Absolute Software’s Annual Endpoint Risk Report Underscores Compromised Security Controls Widening Enterprise Attack Surface

May 26, 2021

VANCOUVER, British Columbia and SAN JOSE, Calif. – May 26, 2021 – Absolute Software™ (NASDAQ: ABST) (TSX: ABST), a leader in Endpoint Resilience™ solutions, today announced key findings from its third annual Endpoint Risk Report. This year’s edition shines a light on key trends affecting enterprise data and device security, and underscores the dangers of compromised security controls in expanding an already wide attack surface for today’s enterprises.

Researchers estimate that the number of ransomware attacks grew by more than 150 percent in 2020, fueled by the global pandemic and the massive disruption to IT and Security operations. According to The Coveware Quarterly Ransomware Report, the most common software vulnerabilities exploited by ransomware attackers in Q1 (Jan – Mar) 2021 involved Virtual Private Networks (VPNs). It goes on state that “the cyber extortion economic supply chain demonstrated how a vulnerability in widely used VPN appliances can be identified, exploited and monetized by ransomware affiliates.”

The findings in Absolute’s 2021 Endpoint Risk Report reveal that the need to support and secure remote workforces only exacerbated the existing complexities found in today’s endpoint environments - and with increasing complexity comes the increased risk of friction, failure, and noncompliance. One in four devices analyzed had critical security controls — such as encryption, antivirus, or VPN — considered to be unhealthy, or not working effectively, at any given time. If left unaddressed, almost any application deployed on the endpoint carries the potential of becoming an attack vector.

“The trends in this year’s report — unaddressed vulnerabilities, unprotected data, and failing security controls – are clear indicators that it is time for organizations to put rigor around ensuring the endpoint security tools they’ve invested in are effectively protecting their valuable, and vulnerable, corporate devices and data,” said Christy Wyatt, President and CEO of Absolute. “And, the findings underscore the critical need for resilient endpoints and applications in the evolving ‘work from anywhere’ era. The ability to identify and mitigate risk is dependent on having the ability to monitor the state of every device and application, identify where things might be fragile or falling down, and autonomously heal them when needed.”

The Absolute Platform for Endpoint Resilience enables a secure, unbreakable connection to every endpoint, delivering visibility and intelligence into devices, data, and applications across the entire endpoint environment. Absolute's Application Persistence™ service continuously measures the effectiveness of a growing ecosystem of mission-critical security and productivity applications, and empowers them to automatically repair or reinstall themselves if they become compromised. Absolute’s insights show that enterprise devices running Absolute's Application Persistence service reported security control effectiveness 21 percent higher than those without.

Other notable insights from the 2021 Absolute Endpoint Risk Report include:

  • Endpoint complexity and redundancy continue to plague enterprises: The average number of security controls has increased to more than 11 per enterprise device, with the majority of devices containing multiple controls with the same function. Two in three (60%) enterprise devices analyzed had two or more encryption applications installed, while more than half (52%) had three or more endpoint management applications installed.
  • Sensitive data remains unprotected and at risk: Nearly three in four (73%) enterprise devices analyzed contained sensitive data, such as Protected Health Information (PHI) or Personally Identifiable Information (PII). Compounding the risk of exposure, nearly one in four (23%) devices with high levels of sensitive data also reported unhealthy encryption controls.
  • Patching delays leave critical vulnerabilities unaddressed: The average Windows 10 enterprise device was found to be 80 days behind in applying the latest available OS patches. More than 40 percent of Windows 10 enterprise devices were running version 1909, which is associated with over 1,000 known vulnerabilities.

Absolute’s 2021 Endpoint Risk Report was developed using anonymized data from nearly five million Absolute-enabled devices active across 13,000 customer organizations in North America and Europe. To download the full report, visit here.

To learn more about how Absolute’s undeletable defense platform enables always-connected visibility and Self-Healing Endpoint™ security, visit www.absolute.com.

Share this article

About Absolute Software

Absolute Software makes security work. We empower mission-critical performance with advanced cyber resilience. Embedded in more than 600 million devices, our cyber resilience platform delivers endpoint-to-network access security coverage, ensures automated security compliance, and enables operational continuity. Nearly 21,000 global customers trust Absolute to protect enterprise assets, fortify security and business applications, and provide a frictionless, always-on user experience. To learn more, visit www.absolute.com and follow us on LinkedIn.

©2024 Absolute Software Corporation. All rights reserved. ABSOLUTE, the ABSOLUTE logo, and NETMOTION are registered trademarks of Absolute Software Corporation or its subsidiaries. Other names or logos mentioned herein may be the trademarks of Absolute or their respective owners. The absence of the symbols ™ and ® in proximity to each trademark, or at all, herein is not a disclaimer of ownership of the related trademark.

For more information, please contact:

Media Relations
Joe Franscella
[email protected]

Financial Services