams have endpoint data controls in place, yet only 7% were confident that these controls were working — and 71% of CISOs said they wouldn’t be surprised if they had a serious data breach on their business PCs and laptops.
In other words, nearly all organizations have tools to cover their endpoint data security gaps. They just don’t work — and everyone knows it.
TAG report uncovers familiar issues with endpoint security
Despite plenty of attention over the last decade, endpoints remain a common source of data loss and data breach. So, the TAG study looked at how companies protect endpoint data today — and found some deficits that likely sound familiar to any CISO.
Beyond companies’ startling lack of confidence in their endpoint protection and recovery capabilities, TAG identified an overreliance on employee actions as the control to comply with cybersecurity policy (don’t get me wrong, people are great; but we make mistakes); additionally, TAG warned of increasing misuse of cloud collaboration platforms like OneDrive in place of purpose-built, automated endpoint backup and recovery.
Chief Information Security Officer, CrashPlan.
Advancing cybersecurity maturity overshadows endpoint security problems
Perhaps most importantly, TAG noted that using more cybersecurity tools did not translate to less endpoint risk; it’s really about using the right tools for the right application. Moreover, as organizations have advanced their overall cybersecurity maturity — adding sophisticated cloud security tools, for example — this progress has produced a halo of overconfidence among CISOs that overshadows endpoint data security and resilience problems: “Many enterprise teams possess a false sense of security for endpoint data resilience and restoration post-incident,” TAG concluded.
MEAD: A simplified model of endpoint security
The TAG report wasn’t all bad news. The leading cybersecurity advisory firm proposed a new model that radically simplifies the approach to building a modern endpoint security program. The back-to-basics framework is called MEAD, comprising four pillars: Malware (e.g. Malwarebytes), EDR (e.g. CrowdStrike), Analytics (e.g. Tanium), and Data.
The MEAD model holds that CISOs should focus first on ensuring confidence in these four fundamental areas — in other words, focus on the fundamentals before spending time evaluating novel and niche technology promising to cover emerging gaps or edge cases.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Endpoint backup is the foundation of MEAD
Importantly, TAG puts endpoint backup as the foundational layer of endpoint security — enveloping all else with the confident assurance of data resilience. This shouldn’t be a surprise — backing up endpoint data has always been the most reliable way to ensure data availability, no matter what happens. But TAG highlights the need for “a purpose-built endpoint data protection and resilience platform,” as a distinct correction from the widespread trend of misusing cloud collaboration tools as an (inadequate) substitute for true endpoint data backup.
We need MEAD
Managing complexity is a common challenge in cybersecurity today. The enterprise ecosystem keeps getting bigger and more complicated. Threats and threat actors keep getting more sophisticated. It’s no surprise that the dominant response has been to add more to the security stack.
The biggest takeaway from the TAG report flies in the face of this complexity: The biggest risks are still some of the most fundamental (protecting endpoint data). And this isn’t a problem that requires elaborate technology or adding more layers to the security stack. We know how to fix endpoint security — it’s about getting back to basics, starting with putting a secure, purpose-built, and automated endpoint data backup and recovery platform in place.
We've listed the best cloud antivirus.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Todd Thorsen, Chief Information Security Officer, CrashPlan.