Case Studies and Countermeasures for Damages Caused by Insufficient Endpoint Security
Cyber attacks on companies, including small and medium-sized enterprises, are increasing. Some security personnel may be struggling to understand the overview and necessity of endpoint security.
This article explains why endpoint security is gaining attention and provides case studies of damages caused by insufficient countermeasures.
It also touches on countermeasures, so by the time you finish reading, you should have a clear idea of where to start.
Table of Contents
- What is Endpoint Security?
- Why is Endpoint Security Gaining Attention?
- Increase in Unauthorized Access
- Information Leaks Inside and Outside the Company
- Increase in Telework Due to Work Style Reforms
- Case Studies of Damages Caused by Insufficient Endpoint Security Measures
- Damage from Supply Chain
- Information Leaks Due to Internal Fraud
- Attacks Targeting New Normal Work Styles such as Telework
- 3 Endpoint Security Measures
- Preventing Malware Damage
- Preventing Personal Information Leaks
- Preventing the Outflow of Internal Information
- Summary
1. What is Endpoint Security?
Endpoint security refers to security measures for devices such as PCs, smartphones, and tablets. Since “endpoint” means “terminal,” in security terminology, it refers to the terminal devices connected to network devices.
The purpose is to prevent malware intrusion, unauthorized access, and information leaks due to cyber attacks on devices connected to the network.
As the threat of cyber attacks increases, rapid responses are required through endpoint security, such as quickly detecting and blocking threats that occur.
Click here for more details on Endpoint Security!
2. Why is Endpoint Security Gaining Attention?
The reasons why endpoint security is gaining attention are the “increase in unauthorized access,” “information leaks inside and outside the company,” and “increase in telework due to work style reforms.” Let’s check what kind of threats exist in each.
2-1. Increase in Unauthorized Access
According to the Ministry of Internal Affairs and Communications’ announcement, “Occurrence Status of Unauthorized Access Activities,” the number of recognitions and arrests of unauthorized access activities reported to the National Police Agency by prefectural police in 2020 was 2,806. This is an increase of approximately 1,400 cases compared to 1,486 cases in 2018.
Of the 2,806 cases related to unauthorized access in 2020, 2,703 cases were detected in general companies, accounting for approximately 96% of the total. From these results, it is noted that general companies should strengthen endpoint security measures.
2-2. Information Leaks Inside and Outside the Company
According to a survey conducted by a research company, Tokyo Shoko Research, in 2022, 150 listed companies and their subsidiaries disclosed personal information leaks and loss incidents, with 165 incidents and approximately 5.92 million leaked personal information.
The number of companies and incidents has been updated for the second consecutive year since the start of the survey in 2012.
The breakdown of the 165 incidents is 91 cases (approximately 55.1%) due to “virus infection/unauthorized access,” followed by 43 cases (26%) due to “misdisplay/mistransmission,” with human-caused reasons such as email addressing errors being ranked high.
It was found that information leaks often occur not only from virus infections such as malware caused by emails from outside the company, but also from human errors within the company. Therefore, endpoint security that can prevent information leaks is gaining attention.
2-3. Increase in Telework Due to Work Style Reforms
According to the Ministry of Internal Affairs and Communications’ “Results of the 2021 Survey on Usage Trends in Communications,” the percentage of companies that have introduced telework was over approximately 52% in 2021, indicating that more than half of the companies have introduced it.
If there are vulnerabilities in the home communication environment for teleworking from home, there is a risk that the terminal for telework may be infected with a virus, or that the infected terminal may be used to gain unauthorized access to the company’s internal system. Endpoint security is gaining attention as a measure against virus infection due to the increase in telework.
3. Case Studies of Damages Caused by Insufficient Endpoint Security Measures
From here, we will explain the cases where companies have suffered damage because they have not taken measures against the threats mentioned above. We will also touch on the causes of security incidents and recurrence prevention measures, so please check if your company is in a similar situation.
