The Morris Internet Worm source code (source: Computer History Museum)
The Landscape
Cyber security awareness has its origins in the 1980s (during the cold war) with the Morris worm, the world's first genuine malware. In the next years, as tools evolved and computers were adopted worldwide, automated malware made it to the centre stage. Script-kiddies (amateur hackers) started to grow in number and the rise of the anti-malware industry began. Hacks have changed extensively since then, not only in number but also in terms of their targets.
In the last decade cyber threats have grown dramatically in volume, complexity and diversity. Professional hacker groups are also growing in number, particularly as isolationism increases across the world. Recently, the spotlight has fallen on countries such as Russia and India, with many high-profile attacks appearing to originate there. In reality, the largest hacker groups are decentralised, with members spread across the world. Whether they are looking for ransom money or to punish what they perceive as evil behaviour (known as “hacktivism”), these attacks cause heavy monetary and social damage and need to be taken seriously. The attacks have also become harder to track and therefore harder to prevent, giving black-hat hackers and hacktivists the opportunity to take advantage of unprepared corporations and governments with little chance of being caught.
Modern cyberattacks have shocked the world and have shown us how vulnerable our institutions and corporations are. Yet one thing hasn’t changed throughout the years: end users are still the biggest targets for hackers. In the last couple of years, ransomware, social engineering and keyloggers have taken central stage in the industry, making endpoints (end-user devices) a critical pillar in corporate cybersecurity.
The Role of Endpoint Management in Cybersecurity
Not long ago, an up-to-date antivirus and a basic remote access app were enough to constitute endpoint management. Nowadays, corporate devices typically run dozens of apps, certificates, plugins, security agents and VPNs in order to function. Managing this is a complicated task. One that IT admins have worked tirelessly to automate in their management systems and integrate with their company's operational procedure.
A professional Endpoint Management System has a multitude of dimensions critical to cybersecurity. From security updates and agents to operational procedures, a solid endpoint management system has three structured pillars: lean operational procedures, documented and automated/scripted management policies and strict privilege access management.
Lean and Clear Operational Procedures
Operational speed is critical to a systems cybersecurity response. Operational procedures need to be seamlessly integrated into their organisation’s processes to avoid delays which could cause severe damage. For example, most corporations have approval systems for new purchases (such as new software). All software to be bought will have to go through this process of approval, including cybersecurity software. If this process is not streamlined or at least diversified the system might run into the issue of having to wait days to patch a threat. This delay might cause threats to escalate and end up in catastrophe.
Documented and Automated/Scripted Management Policies
Modern endpoint managers must handle dozens of agents, programs and updates every day while on top of this having to report to complex corporate systems. This makes handling well their time and focus even more critical. So how do we make sure that even on the busiest of days, all endpoints remained hardened and therefore protected? Automation. Modern IT admins must rely on automation to maintain updates and security agents in place no matter what. A modern system must automate critical compliance tasks and seamlessly block non-compliant devices. Keeping devices up to date, helping them avoid online threats and making sure that specialised users (such as developers) maintain a safe profile are just a few of these critical functions.
Strict Privilege Access Management
Whether using Intune, Jamf or any other MDM tool, access management is the base of any cybersecurity strategy. System admins and their policies must clearly identify roles, privileges and behavioural patterns for all computers, mobile devices, system and local accounts and any other identifying dimension in the system. Break Glass accounts need to be in place and maximum authentication security should be in place (MFA, etc) at every step, in combination with The Principle of Least Privilege.
Apple and the future of Endpoint Management
As Endpoint Management evolves, more and more companies are looking for simplicity and easily manageable devices. Apple has proven itself again and again in this realm with lean and easy to use devices. In the last few years Mac has steadily grown in popularity in corporations for three main reasons:
Lean and Stable
With a lean operating system, solid support and easily scriptable workflows, managing MacBook devices is a much simpler task than their Windows based counterparts. MacOS has very few services running compared to Windows. It also has a much stronger support compared to most Linux systems making it a great option for corporations to implement.
Long Term Costs
This simplicity and their longer lifetime help overcome the difference in initial hardware costs making Macs cheaper over time.
Employee Retention
In the modern world employee retention is a key goal for all corporations. With their famous design, simple OS and brand value, MacBook devices can play a key role in attracting talent to an organisation. Furthermore, employee buyback programs can make this proposition even more attractive.
If we glance back at the three pillars of a solid Endpoint Management system (lean operational procedures, documented and automated/scripted management policies and strict privilege access management), we start to see the growing benefits of introducing Mac to the enterprise environment. Windows-based organisations can also strengthen endpoint management using the same principles; this often requires more tailored planning but can certainly be achieved in conjunction with introducing Apple technology to the enterprise.
Conclusion
Endpoint Management has become a critical dimension for all corporations and governments worldwide. As technology changes and threats increase, making our processes leaner and more efficient will be critical for the safety of our assets. As a result, Apple devices and their simple, effective design will play a key role in the future of cybersecurity.
Interval is proud to be delivering several Endpoint Management and Cybersecurity engagements to valued clients. We offer the full range of Endpoint Management services, from consulting, architecture, design, implementation, preventing and recovering from cyberattacks. If you are interested in understanding more about what we can do for you and your business, get in touch with us. As Interval’s Cybersecurity Lead, I would like to thank you for reading this article and I look forward to hearing from you.
Sources
Codecademy Team: The Evolution of Cybersecurity, https://www.codecademy.com/article/evolution-of-cybersecurity
FBI News, The Morris Worm: 30 Years Since First Major Attack on the Internet,