Category: Data Visibility & Protection

The Importance of Endpoint Resilience at RSA Conference 2020

Will you be one of the 45,000 people who are expected to attend RSA Conference 2020 in San Francisco next week? Like the topic of cybersecurity in general, the industry’s largest conference continues to increase in relevance as hackers evolve their tactics and organizations invest more in numerous security approaches to stop them.
Around the world, Absolute has been busy preparing for the big event – from executive leadership to customer success, product management to engineering, our entire team has a very full RSA schedule. This is partly because our message of endpoint resilience is now more critical than ever before.
To thwart attackers, organizations continue to layer on security controls. Despite astronomical investments being made however, research shows 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. Organizations need complete visibility and real-time insights in order to pinpoint unprotected or ‘dark endpoints,’ identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. This is endpoint resilience and it will be front and center at RSA Conference.
Absolute Monitoring Internet Activity in the SOC
One of the places you’ll find Absolute at RSA is in the Security Operations Center (SOC). Using our endpoint resilience solution, our team will be onsite protecting RSA attendees by monitoring internet activity in real-time at the Moscone Center. Be sure to stop by, say hi, and see how it works.
CEO, Christy Wyatt Speaks About 5G
Huawei’s potential domination of 5G markets brings with it significant economic and national security risks. Concerns of unfair trade practices and compromise of 5G networks by China are intertwined and these two problems need to be treated independently: deter unfair trade practices, but also devise smart industrial policies to encourage 5G and national security review of foreign 5G equipment. Our CEO Christy Wyatt will moderate a panel of experts as they discuss #5G and the need for a new approach to looking at securing the critical capabilities that impact us as a nation on Feb. 25. Register for the event here.
The Resilience Happy Hour
Mark your calendars for our Absolute Resilience Happy Hour February 25 from 5:30 – 7:30 PM at Hotel Zetta. Come rest those conference weary feet over a drink and some appetizers with our team. RSVP today.
Find a Green Umbrella!
From London to Austin, Vancouver to San Francisco, Absolute endpoint resilience has you covered with the visibility and control you need over your endpoints. Meet us at RSA by finding one of our green umbrellas and find out how we are dedicated to providing the best endpoit resilience platform around the world.
From all of us at Absolute, safe travels to SFO. We look forward to seeing you!

Can AI and ML Bridge the Cybersecurity Skills Gap?

It is estimated there will be more than 3.5 million vacant cybersecurity jobs by 2021. As companies face an ever expanding threat landscape and pressure to be able to detect and mitigate threats faster, bridging this skill gap is critical.
Without humans to fill the void, organizations have been turning to the potential of using artificial intelligence (AI) or, more aptly, machine learning (ML) to scale out the capabilities of their existing, limited teams.
It’s not that we don’t have plenty of people working hard on solving cybersecurity problems, but that they need leverage and magnification, and machines offer that potential.
Machines deliver on speed and scale 
Machine learning has the ability to conduct the data analytics that humans find challenging or time-consuming when dealing with massive volumes of data. When properly trained, it is able to find patterns and identify the signals that matter when it comes to threat detection and recognizing anomalies. Machines can do this faster than humans, and in a world where cybercriminals also use AI and ML, speed and scale are everything.
If we take the behaviors of cybersecurity professionals and the data they’ve acted upon in the past, and train a machine using machine learning to identify those patterns and behaviors, and put them together, we can build something very powerful. This doesn’t even require full-fledged AI;  it merely requires machine learning and in fact, in most cases it probably just requires a little bit of statistics. But by doing that, we get to magnify the capabilities of that core set of people we do have, to help fill that skills gap.
We humans don’t know which signals matter until we are able to detect patterns by analyzing large volumes of data. This takes time. Machines can achieve this far faster, giving cyber security teams the advantage of speed. With Absolute, we have collected more than a petabyte of data. With such a massive volume of data, we have the wherewithal to sift through that and look for the signals. Most of this will come from software and hardware inventories, the signals about load on the system, behavior of users, finding what’s a pattern and what’s an outlier.
Using Absolute to tighten endpoint security
Organizations use Absolute as part of their endpoint security posture. Absolute Persistence is installed in the BIOS at the manufacturer and cannot be uninstalled by a user even if they uninstall the operating system. Absolute Resilience provides complete visibility into the endpoint, giving organizations details on device usage, location, which apps are installed, and the ability to freeze and wipe data if a device is compromised or lost.
A big struggle for a lot of organizations is that they’ve bought various solutions, they lay it on and have a dozen different agents installed on the endpoint. But each of these controls get deconfigured and deinstalled, and often you don’t know what you don’t know. Having a single source of truth with the persistence that it will always be able to draw the data from the endpoint no matter what the user does, that is what Absolute does to give organizations to determine what value they are getting from these tools and to improve their security posture.
Learn how Absolute Resilience can secure your endpoints and help you bridge the cybersecurity skills gap.
 
