Remote working, mobile devices, and the rise of the Internet of Things has led to an explosion in the volume of network endpoints.

That has also created a massive opportunity for cyber criminals, who now find themselves with a much greater range of options through which they can target corporate data and applications.

Endpoints have proven especially vulnerable to some of the most common forms of attack, with a 2020 research report from Ponemon finding attacks on endpoints to be among the most prevalent form of attacks that respondents had experienced, with 81 percent of businesses experiencing an attack involving malware and 28 percent experiencing attacks involving compromised or stolen devices.

Further research from Ponemon found that criminals are quick to exploit weaknesses in endpoint security, with 80 percent of successful breaches coming from new or unknown zero-day attacks.  

While security providers have been rising to this challenge, the inherent complexity involved in managing the security of multiple devices running different operating systems and performing diverse functions, can create headaches when trying to ensure security standards, especially given that even innocuous devices such as thermostats can become a way into otherwise secure networks.

With Forrester finding that endpoint security is one of the most mature components of the cybersecurity landscape, product providers are in a race to keep up with a threat landscape that is evolving rapidly, and which now includes ransomware, phishing, cross-platform attacks, AI-generated malware, and fileless/RAM-based attacks.

At the same time, defenders are faced with a scarcity of skilled professionals to manage their devices in the face of this evolving threat, leading many to seek ways to bring all devices under a single security framework.

This desire has been one of the key drivers behind the rising popularity of unified endpoint security (UES), which aims to simplify the way endpoint security tools work together.

This concept gathers technologies such as endpoint detection and response (EDR), mobile device management (MDR) and components of identity and access management (IAM) and related tools to ensure that all aspects of securing endpoints are managed under a single framework.

This means that tasks such as enforcing compliance with policies, maintaining and patching applications, allowing access and managing connectivity can all occur under the one umbrella.

UES is also designed to align to zero trust frameworks by treating all end points as untrusted devices.

With the proliferation of endpoints creating greater opportunities for criminals, many organisations are also focusing their attention specifically on identity threat detection and response (ITDR), which focuses on protecting credentials, privileges, cloud entitlements, and the systems that manage them.

All of this activity is creating a global market for endpoint security that Fortune Business Insights projects will grow in value from US$14.86 billion ($22.49 billion) in 2024 to US$30.29 billion ($45.85 billion) by 2032.

But even that massive figure might seem small in comparison to the losses that collectively face those organisations that can’t rise to the endpoint security challenge.

AusCERT director David Stockdale sees EDR/XDR, combined with other endpoint and edge security tooling, as being of strong utility for threat hunting and incident response.

“When you have a really well-secured endpoint with the right tools on it that’s providing the right data and you have security right to the edge, you start to get a model of security that starts to move away from location, which I think is very important,” Stockdale said.

“A lot of problems with endpoint security, especially personal endpoints, is when we take them into different environments but keep the same security posture because it’s the same endpoint. I've got my laptop, it's got an XDR client and some sort of endpoint protection on it. I'm secure.
Well, I'm very different in my security when I'm at home, to when I'm in the office. And if I took my laptop and plugged it in at the data centre, my security posture changes rapidly again.”

The efficacy of endpoint security tooling, he adds, is dependent on its ability to process large amounts of data to recognise and alert teams to anomalies.

Statista estimates that in 2024 organisations around the world will spend some US$13.7 billion ($21.4 billion) securing the endpoints of their networks.

Unfortunately however this expenditure may only go a small way to remediating the fundamental truth that around 90 per cent of cyber incidents are caused by human error.

Endpoint protection continues to be undermined by human factors such as weak or poorly stored passwords, poor data handling practices, or people falling for increasingly clever phishing campaigns.

And while endpoint security technology can go some way towards protecting people from themselves, more and more leaders are realising that the best way to defend network endpoints is to look beyond the device itself and focus on the true endpoints – the users.

Daisy Wong has built her career around helping build cyber-aware cultures across numerous organisations. Unlike most cybersecurity leaders however, she brings a background more aligned with marketing and communications rather than technology and engineering – and with good reason.

"As an industry, the human risks are always considered last, because a lot of people who think about protecting an organisation always think about technology and strengthening that, before handling the people," Wong said. "I don’t manage the technology directly, but I definitely help with the people who are using the endpoint devices."

Wong's primary tools for defending her organisation's endpoints are also somewhat unconventional, being education and storytelling. In the past two years she has used these to raise cyber awareness and instil good practices across the workforce while breaking down barriers between the cyber team and other leaders.

She says one of her most effective strategies is to find a common language.

"You need to translate what an endpoint device is and how to protect it in ways that our team members can contextualise," Wong said. "We need to have the tools, but then we need to help our team members understand how the tools work."

While Wong is a marketer by training, she has taken the time to educate herself in the technical realm by completing courses in project management and cyber security, allowing her to find that common language with her cyber peers.

She has blended this knowledge with her marketing experience to build a brand for the cyber teams and create 'always-on' marketing campaigns around cyber awareness, including running activities such as quizzes and scavenger hunts. Other activations have seen staff engaged in activities such as detecting phishing attacks, attempting to crack passwords based on social information, and examining and office environment to find examples of poor cyber practices.

"It was a gamified way to learn about these cyber risks, but then we made it fun, with prizes at the end," Wong said.

She says these efforts lead to a sharp increase in the number of cyber incidents being reported by staff – not because the total number of attacks has suddenly increased, but because staff know what to look for and how to report it.

So while she says the tools for endpoint protection will continue to play a vital role in any organisation's defensive strategy, Wong is confident that the organisation's culture means those tools are being used more effectively.