Cyberattacks are on the rise. In fact, the 2020 internet crime report from the United States Federal Bureau of Investigation recorded 791,790 complaints of suspected internet crime reported for the year, an increase of more than 300,000 complaints from 2019.2
Consider also that small businesses are increasingly the target of cyberbreaches.
- According to Verizon’s 2021 Data Breach Investigations Report, of analyzed, confirmed data breach incidents affecting businesses, 307 breaches were reported for large businesses (1,000+ employees) and 263 breaches occurred in small organizations (1–1,000 employees), representing a substantial narrowing of the gap between them over 2020 numbers.3
- Additionally, according to Coveware’s Q4 2020 quarterly ransomware report, ransomware attacks on small businesses (with 234 median number of employees) increased 39 percent over the previous quarter.4 Coveware had previously reported that as of Q2 2020, 55 percent of ransomware attacks affected companies with < 100 employees.5
While most small business cybersecurity strategies include implementing firewalls, VPNs, network intrusion detection, web security gateways, and cloud access security brokers, changes in workplace dynamics and the fast-advancing footprint of cybercrime call for additional endpoint security to be applied to small business environments as well. This “defense-in-depth” level of security is especially important to have today considering the impacts of the recent pandemic and global shift to a more distributed workforce. Research shows that corporate leaders today expect most employees to continue working remotely for at least a few days per week, long after the pandemic ends. The “new normal” will be a hybrid style of work, with some days—and/or employees—on-premises and some remote, according to 82 percent of company leaders surveyed by Gartner in 2020.6
Digital Transformation of the Office
Work-from-home scenarios come with security challenges as remote employees are doing business via their own personal networks. Depending on when security standards were set for a company, it may be time to reexamine whether those security standards need to be updated to accommodate recent changes in the computing environment.
Protecting your small business network in this hybrid work environment requires a zero trust policy. Zero trust is the industry standard for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (e.g., local area networks vs. the internet) or based on asset ownership (enterprise or personally owned).
Using a zero trust policy, users are reauthenticated every time they access internal resources, such as cloud SaaS or enterprise apps. Employee devices are also reauthenticated, and device health is validated. Ultimately, when security capabilities are strengthened at endpoints, where devices are deployed at the edge of the network, the risks to network security are greatly reduced.
Implementing Endpoint Security
How can a small business best secure endpoints? The good news is that security ecosystem providers are already bundling solutions that identify endpoint vulnerabilities such as active threats, security violations, and device patches that need updating. Endpoint security is then overlaid with network security and a zero trust connection to fortify the network.
Cloud applications are also aiding in small business network security with policies that first authenticate user identity via password-based logins and then layer in conditional access policies that restrict application usage to only company computers or other known devices.
While password-based logins continue to be widely used today, other, newer technologies are emerging for user authentication. For example, many PCs offer hardware-enhanced biometric-based logins today that leverage facial recognition technology.
Software and Hardware-Enabled Security Features, Working Together
Hardware security capabilities go beyond the realm of protecting login credentials and are vitally important to securing endpoints. Consider that malware continues to advance technologically and is getting better at concealing itself across the network. In fact, even though software-based security solutions offer protection for endpoints via signature-based detection, malware today can rewrite itself once inside a system to evade these solutions.
The most sophisticated endpoint detection response (EDR) software solutions adopt a multiprong approach to threat detection, including signature-based detections, file-based behavior monitoring, and analysis-based techniques. These security tools are designed to catch common threats, such as ransomware and cryptojacking, in which malicious actors use someone else’s computer to mine cryptocurrency. While they offer some level of effectiveness, malicious code is learning very quickly how to circumvent file-based techniques, and it can be very difficult to uncover and contain a breach once a system is infected.
Because hardware-based security technologies are foundational to a system, they have much greater visibility into the health of devices and are much harder for malicious attacks to evade. They also add a completely new threat signal from the CPU microarchitecture itself.
Ultimately, hardware security technology is there to augment EDR software in helping to protect endpoints by identifying threats that are not visible to EDR tools. For example, CPU threat detection featured in Intel® Threat Detection Technology (Intel® TDT) sees all the layers above it and uniquely catches many zero-day threat derivatives and malware cloaking techniques. This hardware-based sensor works along with EDR software to help identify threats and catch malicious code that has evaded an EDR solution.
There are other layers of hardware-based endpoint security features that small businesses should consider implementing today to secure their networks:
- Hardware virtualizations enable OS isolation and protection of critical data and code, thereby helping to limit damage caused by malware.
- Hardware protected boot process helps to prevent rootkit attacks by ensuring only trustworthy firmware and OS images are loaded.
- Hardware-based total memory encryption helps prevent malicious data retrieval from a stolen device.
- Hardware-assisted device manageability capabilities deliver in/out-of-band management to aid fast remote device recovery.
- Hardware-enhanced multifactor authentication helps prevent phishing attacks.
Achieving Defense in Depth with Intel vPro®
To deliver advanced threat detection and below-the-OS security, the Intel vPro® platform is technologically aligned and mapped with tools provided by Microsoft, Google, and other large industry vendors and is designed to enable and enhance the best-practice frameworks of industry providers. As a result, standardizing on Intel vPro® allows small businesses to deploy the world’s most comprehensive, hardware-based security for business,7 across compute devices and platforms, getting users securely up and running right out of the box.
One of the cornerstones of Intel vPro®, and exclusive to Windows PCs built on the platform, is Intel® Hardware Shield, a set of integrated hardware-based security features that protect and defend computers at the firmware, hardware, application, and data layers against advanced security threats including ransomware and cryptojacking. Intel® Hardware Shield’s below-the-operating-system capabilities support a secure boot, allowing computers to launch in a trusted state. Dynamic Root of Trust for Measurement (DRTM), a built-in feature of Intel® Hardware Shield, provides hardware-to-software security visibility for the operating system and an additional layer of protection against firmware attacks. At the application and data layer, Intel® Hardware Shield helps prevent memory corruption, tampering attacks, and cold boot attacks, in the event of a stolen system.
Network Security Begins with Endpoints
Software-based security solutions are no longer enough for small businesses to secure their networks. Endpoints play a critical role in overall network security, and protecting them is essential to achieving network security. Ultimately, the Intel vPro® platform equips small businesses with the defense-in-depth technologies they need to help mitigate endpoint threats and optimize the performance of complementary network security solutions deployed across the environment.