 
 

Strengthening Device Management and Endpoint Security Just Got Easier with Absolute Power of Resilience

With the increasing number and types of endpoint devices worldwide, establishing a tight knit security strategy to protect them, your users, and your data is now more critical than ever. A major cause for heartburn among IT and Security Operations teams is the consistent security and non-compliance failures occurring at the application layer.
This week, we announced that the power of Absolute’s Resilience solution and patented Absolute® Persistence™ technology now extends to more than 30 critical security applications – including, most recently, VMware® Carbon Black and Workspace OneTM as well as Crowdstrike® Falcon.
Failures at the Application Level
Organizations have long invested in Device Management, Encryption, VPN, Data Protection and other Endpoint Security tools to manage and secure devices within their fleet, protect sensitive data and maintain user productivity. The Absolute 2019 Endpoint Security Trends Report shows there are an average of 10 security agents deployed on each device at any particular point in time. A majority of these agents are easily tampered with or disabled negligently, causing multiple failures. On average, 13 percent of endpoints require at least one repair event of their AV tool every 30 days. Statistics are even more concerning for Encryption tools; 42 percent of endpoints have encryption failures at any given point in time.
Apart from inadvertent user behavior, application health is also affected by devices being reimaged, corrupted registry files, potential malware intrusions as well as the different agents essentially colliding with each other and reducing effectiveness. A majority of security events – 70 percent to be precise – originate at the endpoint.
Now more than ever, it is critical to ensure that the agents organizations invest in to maintain endpoint compliance and protect their environments remain healthy at all times.
Persisting at the Firmware Level
Most security tools in the market today operate at the operating system layer and so can be tampered with or disabled. The only way to truly secure your applications is to go to the firmware of a device to maintain connectivity and visibility across multiple security data points. Absolute Application Persistence is embedded in the firmware of close to 1 billion devices and actively monitors and remediates the health of the most-used security applications in the market today. This digital tether in the firmware ensures that Absolute’s OS agent and the agents of other security tools remain healthy and tamper proof to maintain compliance of the device and fleet overall.
AI based Endpoint Detection and Response (EDR) tools such as Carbon Black and Crowdstrike detect malware, identify unusual activity occurring on the device, and provide remediation guidance. Unified Endpoint Management (UEM) tools such as Workspace One manage devices as well as enhance end user experience through the deploying of applications, email, Wi-Fi, security settings and the provisioning of corporate resources as required.
Through automation, Application Persistence now ensures the policies and settings set through the three applications remain active to protect the device fleet from the ever-increasing list of external threats.
For more information about Absolute’s patented Persistence technology, see a complete list of the vendors and applications that make up the Absolute Resilience ecosystem. To see how Absolute’s firmware-embedded, self-healing technology ensures Greenville Health has continuous visibility and automated remediation for applications across 14,000 devices, download the case study.

