Federal agencies are facing an explosion in the both the volume and variety of network endpoints, providing far more opportunities for malicious access to government networks, according to a MeriTalk and Palo Alto Networks survey of 100 U.S. Federal IT managers and 100 Federal employees.
The study found 44 percent of endpoints are unknown or unprotected and that barely half of federal government survey respondents have taken critical steps to secure endpoints, such as scanning for vulnerable or infected endpoints.
One of the most significant origins of endpoint challenges stem from federal employees using personal devices for work purposes, according to the report.
Agencies with bring your own device (BYOD) policies are failing to enforce appropriate policies for those devices among their employees, with 45 percent of federal employees who use personal devices for work purposes having either not reviewed their agency’s BYOD policy or don’t believe one exists.
"There are practical ways to train employees such as by simply including endpoint-specific risks in the overall security training that agencies already require of their employees," Pamela Warren, director of government and industry initiatives at Palo Alto Networks, told eWEEK.
She said red team exercises should always include endpoint-related attacks to drive home key learnings about why security is important at the endpoint. These training exercises should incorporate IT as well as SCADA, or operational, environments, and personal devices that are permitted on BYOD agencies.
When it comes to overall endpoint security policies, 89 percent of federal IT managers say their agency’s policies need to improve – and just over half say their current policies and standards are very effective, practical, or enforceable.
"When you look at the cyber-attack lifecycle, endpoints can certainly be a way into an organization," Warren said. "And since the number of endpoints – when you define it as any device connected to the network – will only grow with IoT, all government agencies need to be cognizant of every endpoint in order to appropriately secure all of them. Many attacks are successful because they take advantage of a vulnerability on an endpoint application."
She explained this scenario can be catastrophic when, in SCADA environments, endpoints are running outdated applications or operating systems, many of which simply cannot be patched.
"Given this, endpoint security needs to be top of mind when it comes to security policies," Warren said. "It starts with knowing what endpoints you have, securing them, and enforcing your security policies. Think about continuous monitoring programs, including the formalized CDM program, and certainly ensure that endpoints are all regularly monitored and protected."