3-1. Damage from Supply Chain
| Company | Kojima Press Industrial |
|---|---|
| Cause | Vulnerabilities in remote connection devices used by subsidiaries independently for dedicated communication with specific external companies |
| Case Details | A subsidiary of Kojima Press Industrial had vulnerabilities in remote connection devices used independently for dedicated communication with specific external companies, which led to unauthorized access. The attacker intruded into the subsidiary’s network from the remote connection device and further intruded into Kojima Press Industrial’s internal network. Traces of attacks on servers and PC terminals were discovered after 20:00 on February 26, 2022. This cyber attack was caused by “ransomware” that restricts access to the system and demands ransom, and data was encrypted on some of the servers and PC terminals. |
| Impact | Toyota’s domestic 14 factories 28 lines were stopped |
| Recurrence Prevention Measures | With the support of external experts, strengthen prevention of unauthorized access to networks, servers, and PC terminals, and expand and strengthen monitoring. |
| Reference | System Failure Investigation Report (1st Report).pdf |
3-2. Information Leaks Due to Internal Fraud
| Company | J.S.B. Co., Ltd. |
|---|---|
| Cause | An employee logged into the customer management system by an unauthorized method, extracted contract information of the property, and took the data outside. |
| Case Details | From around January 10, 2023 (Tuesday), 33 inquiries were received by our company, such as solicitations regarding water servers, electricity, and the Internet, impersonating our company’s brand, by a third party who is completely unrelated to our company, and we started a direct investigation to the vendor that seemed to be the source of the solicitation, including grasping the situation. As a result of an internal investigation on January 20, 2023 (Friday), it was found that there was a high possibility that our employee extracted customer information by an unauthorized method and leaked it outside. On January 23, 2023 (Monday), a countermeasure headquarters was established for this matter, and an internal investigation was conducted with the cooperation of external experts to grasp the whole picture. On January 27, 2023 (Friday) evening, a fact confirmation was conducted with the employee suspected of leaking the information, with the cooperation of external experts. He admitted the fact that he extracted customer information by an unauthorized method and leaked it to a third party. |
| Impact | Leakage of approximately 29,000 customer information |
| Recurrence Prevention Measures | We will implement security enhancements such as restricting the use of some functions of the customer management system for the entire company. In the future, we will review the security of the system and further strengthen security measures. In addition, we will thoroughly inform the company about the rules regarding information management again, and continuously conduct education on personal information protection. |
| Reference | https://www.nikkei.com/nkd/disclosure/tdnr/20230202598968/ |
3-3. Attacks Targeting New Normal Work Styles such as Telework
| Company | Fortinet (USA) |
|---|---|
| Cause | Vulnerability of VPN equipment |
| Case Details | It was found by September 13, 2021 that the authentication information of tens of thousands of companies using “VPN (Virtual Private Network)” equipment manufactured by Fortinet, an American company used for telework around the world, had been leaked. About 1,000 Japanese companies are included, many of which are considered to be small and medium-sized enterprises. If left unattended, hackers may intrude and steal information. The company has acknowledged the leak and is calling for measures such as changing passwords. |
| Impact | Information of 87,000 units leaked |
| Countermeasures | If customer organizations were running affected versions, Fortinet recommends taking the following steps immediately to prevent customer credentials from being exploited:
|
| Reference | https://www.fortinet.com/jp/blog/psirt-blogs/malicious-actor-discloses-fortigate-ssl-vpn-credentials https://www.nikkei.com/article/DGXZQOUE110A80R10C21A9000000/ |
4. 3 Endpoint Security Measures
Some of you who have read this far may be worried that “I should take endpoint security measures, but I don’t know what to do.”
When taking these measures, specialized knowledge about security and organizational response are required. However, you often do not have the knowledge or the physical strength to move the entire organization.
From here, we will explain the features of security software that allows you to take measures even if you are not familiar with endpoint security. Some software can be installed at a low cost, so please refer to it.
If you want to know about security software products, please refer to here.
4-1. Preventing Malware Damage
Check if the endpoint security software has a malware prevention function. The malware prevention function is a function that prevents the inflow of viruses and malware by monitoring the system.
Some software products perform real-time virus scans or automatically scan when a USB is connected. Since you do not know when or at what timing you will be infected with a virus, it can be said that the function to perform real-time inspection is convenient.
4-2. Preventing Personal Information Leaks
Having a personal information leak prevention function can reduce the risk of your company from the perspective of complying with the Personal Information Protection Act. The personal information leak prevention function is a function that detects and encrypts unencrypted personal information and confidential data.
It can be said that it is convenient to detect and encrypt confidential data that you are unaware of and leave unattended. Depending on the software, you can set the company’s security policy, so you can customize it according to your company’s security level.
4-3. Preventing the Outflow of Internal Information
If personal information or customer information stored in files managed by the company is taken out, it may affect not only your company but also customers.
Choose a product that has a function to prevent taking out files that store personal information and customer information. For example, a product that has a function that prevents confidential files from being taken out to external hard disks or USBs.
In addition, it is convenient to have a function that blocks the execution of unnecessary applications that are not related to work. You can prevent confidential files from being taken out to the outside through applications.
Summary
This article has explained the overview of endpoint security, the reasons why it is gaining attention, and the damage cases of companies that neglected security measures.
The reason why endpoint security is gaining attention is that unauthorized access targeting the vulnerability of the home communication environment and information leakage to the outside by employees are increasing with the increase in telework, including work style reforms.
Taking these measures individually will require specialized knowledge about security and organizational efforts. Therefore, why not consider introducing endpoint security software that can easily take all of these measures?
Click here for EXO Security pricing
Contact: globalsupport@jiran.com
