Powered by MOMENTUM MEDIA
cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

3 key trends impacting data and device security

The rapid shift to support new ways of working has challenged even the most sophisticated organisations to maintain healthy security postures. Amid an ever-evolving threat landscape, IT and security teams raced to adopt risk management strategies for environments that would have been unimaginable just over two years ago, writes Absolute Softwares Chris Barton.

user iconChris Barton
Mon, 20 Jun 2022
3 key trends impacting data and device security
expand image

With investments in cyber security technologies reaching new heights, it was outpaced by the increase in data breaches. According to the Ponemon Institute's 2021 Cost of a Data Breach Report, the average cost of a breach was significantly higher where remote work was a factor in causing the breach.

Our 2021 Endpoint Risk Report highlights three notable cyber security trends within corporate environments, based on the findings from the extensive analysis of anonymised data from nearly five million Absolute-enabled enterprise devices, as well as industry-specific insights.

Endpoint visibility is the key to gaining insight – and control

These trends are not universal; many organisations emerged from 2021 with security postures measurably stronger than their peers. If one theme binds the trends, it is the unseen, unmanaged risks that result when organisations lack insight and control over their entire endpoint environment. Unfortunately, complete endpoint visibility is difficult for many organisations to achieve. A Cybersecurity Insiders report found that 60 per cent of organisations are aware of fewer than 75 per cent of the devices on their network.

And so, as we enter the next chapter of "work from anywhere", endpoint visibility is fast becoming essential to gaining insight and control of your assets.

TREND 1: Vulnerabilities remain unaddressed with delays in patching

We saw an expected increase in Windows 10 adoption but, perhaps, surprisingly given the challenges of maintaining remote devices, a decrease in the length of time that endpoints were out-of-date with available operating systems (OS) patches, from 95 days in 2021 to 80 days in 2021.

For some organisations, maintaining outdated or unsupported OS is a calculated risk since some industries rely on core applications not yet compatible with current releases. Within Windows 10 deployments, financial services showed the longest lag to upgrade, with 91 per cent of devices two or more OS versions behind. Within these environments, governed by strict regulations and entrusted with the data most targeted by would-be attackers, offsetting risk by ensuring the effectiveness of endpoint security controls is crucial.

TREND 2: More sensitive data on more devices means more risk exposure

Although every endpoint represents a potential target for cyber criminals, those containing sensitive data pose a more serious threat. In 2021, with more workers off-network and more information stored on local machines, that threat increased exponentially. Research showed that 73 per cent of analysed devices contained sensitive data, including personally identifiable information and protected health information, among others.

Not only do most enterprise devices contain data that, if breached, could result in serious financial and reputational damage, but 23 per cent of devices with high levels of sensitive data also reported unhealthy encryption controls – compounding the risk of exposure, and underscoring the need for automated discovery and remediation in today's remote world.

TREND 3: Endpoint complexity is exacerbating risk and widening the attack surface

The need to support and secure remote workforces drove an increase in the average number of applications installed per endpoint, and with that increase came an accompanying risk of friction, failure, and noncompliance. We found enterprises now have an average of 96 unique applications per device, including 13 mission-critical applications. The number of endpoint security controls has increased to 11.7 for the average device, with the majority of devices containing multiple controls serving the same function.

It's worth emphasising that this increased complexity is itself a security risk; an enterprise's security posture is only as good as the applications that support it. Left unchecked, every one of the 11.7 security controls deployed on the average device is a potential attack vector.

With sophisticated attackers seeking access by any means, simply deploying protections such as encryption, VPN, antivirus, and anti-malware and trusting that they remain effective is not enough. To truly defend the endpoint and realise a return from these security investments, their effectiveness must be continuously monitored and maintained.

Getting ahead of what comes next

As we return to a world of business travel, in-person conferences, and workforces enabled to work from anywhere, knowing where not to compromise is critical. The trends covered in our report underscore the critical role of device visibility and intelligence in identifying and mitigating risk in the modern workplace.

Chris Barton is the director channel sales APAC at Absolute Software.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.