The rapid shift to remote work last year challenged even the most sophisticated organizations to maintain healthy security postures while also keeping their employees connected and productive. As we set out to develop Absolute’s third annual Endpoint Risk Report, which just launched this morning, our goal was to provide a benchmark for risk analysis and a blueprint for action - helping enterprises understand what to measure, and where to focus their efforts moving forward.
Based on our analysis of anonymized data from nearly five million Absolute-enabled devices across 13,000 customer organizations, the need to support and secure remote workforces only exacerbated the existing complexities in today’s endpoint environments. These are the four key trends we determined are impacting device and data security:
- Patching delays leave critical vulnerabilities unaddressed: The average Windows 10 enterprise device was found to be 80 days behind in applying the latest available OS patches. More than 40 percent of Windows 10 enterprise devices were running version 1909, which is associated with over 1,000 known vulnerabilities.
- Sensitive data remains unprotected and at risk: Likely due to more users off-network and storing more information locally on their machines, nearly three in four (73%) enterprise devices analyzed contained sensitive data - such as Protected Health Information (PHI) or Personally Identifiable Information (PII). Compounding the risk of exposure, nearly one in four (23%) devices with high levels of sensitive data also reported unhealthy encryption controls.
- Endpoint complexity and redundancy continue to plague enterprises: The average number of security controls has increased to more than 11 per enterprise device, with the majority of devices containing multiple controls with the same function. Two in three (60%) enterprise devices analyzed had two or more encryption applications installed, while more than half (52%) had three or more endpoint management applications installed.
- Compromised security controls widen the enterprise attack surface: One in four devices analyzed had critical security controls — such as encryption, antivirus, or VPN — considered to be unhealthy, or not working effectively, at any given time. If left unaddressed, almost any application deployed on the endpoint carries the potential of becoming an attack vector.
The good news is that enterprises can take immediate action to bolster their security postures by increasing the rigor around measuring the effectiveness of the security tools they have purchased and deployed. With the right level of visibility, intelligence, and control across all devices and applications, it is possible to eliminate blind spots, identify weaknesses or gaps, and quickly mitigate threats.
Absolute fortifies endpoint environments with Endpoint Resilience™, or the ability for endpoints and critical security controls to autonomously maintain a secure operating state. The Absolute Platform enables a secure, unbreakable connection to every endpoint, delivering unmatched visibility and intelligence into devices, data, and applications across the entire endpoint environment.
If you’d like to download Absolute’s 2021 Endpoint Risk Report, please visit here.