Absolute is a Top 10 Cybersecurity Company to Watch For Second Consecutive Year

Absolute has again been recognized by Forbes Magazine as a Top 10 Cybersecurity Company to Watch in 2020. Written by Louis Columbus, this is the second consecutive year Absolute has made the top spot.
As worldwide spending on information security and risk management systems continues to grow and cybersecurity professionals are increasingly overwhelmed, organizations have an urgent need to improve endpoint security and resilience. Here’s an excerpt:
Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise.
Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints.
Rising Complexity
To thwart attackers, organizations today often layer on many security controls. Gartner estimates that more than $174B will be spent on security by 2022 and of that, $50B will be dedicated to protecting the endpoint. The Absolute Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time.
All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value.
Clear Line of Sight
Rather than wondering if your endpoints are safe, organizations need a clear line of sight into every device, at all times. Fortifying your security posture with the power of Absolute Persistence means a persistent, self-healing connection to all devices, whether they are on the network or not. This is true endpoint resilience and the foundation of improved security.
For more on how Absolute fortifies your security with endpoint resilience and provides a single source of truth into whether or not your existing security controls are working as intended, read what our customers have to say.

10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence

This article was originally published on Software Strategies blog. 
Bottom Line: By securing every endpoint with a persistent connection and the resiliency to autonomously self-heal, CIOs are finding new ways to further improve network security by capitalizing on each IT assets’ intelligence.
Capturing real-time data from IT assets is how every organization can grow beyond its existing boundaries with greater security, speed, and trust. Many IT and cybersecurity teams and the CIOs that lead them, and with whom I’ve spoken with, are energized by the opportunity to create secured perimeterless networks that can flex in real-time as their businesses grow. Having a persistent connection to every device across an organizations’ constantly changing perimeter provides invaluable data for achieving this goal. The real-time data provided by persistent device connections give IT and cybersecurity teams the Asset Intelligence they need for creating more resilient, self-healing endpoints as well.
How Asset Intelligence Drives Stronger Endpoint Security
Real-time, persistent connections to every device in a network is the foundation of a strong endpoint security strategy. It’s also essential for controlling device operating expenses (OPEX) across the broad base of device use cases every organization relies on to succeed. Long-term persistent connections drive down capital expenses (CAPEX) too, by extending the life of every device while providing perimeterless growth of the network. By combining device inventory and analysis, endpoint data compliance with the ability to manage a device fleet using universal asset management techniques, IT and cybersecurity teams are moving beyond Asset Management to Asset Intelligence. Advanced analytics, benchmarks, and audits are all possible across every endpoint today. The following are the 10 ways Asset Intelligence improves cybersecurity resiliency and persistence:

Track, trace and find lost or stolen devices on or off an organizations’ network in real-time, disabling the device if necessary. Every device, from laptops, tablets, and smartphones to desktops and specialized use devices are another threat surface that needs to be protected. Real-time persistent connections to each of these devices make track-and-trace possible, giving CIOs and their teams more control than had been possible before. Real-time track-and-trace data combined with device condition feedback closes security blind spots too. IT and cybersecurity teams can monitor every device and know the state of hardware, software, network and use patterns from dashboards. Of the endpoint providers in this market, Absolute’s approach to providing dashboards that provide real-time visibility and control of every device on a network is considered state-of-the-art. An example of Absolute’s dashboard is shown below:

