#Infosec2025: Securing Endpoints is Still Vital Amid Changing Threats

Endpoint devices, including PCs, mobile phones and connected IoT equipment continue to pose security risks, even as malicious actors ramp up their attacks on other areas of enterprise technology.

Endpoint security might be less of a focus for CISOs struggling with a growing attack surface and increasingly sophisticated malicious actors harnessing AI tools and weaknesses in supply chain security.

However, endpoints and networks remain critical layers of IT infrastructure that organizations still need to protect.

At Infosecurity Europe, speakers and vendors addressed security issues around conventional endpoints such as PCs and mobile devices, as well operational technology, connected devices and increasingly, autonomous AI agents.

“Identity is absolutely at the heart of the big risks and still a thing business struggle to deal with,” Paul Stringfellow, analyst at GigaOm and CTO at IT firm Gardner Systems told Infosecurity.

“Endpoint management is of course an issue as it is probably the biggest infrastructure problem most companies have to deal with, and the issue with BYOD [bring your own device] is difficult, because securing these devices is harder when you don’t manage them.”

Read more from #Infosec2025: #Infosec2025: Device Theft Causes More Data Loss Than Ransomware

Organizations also face vulnerabilities from older devices and applications, as well as growing fleets of mobile equipment including smartphones.

“The mobile endpoint is a huge attack surface that is poorly served by a lot of vendors,” says Stringfellow.

“Just being corporate owned doesn’t mean devices are managed fully,” cautions Chris Ray, GigaOm’s security domain lead.

“There’s lots of old software creating vulnerabilities, lots of delay in patching, giant backlogs of remediation work, and often there isn’t a clear prioritization of remediation.”

This leaves networks vulnerable to attacks that should be detected and blocked.

Modernized Defenses Block Conventional Attacks

Nonetheless, conventional attacks against endpoint devices have become less effective, at least for those enterprises that have modernized their defenses. This is especially the case for devices on the corporate network.

Organizations have also improved their network monitoring and threat detection, not least because of the ever-present risk of ransomware.

“Malware and zero-days are most certainly still exploited but with more prevalent EDR [Endpoint Detection and Response] tooling they are far less effective,” Kieran Bhardwaj, head of security engineering at consultants Bridewell told Infosecurity.

“Defensive innovations such as attack disruption, which is the ability for the EDR tooling to automate a response to identify and curb an in-progress attack on an endpoint without intervention needed from a human, bring the mean time to remediate these attacks to ‘machine speed’ and reduce their usefulness for the desired end goals,” he explained.

Ransomware and Identity Management

This does not mean the battle is won, however.

Bridewell’s Bhardwaj pointed to new types of attack, linked directly to ransomware and extortion.

“The bigger risk posed to endpoints today, is the destructive measures of detonated ransomware, he said.

“Again though, ransomware has shifted from being the rapidly spreading wildfire we saw last decade with WannaCry and NotPetya – jumping from device to device leveraging vulnerabilities – into something more insidious. Instead, it is surgically planted by adversaries and triggered in response to ransom demands or to cover the tracks of successful data exfiltration.”

This is prompting CISOs to look at supply chain security, human factors including security awareness, and improved identity and access management (IAM). Even the most effective endpoint or network security can be bypassed by compromised credentials.

As a result, CISOs are investing in better backups and protection for servers, and what Bhardwaj labels “disposable endpoints” for end users.

“Technology like Microsoft Intune, Windows Autopilot and Microsoft OneDrive for Business allow rapid rebuilding and redeployment of end user devices should they become infected,” Bhardwaj explained.

This could also help organizations protect themselves, if an employee falls for a phishing attack or their credentials are otherwise compromised.

“Identity is still leading the pack for where attackers first start,” said GigaOm’s Ray.

“There is lots of focus on compromising users through social engineering, with phishing campaigns leading to more and more ransomware, system compromises and so on. It is not just human identities, but machine identities and system accounts.”

Prioritizing Endpoints and Local Networks

As a result, protecting endpoints and the local network is a priority, even in the most cutting-edge industries.

Purvi Kay is the head of cyber and information security for FCAS at BAe Systems. FCAS is the joint venture between the UK, Italy and Japan to produce a sixth-generation fighter jet that will replace the Typhoon in RAF service.

FCAS is still at an early stage, concentrating on specifications and design work rather than manufacturing. Even at this stage, the IT supporting the project needs to be protected, not least because it is an international initiative.

“We’ve been focusing on [protecting] IT systems, corporate networks and operational technology,” Kay said.

“Some of our endpoints are operational technology [OT] that is digitally enabled, so it’s a greater attack surface.”

Securing the areas where OT and IT converge is a high priority in advanced manufacturing sectors such as aerospace.

“Although it is not necessarily a physical asset, the supply chain should be considered as an endpoint, as data is transferred across,” Kay added.

“Supply chain security is another risk factor we engage with.”