ICIT: Endpoint security crucial to ransomware protection

Endpoint security, while not a "sliver bullet solution" to cybersecurity issues in healthcare and other industries, is a vital component to any multi-layered protection strategy, according to a brief published by the Institute for Critical Infrastructure Technology (ICIT).

Such security, the authors say, instead must be considered as a first line of defense in an ever-evolving threat landscape and organizations must not see it as "static." This is particularly important as ransomware persists as a threat, the authors say, since it is easy and inexpensive to deploy and often targets endpoints.

"If only 1 percent of ... victims pay at least $1, the attacker has likely recovered whatever resources they initially invested in the campaign," the authors write. "Further, even unskilled modern adversaries pose a threat to unprotected organizations."

Particularly vulnerable endpoints include users, personal computers, servers, mobile devices, specialized hardware and cloud services, the authors say. Compromised servers, the brief notes, are what led to an attack last month on Columbia, Maryland-based MedStar Health, which operates 10 hospitals in and around the District of Columbia. MedStar never confirmed the nature of the attacks, and denied reports that hackers accessed its network through a vulnerability in an application called JBoss.

The ICIT report points out, however, that because MedStar practiced good overall cyberhygiene, it was able to restore its systems via backups without having to pay a ransom.

It adds that endpoint security must not be viewed as "an excessive investment."

"Exposed endpoints are the first place an attack will start and it will radiate from there into the network at large," the authors say. "A layered defense acts like a set of permeable barriers to manage good and bad traffic."

To learn more:
- here's the brief (.pdf)