Asset Intelligence enables every endpoint to autonomously self-heal themselves and deliver constant persistence across an organization’s entire network. By capitalizing on the device, network, threat, and use data that defines Asset Intelligence, endpoint agents learn over time how to withstand breach attempts, user errors, and malicious attacks, and most importantly, how to return an endpoint device to its original safe state. Asset Intelligence is the future of endpoint security as it’s proving to be very effective at enabling self-healing persistence across enterprise networks.
Asset Intelligence solves the urgent problem created from having 10 or more agents installed on a single endpoint that collide, conflict and decay how secure the endpoint is. Absolute Software’s 2019 Endpoint Security Trends Report found that the more agents that are added to an endpoint, the greater the risk of a breach. Absolute also found that a typical device has ten or more endpoint security agents installed, often colliding and conflicting with the other. MITRE’s Cybersecurity research practice found there are on average, ten security agents on each device, and over 5,000 common vulnerabilities and exposures (CVEs) found on the top 20 client applications in 2018 alone.
Asset Intelligence sets the data foundation for achieving always-on persistence by tracking every devices’ unique attributes, identifiers, communication log history and more. Endpoint security platforms need a contextually-rich, real-time stream of data to know how and when to initialize the process of autonomously healing a given endpoint device. Asset Intelligence provides the centralized base of IT security controls needed for making endpoint persistence possible.
Having a real-time connection to every device on a perimeterless network contributes to creating a security cloud stack from the BIOS level that delivers persistence for every device. CIOs and CISOs interested in building secured perimeterless networks are focused on creating persistent, real-time connections to every device as a first step to creating a security cloud stack from each devices’ BIOS level. They’re saying that the greater the level of Asset Intelligence they can achieve, the broader they can roll out persistence-based endpoints across their networks that have the capacity to self-diagnose and self-heal.
Device fleets are churning 20% a year or more, increasing the urgency CIOs have for knowing where each device is and its current state, further underscoring Asset Intelligence’s value. Gavin Cockburn of ARUP is the global service lead for workplace automation and endpoint management, including how the firm acquires devices, manages and reclaims them. ARUP is using the Absolute Persistence platform for managing the many high-value laptops and remote devices their associates use on global projects. During a recent panel discussion he says that device replacements “becomes part of our budgeting process in that 33% of devices that we do replace every year, we know where they are.” Gavin is also using API calls to gain analytical data to measure how devices are being used, if the hard drive is encrypted or not and run Reach scripts to better encrypt a device if there is not enough security on them.
The more Asset Intelligence an organization has, the more they can predict and detect malware intrusion attempts, block them and restore any damage to any device on their perimeter. When there’s persistent endpoint protection across a perimeterless network, real-time data is enabling greater levels of Asset Intelligence which is invaluable in identifying, blocking and learning from malware attempts on any device on the network. Endpoint protection platforms that have persistence designed in are able to autonomously self-heal back to their original state after an attack, all without manual intervention.
Persistent endpoints open up the opportunity of defining geofencing for every device on a perimeterless network, further providing valuable data Asset Intelligence platforms capitalize on. Geofencing is proving to be a must-have for many organizations that have globally-based operations, as their IT and cybersecurity teams need to track the device location, usage, and compliance in real-time. Healthcare companies are especially focused on how Asset Intelligence can deliver geofencing at scale. Janet Hunt, Senior Director, IT User Support at Apria Healthcare recently commented during a recent panel discussion that “our geo-fencing is extremely tight. I have PCs that live in the Philippines. I have PCs that live in India. I have one PC or actually two PCs that live in Indonesia. If somebody goes from where they say that they’re going to be to another part of Indonesia, that device will freeze because that’s not where it’s supposed to be and that’s an automatic thing. Don’t ask forgiveness, don’t ask questions, freeze the device and see what happens. It’s one of the best things we’ve done for ourselves.” Gavin Cockburn says, “We actually do some kind of secretive work, government work and we have these secure rooms, dotted around the organization. So we know if we put a device in that room, what we do is, what we say is this device only works in this area and we can pinpoint that to a pretty decent accuracy.”  From healthcare to secured government contracting, geofencing is a must-have in any persistent endpoint security strategy.
Automating customer and regulatory audits and improving compliance reporting by relying on Asset Intelligence alleviates time-consuming tasks for IT and cybersecurity teams. When persistent endpoint protection is operating across an organization’s network, audit and compliance data is captured in real-time and automatically fed into reporting systems and dashboards. CIOs and their cybersecurity teams are using dashboards to monitor every device’s usage patterns, audit access, and application activity, and check for compliance to security and reporting standards. Audits and compliance reporting are being automated today using PowerShell, BASH scripts and API-based universal asset commands. Gavin Cockburn of ARUP mentioned how his firm gives customers the assurance their data is safe by providing them ongoing audits while project engagements are ongoing. “We need to show for our clients that we look after their data and we can prove that. And we show that again and again. I mean similar story, we’ve seen machines go missing, either breaking into cars, re-image three times. We wipe it every time. Put the new hard drive in, think it might be a hard drive issue, it wipes again. We never see it come online again, “ he said.
Asset Intelligence improves data hygiene, which has a direct effect on how effective all IT systems are and the customer experiences they deliver. CIOs and their teams’ incentives center on how effective IT is at meeting internal information needs that impact customer experiences and outcomes. Improving data hygiene is essential for IT to keep achieving their incentive plans and earning bonuses. As Janet Hunt, Senior Director, IT User Support at Apria Healthcare said, “right now we are all about hygiene and what I mean by that is we want our data to be good. We want all the things that make IT a valued partner with the business operation to be able to be reliable.” The more effective any organization is at achieving and sustaining a high level of data hygiene, the more secure their perimeterless network strategies become.

