How much should you trust users?

Companies are spending record-breaking amounts on cybersecurity. That’s because risks are growing; a TechRepublic report noted that data breaches are up more than 50% so far this year. A Kaspersky Labs study found that a whopping 90% of data breaches are caused by human error. User behavior (often in response to social engineering attacks) is far and away the greatest risk.

Users aren’t the only element cybersecurity professionals can’t afford to trust. All applications are flawed in some way. Endpoints are another weak link in the cybersecurity chain. When you put all three together — users, apps and endpoints — you have a data breach waiting to happen. Here are some of the risks associated with each:

  • Users: Security awareness training isn’t a waste of money, but it’s important to know it’s not a panacea either, as the high percentage of breaches due to human error demonstrates. Phishing remains a significant risk; even as click-rates drop, hackers use more sophisticated methods, and stolen passwords and credentials remain a problem. Social engineering is a growing risk.
  • Apps: Code flaws are a persistent risk with applications. Truly secure code doesn’t exist, so code flaws will continue to reappear and put data at risk. Developers working under pressure (and those with inadequate skills) often cut corners and create shortcuts. This results in processes that are not fully secure and are thus vulnerable to malware.
  • Endpoints: The most vulnerable part of any business infrastructure, endpoints are where mistake-prone users and flawed apps converge to wreak havoc. Not only are endpoints the site of user-application interactions every day, but they are also the most easily exploitable business asset, and it is labor- and resource-intensive to detect, deter and remediate endpoint attacks.

The traditional approach to safeguarding data — Endpoint Detection and Response (EDR) — is inadequate to address these risks. It misses new malware patterns and leaves a huge gap for zero-day attacks. Detecting attacks may take time companies don’t have, and response planning, analysis, and mitigation are costly and time-consuming.

Zero-Trust Framework in Action

A zero-trust framework is a better approach. AppGuard’s zero-trust endpoint protection stance has the ability to:

    • Reduce operation of unnecessary utilities and capabilities
    • Deny the launch of untrustworthy executables
    • Contain unacceptable action from high-risk applications
    • Isolate access and/or alteration to part of an endpoint
    • Demote suspicious applications from doing any harm
    • Unlock and allow legitimate use of high-risk capabilities

Within this framework, AppGuard’s zero-trust design blocks applications from performing suspicious processes but allows them to continue performing normal ones. For example, say a user downloads an email, then clicks a link that launches a browser. Then the user clicks a link to a PDF, so Acrobat Reader launches to enable the user to view the PDF, and it spawns a JIT memory malware process.

AppGuard prevents this scenario from unfolding with a patented inheritance and isolation policy that guards risky applications and all child processes that follow, preventing malware from doing harm without restricting the operation of apps performing normal functions. AppGuard’s zero-trust framework is unique in that it eliminates the need for EDR in this case by blocking the harmful action.

Operating Costs Slashed by 76%

In one real-world case study, a major airline that was challenged with multiple endpoint issues, high incident response costs and constant, sophisticated attacks aimed at users deployed AppGuard. As a result, they were able to eliminate multiple redundant security products and reduce SOC operations from 24/7 monitoring to weekday 9 a.m. to 5 p.m. service, cutting operating costs by 76%.

The answer to the question “how much should you trust users?” is simple: ZERO. The same goes for apps and endpoints. Only AppGuard provides a zero-trust framework that allows you to stop placing trust in users who will never be able to detect every scam, flawed apps that are vulnerable to malware and vulnerable endpoints. Find out more here.