Category: Data Visibility & Protection

Automated, Custom Workflows to Manage & Secure a Growing Remote Workforce Now At No Cost

As companies accelerate remote work policies for the health and safety of employees and their families, IT organizations are facing challenges like never before by keeping work PCs safe and secure while ensuring hackers don’t exploit unsuspecting or distracted users. In response, Absolute announced today, the company will provide all customers with free access to its comprehensive library of custom workflows that enable a more seamless, effective way to secure and manage devices.
The most recent example is the remote code execution vulnerability or ‘wormable’ CVE-2020-0796 that carries the potential to propagate itself from vulnerable computer to vulnerable computer. While Microsoft moved swiftly to warn Windows 10 users and deliver a security update, the difficulties of patching remote devices that may not be connected to the corporate network, as well the probability of failed updates, present a significant risk of exposure to cyberattacks.
Recent data validates the risk exposure presented by unpatched devices and gaps in security policies or applications. Early findings from our coming 2020 State of Endpoint Resilience Report show that more than half of Windows 10 enterprise devices with versions 1903 and 1909 — those that are susceptible to CVE-2020-0796  — are more than four weeks behind installing patches. This is hugely concerning in light of another recent study that found 60 percent of all breaches are linked to a vulnerability where a patch was available, but not applied.
New Reporting and Reach Scripts
To help our customers keep up in today’s challenging times, we have created new report and reach scripts that enables IT to mitigate this vulnerability by identifying all potentially affected devices and disabling access to targeted servers until the patch is installed. In addition to the workaround for CVE-2020-0796, Absolute customers have access to more than 130 custom workflows that allow them to easily run queries or reports and then take widespread remedial action such as enforcing patch installations, turning on or repairing VPN applications for a secure connection for remote devices, and more, with just a few clicks. Because of Absolute’s unique firmware-embedded position, these actions can be enforced and executed on any device connected to the internet, even if off the corporate network.
In support of IT teams working to ensure business continuity and enable remote employees to reliably and securely connect to corporate systems amid the global outbreak of the novel coronavirus, we are providing access to our comprehensive library of custom workflows and Reach scripts for Visibility and Control tier customers at no cost through August 31, 2020.
The silver lining in our current chaotic and uncertain environment is how people across the globe are stepping in to support each other. We’ve seen time and again how organizations are lending help wherever possible and that’s certainly our goal at Absolute. IT desks everywhere are faced with mounting challenges managing and securing more and more devices from relentless cyber-attackers.
This crisis may pose a lot of questions for IT and Security teams. We are monitoring millions of activated devices across our 12,000 customers, and we are continuing to explore every possible way we can provide help to our customers and partners during this trying time. If you have critical endpoint related issues you’re battling in your business – we welcome your input and ideas. Send them our way.
For now, stay well and be safe.

Six Things to Do Now to Prepare for Remote Learning

The novel Coronavirus has caused widespread school closures with 138 countries closing schools globally, affecting over 1.3 billion students. With little notice, schools must now provide reliable and accessible online learning while ensuring their security controls stay in place.
Based on years of experience enabling remote education, we’ve put together a few ways you can leverage your existing Absolute tools to keep your students, staff, and devices safe during this period.

Maintain visibility of all devices in your fleet. Manage and control all devices from one console. Track and be alerted when missing devices call in.  Report stolen devices to Absolute’s Investigation team, and we’ll work with law enforcement to recover them.
Monitor device utilization. Absolute’s Device Usage report lets you see when, for how long and how frequently your Chromebook, Windows, and Mac devices are used. You can identify students who are not getting the full benefit from their devices or if devices aren’t being used at all.
Know if students or staff are in high-risk areas. With geofencing alerts you can set custom boundaries and be alerted when devices cross them. When students or staff are at risk, you can check in and advise on precautions.
Maintain your district’s security controls. Absolute’s self-healing capability can be extended to AV, encryption, VPN, or any other application that you depend on — so they’re always installed, up-to-date, and working correctly.
Fix vulnerabilities remotely. With Absolute, your IT team can remotely execute scripts to repair, patch, and remediate devices.
Know where your sensitive data is at all times. As teachers, support staff, and administrators work remotely, they might take sensitive data and store it locally. With regular EDD scans, you can maintain compliance with FERPA, HIPAA, and other privacy requirements.