For more on how Apria Healthcare relies on Absolute, download the full case study.

What Do the City of Houston, Government of Canada, Eir, and Raley’s Supermarkets Have in Common?

This article was originally published in IT Pro Portal.
A Texas city, the Canadian Northwest Territories government, an Irish telecom provider, and a California supermarket chain. What ties them together? They were all impacted by headline-making data breaches involving the theft of data from an endpoint device.
Unfortunately, the string of incidents is not surprising given that 70 per cent of data breaches today originate on the endpoint and 15 per cent of them are caused by lost or missing devices. Not to mention major U.S. metros are still on alert as the “smash-and-grab” crime trend continues with cities like San Francisco reporting about 73 car break-ins per day in August alone, with laptops on the list of most in-demand and easy-to-snatch items.
It’s estimated that by 2020, the global spend on IT security is predicted to total a staggering $128 billion. But the physical thefts of laptop devices from office places, cars or otherwise, are still causing pain in the form of data leakage, exposure and regulatory issues. There are valuable lessons to be learned here, especially when endpoint breaches can be devastating to an organisation in terms of fines, reputational damage, lawsuits, and irreparable damage to customer trust.
To help organisations strengthen their endpoint security postures, we took a lens to several notable incidents that prove how vulnerable our endpoints continue to be and outlined our key takeaways:

Irish telecom company, Eir leaks data of 37,000 customers: The data of 37,000 customers of Ireland’s largest telecom provider, Eir, was compromised when an unencrypted device was stolen from outside an office building. The laptop contained personally identifiable information (PII) including names, email addresses, phone numbers, and Eir account numbers. It had been decrypted by a faulty security update the previous working day. The company was forced to report the incident to the police as well as the Data Protection Commissioner.
Stolen laptop exposes data of 10,000 Raley’s customers: Raley’s experienced a data breach affecting 10,000 pharmacy customers. The data included sensitive patient information as well as identification numbers and prescription drug records. Raley’s could not confirm whether the data had been accessed or misused, nor could they confirm if encryption was in place.
Stolen laptop compromises Houston’s health plan: A laptop stolen from an employee’s car may have contained protected health information (PHI) records of the city’s staff, including names, addresses, dates of birth, social security numbers, and medical information. The organisation couldn’t tell if data was accessed or if encryption was in place, so they had no choice but to treat the incident as a data breach.
Stolen laptop exposes health data of 80 per cent of N.W.T. Residents: A laptop was stolen from a locked vehicle in Ottawa, Ontario containing PHI of 33,661 residents of Canada’s Northwest Territories. The data included names of patients’ names, their birth dates, home communities, healthcare numbers, and, in some cases, medical conditions. The stolen laptop was a new device so the encryption process either failed or was missed.

Lessons learned
These examples show how easy an unnecessary breach can occur. But when one laptop is stolen every 53 seconds, according to Gartner, and the average total cost of a data breach is $3.92 million, it is wise to ensure organisations have measures in place to prevent putting their data at risk. Here are the top three takeaways we can apply to endpoint security strategy, as risks continue to heighten in today’s IT landscape:

Lack of visibility is a common denominator. There is a common thread across all of these cases: a lack of endpoint visibility and an inability to prove that data protection technology was in place and functioning at the time the device went missing. In addition, there was no way to know if data was accessed post incident and certainly no way to ensure the device was remotely disabled and all personal data deleted. When it comes to endpoint data protection, you’ve likely already purchased the necessary security tools, namely device encryption. The Raley’s case, though, is a reminder that there are unencrypted devices out there and attackers know it. Organisations must have the visibility to know that their controls are, in fact, turned on and working. There’s massive risk associated with not knowing the answer.

