The crippling economic consequences of cyberattacks by nation states and wealthy crime syndicates have become more than apparent lately, with breach headlines becoming more common as of late. The Internet is already a key battleground in international conflicts and agencies are under relentless attack.
While we often hear about the aftermath, the piece of the puzzle we usually don’t get is the one about how the attack started.
The recent Verizon Data Breach Investigations Report confirms the ugly truth: 71 percent of attacks start at endpoint devices because humans are easy to deceive. A single click can give an attacker a gateway to an agency’s network. Federal employees and contractors must assume their endpoints will remain under targeted assault.
Organizations across government and industry reflexively respond to those attacks by layering a dizzying array of security measures on devices: data loss prevention, sandboxing, host-based intrusion prevention, whitelisting, return-oriented programming mitigation, and rootkit and bootkit detection, among others.
As reasonable as layered security sounds, though, it is ultimately a game of diminishing returns. Each newly layered defense adds cost, negatively affects the user experience and remains susceptible to the same issue: stacks of layered security can be uniformly defeated by attacks that exploit vulnerabilities deep within device operating systems
Overhauling the security of our endpoints makes sense. They must be inherently secure by design. If we could achieve that, devices would shrug off persistent attacks even when targeted employees are enticed into clicking links and attachments.
Micro-virtualization takes advantage of unused virtualization features on PCs’ CPUs to invisibly hardware-isolate each task, such as each tab in a browser, each file being edited or each email and attachment. Once isolated in this manner, in solitary confinement, so to speak, a task cannot be hijacked for attacking the operating system, stealing data or accessing agencies’ networks if malware arrives and “detonates” in the course of an employee’s work.
To read the entire article, please visit www.fcw.com.