It’s been over six months since the World Health Organization first declared the COVID-19 pandemic, and within that timeframe the way we work has changed dramatically. As we discussed in our webinar back in May, the initial phases of remote workforce rollout presented a number of valuable lessons; prominent among them the importance of endpoint security.
Where initially the challenge of transitioning the workforce from office to home was focused primarily on the availability and mastery of various software applications, our gaze quickly shifted to a number of very real security risks.
Within the first quarter of 2020, large scale data breaches had risen by 273%[1] as compared to the same time last year. It stands to reason- as companies transitioned to their home offices, the number of networks in use multiplied exponentially, with the vast majority unsecure. Where workers in the office connected to a safe, secure corporate network, workers at home are connecting via personal devices on average home wifi networks.
It’s fertile ground for cybercriminals to wreak havoc on the corporate threat landscape. So many access points, so little time! Ransomware attacks are up by 90%, destructive attacks by 102%, and island-hopping attacks by 33%1. And while even the largest enterprises can experience severe consequences from an attack, the uptick in cybercrime has the potential to be fatal for small to mid-sized businesses.
Prevention and Detection: The Next Frontier
Moving through the summer and into the fall, at Carbon60 we’ve seen many of our clients identify the need to increase endpoint security as a main priority. And we’ve harnessed our expertise to deliver a robust set of managed security services to protect against this year’s unique set of threats to critical server infrastructure and customer endpoints.
Endpoint protection is comprised of security solutions that address endpoint security issues, protecting them against zero day exploits, attacks, and even data leaks that may occur as a result of human error.
The goal of endpoint protection is twofold:
Stop Known Threats
Suspicious behaviour is identified using automated blocking of known and new attacks.
Harden Against the Future
Rapid incident response removes threats and ensures that endpoints are resilient to new and repeat attacks.
And while the breadth of cyberthreats is indeed varied, there is a single factor that will largely dictate the success of any comprehensive endpoint protection program: Speed.
The 1-10-60 Rule
The speed with which a threat is identified and eradicated is also referred to as “breakout time”. It’s a key metric that can be used as a watermark with which to measure the efficacy of endpoint security programs. This three-pronged metric is broken down as:
1) Detection Time (1:00 minute to Detect)
How quickly can an organization discover that a threat has occurred or is about to occur?
2) Investigation Time (10:00 minutes to Investigate and Understand)
How quickly can an organization understand the nature and scope of the attack and determine a plan of action?
3) Response Time (60:00 minutes to Contain)
How quickly can an organization eradicate the threat and mitigate damage?
Current best practices dictate that a threat should be detected in under 1 minute, investigated completely in less than 10 minutes, and eradicated in less than 60 minutes. Hence the 1-10-60 rule.
At Carbon60, 1-10-60 is our mantra as we assist our clients in upgrading their endpoint protection to the level of efficacy necessary for a remote workforce.
Why Carbon60?
Clients contact us for many different reasons, but the main factor in choosing us as their managed service provider lies in our unparalleled expertise. Whether your organization has recently faced a threat and needs to protect against future breaches (and fast), or you simply do not have the internal resources to provide the protection necessary in 2020, Carbon60 can help. Carbon60’s managed endpoint protection service, powered by CrowdStrike, protects your assets 24×7 no matter where the data resides. Threat hunting technology is combined with next-generation antivirus and endpoint detection to eliminate blind spots that traditional AV software misses.
For the most elusive threats, a team of Carbon60 experts investigate and nullify compromised endpoints on your behalf, preventing lateral spread. We work alongside your team to support the full incident response lifecycle, determining the root cause and corrective actions to ensure your environment is hardened against future business disruption.
To learn more about how Carbon60’s services can assist your organization, reach out to our team today.
[1] CNBC, “Cybercrime Ramps Up Amidst Coronavirus Chaos, Costing Companies Billions”, https://www.cnbc.com/2020/07/29/cybercrime-ramps-up-amid-coronavirus-chaos-costing-companies-billions.html