The efficacy of endpoint security tools diminishes significantly over time. Despite the increase in IT security spending, endpoint attacks are still common. Recent research shows investment in security is wasted as endpoint controls predictably decay. The reasons vary, from controls being disabled by users to underlying services becoming disabled or broken and/or communication channels inside of the operating system (OS) breaking or experiencing disruption in some way. There is no scarcity of tools and controls. The problem is that these things are not naturally resilient. If you’ve got multiple agents on the device, beware that complexity is in itself a vulnerability and understand that less may, in fact, be more. IT, security, and risk professionals are wise to focus on streamlining and simplifying when it comes to securing their organisations’ data.

Endpoint security is endpoint resilience. It may be counter intuitive, but endpoint controls are fragile. Compromise happens not because there are no guards, but often because controls compete for resources and some thrive while others fail, which defeats the goal of safeguarding data, systems and assets.

It’s important to understand that security tools conflict and collide, and that where there is friction there is decay. We must also acknowledge that these tools must be deliberately controlled in order to improve endpoint resilience.
Back to the basics
Building endpoint resiliency and improving endpoint security requires us to get back to the basics of cybersecurity and hone in on the most critical elements for ensuring data protection at scale: people, process, and technology. It is only then that organisations can start to buck the trend of spending more of their IT budget on endpoint security while still seeing endpoint data breaches grow in frequency and severity.

Tracking & Recovering Missing Devices After the Holidays

If you’re an IT professional in education, you know that missing and stolen devices are an unfortunate reality of the holidays. Students, faculty and staff become more pre-occupied with merrymaking than keeping devices safe. Not only is the holiday season prime time for thieves to stock up on valuable electronics left in airports, vehicles and cafes, but it’s also common for students and staff to misplace school-owned devices at home or while traveling. With mid-year inventories coming up, it’s inevitable that there will be plenty of missing and stolen devices.
Greater Visibility and Control
In December, Absolute introduced a new Missing Devices feature whereby Absolute customers can now track, locate, and recover missing devices. Customers now have the capability to easily understand where their devices are, who’s using them, and how to locate them — information previously only available to law enforcement. Customers can now flag devices as missing, track them within a single report, and receive an automatic alert the next time they connect to the internet. This empowers users to either self-locate a missing device and contact the student or faculty member directly, or verify that the device has been stolen so that they can file a Theft Report, provided that they are willing to prosecute and have reported the incident to law enforcement.
Absolute’s team of reliable Investigators, with a total of 115 years of combined law enforcement experience, will then immediately begin an investigation, assist the police, and facilitate the safe return of the stolen device. Absolute Resilience for Education customers may also be eligible for a Service Guarantee; a warranty to back our proven ability to recover stolen devices, provided that the police report is uploaded within 30 days of the customer submitting the theft report and other conditions are met.
This feature represents a new degree of visibility and control for our customers. At a time where technology investment safeguards have never been more critical, Absolute is leading the way in supporting educators demonstrate ROI.
To learn more about how to track and recover missing devices with Absolute, watch this webinar.

