Endpoint/Device Security

Time to rethink endpoint security: 8 best practices

In a year marked by rising ransomware complexity and longer recovery times, Sophos is spotlighting the need for better endpoint protection hygiene. A recent whitepaper draws from Sophos research and incident response data, revealing a grim uptick in remediation costs ($2.73 million on average) and growing strain on understaffed cyber teams.

According to Sophos, unpatched vulnerabilities remain the leading root cause of ransomware attacks—confirmed by attackers themselves in quoted communications. While phishing and credential theft persist, remote encryption and lateral movement techniques like RDP misuse and VNC exploitation are growing in popularity. Notably, 60% of human-operated ransomware attacks now leverage remote encryption from an initially compromised endpoint .

Sophos warns that traditional perimeter tools are ill-equipped to prevent these advanced attack chains, especially when threat actors time their intrusions for weekends and off-hours. Data from 2023 showed that 91% of ransomware attacks occurred outside business hours, and 43% were launched on Fridays or Saturdays.

Eight best practices—and one blunt warning

The second half of the report offers a practical roadmap: a checklist of eight best practices ranging from timely patching and MFA deployment to forensic logging and backup restoration drills:


1. Patch early and often
2. Enable MFA everywhere
3. Harden configurations proactively
4. Log Everything
5. Validate backup and recovery plans
6. Monitor for lateral movement
7. Identify and secure high-value assets
8. Train and test your team

Endpoint protection alone, the report stresses, is not enough. Sophos recommends a layered security model that includes:

  • Firewalls for ingress/egress filtering
  • Network Detection and Response (NDR) for lateral movement
  • Extended Detection and Response (XDR) for cross-surface visibility
  • Managed Detection and Response (MDR) for around-the-clock threat hunting

The broader message: Ransomware prevention is no longer a product—it’s a discipline, and endpoint protection is only one part of the equation.

Bill Brenner

InfoSec content strategist, researcher, director, tech writer, blogger and community builder. Senior Vice President of Audience Content Strategy at CyberRisk Alliance.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds