Endpoint Vulnerabilities Threaten Sensitive Data
As remote workers prepare to return to the office—often bringing their personal devices—risk leaders face a new set of challenges in securing endpoints. A recent report warned that the amount of sensitive data contained on enterprise devices increased by 10% since the pre-COVID era.
Absolute Software analyzed data from approximately five million enterprise devices. The company's endpoint risk report found 73% of the enterprise devices analyzed contained sensitive data such as Protected Health Information (PHI) and Personally Identifiable Information (PII). Of the devices containing high levels of sensitive data, 23% contained poor encryption controls. The amount of sensitive data contained per device on average increased by 10% as the pandemic prompted a transition to remote work.
The report warned of unaddressed vulnerabilities, increased sensitive data on devices, higher endpoint complexity, and compromised security controls.
Patching delays continue to plague enterprises. Researchers noted that over 40% of the Windows 10 devices analyzed were operating on version 1909. Last month, Microsoft ceased service updates for the version, which is known to have more than 1,000 vulnerabilities.
Many industries, including healthcare, rely on software that is still incompatible with current operating systems. As the FBI continues to warn of increased ransomware activity targeted the healthcare sector, among other industries, the report emphasized endpoint security control. The findings demonstrate the importance of “resilient endpoints and applications in the evolving ‘work from anywhere’ era,” said Absolute president and chief executive Christy Wyatt.
In 2020, the average number of security applications installed on enterprise devices surged as enterprises struggled to secure remote employees. Nearly two-thirds (60%) of the enterprise devices analyzed contained two or more encryption applications installed, while 52% contained three or more endpoint management applications installed.
Multiple security controls add friction to environment, increasing the risk of failure and non-compliance, possibly even making these additional efforts to secure endpoints redundant.
The threat to security operations has escalated due to the COVID-19 pandemic. Absolute asserts that simply deploying protections such as anti-malware, encryption, and VPM, is insufficient.
As security teams prepare for the next phase of pandemic-related security challenges, senior executives can take proactive approach to help their teams navigate the new environment. Appropriate budgets for anti-virus and anti-malware solutions are a start. Effective security controls are also vital to protect endpoints as threats continue to evolve.