Achieving Enterprise Resiliency Requires A Cyber-Committed Board

This article was originally published in Forbes. 
Today, 84% of the total value of the Fortune 500 is comprised of intangible assets. This means that for most major businesses, the value of digital assets, data and intellectual property (IP) is five times greater than that of physical assets. And the core DNA of their businesses, the thing that most needs protecting, lives in the virtual.
As those assets increasingly come under attack due to cyber hacking, fraud or negligence, companies find themselves scrambling to deploy more and more security controls — at a time when the forecasted worldwide security spend is expected to spike to nearly $134 billion in 2022. This trend represents an astronomical investment in defending against the rapidly escalating risk, but has yet to yield a deceleration of cyberattacks.
Against this landscape, the role of the board also continues to evolve — with an increasing expectation that board members bring a basic level of cyber competence to their roles. October was National Cybersecurity Awareness Month, so it seemed an appropriate time to share a few guiding principles that I believe are central to building and fostering cyber awareness, engagement and commitment at the board level.
Recognize cyber risk as a business risk
Cyber risk is not an elusive, cryptic puzzle that cannot be clearly measured and articulated. The same thinking that we apply to corporate governance and managing financial, operational or legal risk can and should be applied to cyber risk. From setting the vision and establishing a framework for success to ensuring investment and overseeing auditing controls, these are the things that boards need to be doing in partnership with management — especially from early on in the operation.
Let’s use financial risk as an analogy. Not all board members are deemed financial experts, but they have competency in understanding the company’s financials, which controls are in place, which additional controls are needed and who is auditing the testing of these controls. The same framework should be applied to cyber risk. Where is the real value in the company, and what are the real risks to those assets? These two questions should be your starting point. From there, all of the same questions apply: Which controls are in place? Which additional controls are needed? How are they being tested, and how do we map against the industry? Will cyber risk be a topic across the board, within specific audit meetings, or within some other committee?
Know how to define ‘enough’
Asking the right question, “Are we doing enough?” is critical. But sound cyber competence means also having the ability to answer the question. It requires the ability to define “enough” in the context of that particular business and the appetite for risk, as well as how to know if “enough” is really working. What makes this especially tricky is that there is no one-size-fits-all formula for measuring risk. It’s possible for an organization to spend an infinite amount on cyber protection and never achieve perfection. And this question can quickly start to feel like an unanswerable one.
I know this from my own personal experience. During my time at Citigroup, I had the opportunity to look deeply at online financial fraud. Similar to cyber mitigation, where you know you will never get to zero, it is important to understand what your level of risk tolerance actually is to help determine what success looks like. Given the nature and scope of your business, what is regrettable versus unacceptable? For example, a board would view employees having personal content on enterprise devices very differently from a nation-state attack or misused consumer data.
Boards should be having open discussions with management to determine where the lines need to be drawn, what is most important, what is achievable and in what investment envelope.
Make resiliency the end goal
Resiliency, by definition, is the ability to bounce back. Achieving enterprise resiliency requires not just the ability to mitigate cyber risk, but also to respond, recover and heal quickly from both real as well as perceived damage.
When the call comes that you’ve been compromised, it cannot be the first time you’re having a conversation about how to respond. Talking through things like escalations, communications, disclosures and communication to customers, partners and regulators, is a worthy exercise for the board and management to undertake together. What are the thresholds? How and when will it be communicated to the board? What are the board’s responsibilities in these scenarios? This is another area where external facilitators can play a helpful role.
As we move forward, enterprise resiliency will increasingly become core to a company’s agility in a crisis. Boards will continue to use acute cyber awareness to drive fundamental shifts in how organizations think about cyber risk and bring forward new ways to build successful, resilient enterprise security strategies.
For more on how to achieve enterprise resiliency with Absolute, visit Absolute.com.

