Client PCs are being targeted by cyberattackers The key is thoroughgoing defense by means of total management

Where will increasingly sophisticated cyberattacks strike next? On-premises servers in companies and other organizations are on the decline, in favor of SaaS (Software as a Service). Since appropriate security measures are instituted by the service providers, users can be assured of a certain security level without having to be particularly aware of the issue. Kouzou Kanai of Ｓｋｙ pointed out that in this situation, there is a danger of the personal computers used by employees (client PCs) becoming attack targets.

Faced with the growing sophistication of cyberattacks, the key points are education and PC management

“The level of security measures instituted for client PCs varies considerably from one organization or company to another,” said Kanai. “In many cases, attackers still attempt breaches by attaching malware or malicious site URLs to email. What’s important, first of all, in this regard is security education, reducing harm by making users more knowledgeable.”

Guarding fully against threats by user education alone, however, is difficult. System-level measures are needed in parallel with education. The SKYSEA Client View product provided by Ｓｋｙ, for example, offers the Endpoint Detection and Response (EDR) plus pack as an option, with the ability to detect and isolate unknown threats in real time.

What needs to be carried out steadily is management of all client PCs. If even one PC is allowed to go unpatched, the risk of a breach from that attack vector becomes extremely high. Based on the Zero Trust concept, countermeasures must be devised covering every terminal without fail.

There may be users who resist, saying they don’t want to install security software because it slows down the system. The real problem here, said Kanai, is in many cases one of PC specifications. “If IT assets are properly managed, along with keeping aware of client PC attribute information, it is possible to check whether the specifications are commensurate with the current security measures. If the specifications are inadequate, the measures should be rolled out after first updating the PCs as needed,” he said.

If personnel are lacking, outsourcing is one option

People working in the information systems division are constantly under work pressure. In the midst of chronic personnel shortages, the workload steadily grows, making it not unreasonable to feel there is no time for further boosting security measures. “One option in such circumstances is to outsource security measures,” said Kanai.

“The biggest waste would be to suffer from a damaging attack because adequate measures were not taken, even though the risks were known. By leaving to outside experts the matters that can be outsourced and letting the information systems division focus on the essential tasks only they can do, they will be able to do much more,” argued Kanai.

By means of triage, clarifying the information assets that need to be protected

Kanai pointed out that classifying information is indispensable to security measures. This involves classifying data in order of risk level, based on the damage that would result from its leaking outside the organization, and taking measures based on the risk level. It is the security equivalent of triage.

One example is introducing thin clients for handling sensitive information classified as of the highest importance, and leaving no data locally. Using thin clients for everything would not only be costly but ease of use would suffer. It is easier to achieve balance by taking measures in line with the risk level.

Kanai also recommended taking inventory of system-level risks and prioritizing security measures accordingly. In so doing, it will become clear that the risk is extremely high if measures are not taken for vulnerabilities in, for example, a Virtual Private Network (VPN) or United Threat Management (UTM), which are directly connected to external threats. Without such guidelines, an organization will find itself working in the dark, starting with measures that are easy to initiate rather than based on their actual priority for security.

“Cyberattacks like ransomware skillfully exploit vulnerabilities to launch attacks. There are very many examples where these can be prevented by applying the latest security patches and deploying a means for detecting breaches. I would like to urge everyone by all means to consider proper client PC management,” stressed Kanai.