IT | Security

Endpoint Complexity is Driving Risk Says New Absolute Research

By: Ameer Karim | 6/29/2020

The second annual ‘2020 State of Endpoint Resilience Report’ released by Absolute reveals that complexity and technology combinations are driving endpoint vulnerabilities, including:

  • Number of agents piling up on devices – 10.2 on average, up from 9.8 last year
  • Device OS migration, resulting in fragmentation and stagnant patching practices
  • Fragile security controls, and their varying rates of decay and collision

The report re-emphasizes the number of agents piling up on enterprise endpoint devices is hindering IT and Security’s ability to maintain foundational security hygiene practices, such as patching critical vulnerabilities, which may actually weaken endpoint security defenses.

Our data showed that while more than 75 percent of endpoints had made the migration to Windows 10 operating system (up from 54 percent last year), the average Windows 10 business PC was more than three months behind in applying the latest security patches – perhaps unsurprisingly, as the data also identified more than 400 Windows 10 build releases across enterprise devices.

This delay in patching is especially concerning in light of another recent study that shows 60 percent of data breaches are the result of a known vulnerability with a patch available, but not applied.

Fragile security controls

According to the report, more than one in four enterprise devices were found to have a critical security controls such as Encryption, Antivirus or Virtual Private Networks (VPNs) out of compliance. Even more interesting, 5 percent of enterprise devices were missing one or more critical control altogether.

Read: It Doesn’t Matter What Business You’re In – Regulatory Compliance Matters

The massive amount of complexity Absolute’s data has uncovered means that even the most well-functioning endpoint agents are at risk of collision or failure once deployed across today’s enterprise endpoint environments. IT and Security teams need intelligence into whether individual endpoint controls, as well as various combinations of controls, are functioning effectively and maintaining Resilience in their own unique endpoint environment.

Increasing security spend won’t make us more secure

In addition to heightening risk exposure caused by fragile, out of date security controls, the failure of those endpoint security controls to deliver their intended ROI may not be as effective as CIOs need them to be. It’s been estimated that skyrocketing cybercrime costs may hit $6 trillion annually by 2021 and it’s now estimated that these costs may double during the Coronavirus outbreak period as more people (and devices) continue working from home.

The State of Endpoint Resilience Report makes it clear: throwing more money at the problem for the sake of more agents only contributes to increasing endpoint complexity and offers no guarantee that will improve security. Instead, enterprise leadership must increase the rigor around measuring the return on the security investments they’ve already made and quantify the efficacy of those investments.

Endpoint Resilience

IT and Security teams need to ensure that their organizations can run effectively and securely within whatever model they choose to adapt to today’s changing work environment, and that devices and sensitive data are protected no matter where they are located. Without the ability to self-heal, critical controls continually suffer from fragility and lack of resiliency.

Endpoint Resilience requires a digital tether that provides an unbreakable connection between the endpoint and the enterprise who distributed it. Its purpose is to be the lifeline and single source of truth: to know where devices are, what apps are installed and healthy, and where there are vulnerabilities. And most importantly, it delivers the ability to persist and self-heal the mission-critical apps on that device, should it be necessary, whether on or off the corporate network.

The 2020 State of Endpoint Resilience report leverages anonymized data from enterprise-specific subsets of nearly 8.5 million Absolute-enabled devices active across 12,000+ customer organizations in North America and Europe. To learn more, get the full report here.

Please join me and our guest, Chris Sherman, industry-leading Security & Risk analyst at Forrester, where we will discuss the findings of the report during a live webinar on Thursday, July 9, 2020 at 10AM PT / 1PM ET. Register for the webinar here.