Building your Case for School Technology Budgets

By 2025, technology spend in K-12 is forecasted to reach $342 billion. But with school districts around the nation continuing to face serious budget crises, technology in the classroom must be fought for despite its innovative learning properties.
There’s no arguing the cost of rolling out Edtech programs like one-to-one computing and similar initiatives requires significant investment in devices, applications, bandwidth and more. The expectation for every school board then is a demonstrable return. To ensure sustainable student technology programs, administrators must be able to show the positive effects of their technology investments. ROI matters.
The best indicator of ROI is almost always found within learning outcomes but getting to the data that proves technology is escalating scores in this area isn’t always easy.
Data-driven Insights
With a one-device-for-every-student program, an important metric to monitor is device use. But use should go far beyond simple distribution figures including how are devices being used. Are they being to their full potential on campus or are they left idle? What does student web activity look like? How many times does a device leave the classroom? Are devices being used at home and for how long?
In our recent study of 3.2 million anonymized K-12 endpoint devices, Cybersecurity and Education State of the Digital District in 2020, we found devices are actually too-often underutilized. 21 percent were used for <1 hour per day and 60 percent of devices weren’t used by students at home.
For more on device use in schools, read: Cybercriminals Take Aim at K-12
With this and similar such district-wide data, administrators can assess student groups or even individual users and make more informed decisions on improving academic performance.
This kind of analytical information comes only with full visibility of the devices in your endpoint inventory, however. With this kind of insight, you should also have extensive control over those devices, no matter whether they are on or off the district network. Where are they, what are they running, and are their security applications working as they should?
Endpoint Visibility, Control & Resilience
Full visibility and control over these devices will mitigate risk, improve operational efficiency, ensure internet safety policies are adhered to and, when done right, demonstrate compliance so that future discounts from such organizations as e-Rate and Student Support and Academic Enrichment (SSAE) are possible.
Full visibility and control over your device population also provides you with another very powerful capability – endpoint resilience. Making the most of the devices you have, both in and out of the classroom, will improve learning outcomes. Making the most of the tools you have on those devices will tell you whether or not they are working as they should or if they are exposing your district to cyber risk.
For more on how to prove classroom technology ROI and mitigate the risk that technology inevitably brings to students, educators and staff, watch our latest episode of Cybersecurity Insights, K-12 Education 1:1 Programs. And while you’re at it, be sure to subscribe to the Cybersecurity Insights playlist on YouTube.

How Klein Independent School District Maximizes Their 1:1 Program

Technology in our schools enables modern learning paths and brings a new level of innovation to the classroom. While it is inarguable that technology has enriched the lives of students, it has also introduced significant risk. Today’s K-12 technology leaders are faced with a multitude of challenges brought on by high-tech learning environments including student, faculty and staff safety and privacy, growing IT complexity, device loss and/or theft and demonstrable resource ROI. To track, manage, repair and recover across more than 37,000 endpoint devices, the Klein Independent School District (ISD) in Klein, Texas turned to Absolute.
Maximizing a One-to-One Computing Program
Klein ISD is known for its innovative culture and dedication to leveraging technology to empower students and staff to harness the latest advancements in education. It made perfect sense then when they deployed a one-to-one computing program that provisions one device for each student.
For the last ten years, Klein ISD has leveraged Absolute for its ability to provide a single source of truth into their device fleet and manage them remotely. They also rely on Absolute for deep analytics on device use and the protection of student, faculty and staff data. To deploy Absolute, Klein ISD simply activated the technology already embedded in each device at the manufacturer.
“Initially, stop loss was the primary reason we chose Absolute, but what keeps us at the table today is their ability to provide us with more information about what’s being stored on the devices and what’s being utilized,” said Chris Cummings, Information Technology, Teaching & Learning, Klein ISD. “I continue to choose Absolute because of their innovation. They help us stay ahead of compliance and offer the latest advantages to our students and faculty.” 
Peace of Mind
Nationally, cybersecurity spend is on the rise. The 2019 CIO Agenda K-12 Education Industry Insight report from Gartner found that 47 percent of K-12 organizations plan to make cybersecurity their primary investment. However, recent research by Absolute found that, in the complex world of endpoint security, increased security spending does not equate to increased safety. In fact, every additional security tool only increases the probability of failure as agents and controls conflict with one another on the endpoint.
According to global Absolute research, Cybersecurity and Education: The State of the Digital District in 2020, 38 percent of patch agents require at least one repair monthly and 28 percent of encryption agents fail monthly. Without visibility and control of endpoint devices, students and districts are exposed.
For Klein ISD, this meant a reliance on Absolute for their tamper-proof device visibility and control for a persistent, self-healing connection between IT and all devices, whether they are on or off the network.
“It’s one thing to implement a security program; it’s another to measure the effectiveness of your security program,” Cummings added. “And with Absolute, we’re able to verify just how effective our program really is.”
Understanding what’s happening on the devices, responding to suspicious events, and empowering applications to persist and automating their restoration when incidents occurs is the key. To learn more about how Klein ISD benefits from Absolute, download the full case study: The Power of Persistence Maximizes Klein Independent School District One-to-One Computing Program.

Loading

Categories