If your district or school has new devices to enroll, you can learn how to set up new policy groups, assign licenses to groups, and activate policies in the console by visiting Absolute’s Learning Hub.
If you need any assistance or support, please contact sdrs@absolute.com

Q&A with Christy Wyatt, CEO of Absolute Software on dealing with COVID-19

In a special interview originally published in The Commentator, Absolute Software’s global CEO Christy Wyatt offers her insights and expertise into the security issues facing businesses amidst the COVID-19 crisis and offers guidance around how companies can continue to operate despite the disruption
With COVID-19 causing havoc for businesses and putting thousands of people at risk, The Commentator interviewed Christy Wyatt, CEO of Absolute Software about how tackle the crisis and the security procedures that can keep companies safe from hackers.
Christy, please can you tell us what lessons are you learning amid the outbreak of the Coronavirus?
While we have been having conversations with customers for a long time about the resiliency of their security controls, the reality is that many users are taking their devices home and working remote – which brings this discussion to a whole new level. We see companies having trial “work from home days”….asking users to stress test their remote working infrastructure and seeing how systems perform with dramatically greater capacity….at a time where every other company is doing the exact same thing.
One of the many things we help customers with is the ability to see where their security controls are in place and ready because businesses of all sizes have a heightened awareness of where their employees are.
As the virus moves quickly and the heat map evolves, knowing where your users are and who is close to risk is critical and important. We are seeing customers having business continuity discussions and taking a good look at where they may be most vulnerable. It is not lost on the security industry that as users work from home, and people are distracted with this pandemic that valuable assets could be compromised. IT, Security, HR and Leadership have to respond in unison to ensure employees are protected and Enterprise Resiliency is intact.
Have you had to make shifts and pivots in daily operations?
We have made our primary focus on protecting our customers and enabling them to have better visibility and control during this critical time. As with any company, we have done our work on business planning, remote work, and security. But in addition, we have to anticipate a fundamental change in how organisations operate – including our own. Employees will be remote, travel is less reliable, and that makes you vulnerable.
For some companies, this level of mobility is unprecedented in their workforce. We started immediately looking at what our technology can add to help our customers see where their employees are, ensure that they are protected by keeping their security controls in place where needed, and are able to take remote action on systems if required.
As a result, we are immediately making Application Persistence available for VPN apps at no charge through August. What this means is that if they are relying on VPN to keep their employees connected, we will monitor the VPN application to make sure it remains undeleted and in force.
As a result of our workforce brainstorming the issue in support of our customers, we are also working on reports for customers that map out where their endpoints are in relation to outbreak hotspots. And since our own workforce is also quite distributed, in many cases, this is about modeling what we need to do, and then automating and making it easier for our customers.
Do you fall back on certain technology due to work at home requirements?
For anyone who spends a lot of time on the road….it is back to the basics. It is audio/video conferencing, mobile productivity and collaboration solutions like Outlook or Slack, and of course, security like VPN to keep the workforce securely connected, and/or identify and access management. One of this biggest risks here is that there are large parts of any organisation that rarely work remote.
So, these controls and applications may not be configured appropriately, or the user may need rapid training on how to use them. I would expect IT Helpdesks is going to be incredibly ‘stress tested’ until there is automation introduced, like Resilience. Another great concern is going to be security itself…..because with devices being more remote, the probability of those controls going offline or devices becoming compromised could increase.
I also expect hear that in the coming weeks how bad actors are opportunistically taking advantage of the situation. Think of it as “Cyber Looting.” Enterprises need to remain vigilant that this global pandemic does not also lead to a global breach pandemic.
How is this situation changing things for you and how you are planning for other possible pandemics in the future?
One thing is for certain, and that is that every company diving into business continuity and looking at Enterprise Resilience and will emerge more prepared going forward. Let’s hope there is not another repeat performance where we get to benchmark this.

The Importance of Endpoint Resilience at RSA Conference 2020

Will you be one of the 45,000 people who are expected to attend RSA Conference 2020 in San Francisco next week? Like the topic of cybersecurity in general, the industry’s largest conference continues to increase in relevance as hackers evolve their tactics and organizations invest more in numerous security approaches to stop them.
Around the world, Absolute has been busy preparing for the big event – from executive leadership to customer success, product management to engineering, our entire team has a very full RSA schedule. This is partly because our message of endpoint resilience is now more critical than ever before.
To thwart attackers, organizations continue to layer on security controls. Despite astronomical investments being made however, research shows 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time. Organizations need complete visibility and real-time insights in order to pinpoint unprotected or ‘dark endpoints,’ identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. This is endpoint resilience and it will be front and center at RSA Conference.
Absolute Monitoring Internet Activity in the SOC
One of the places you’ll find Absolute at RSA is in the Security Operations Center (SOC). Using our endpoint resilience solution, our team will be onsite protecting RSA attendees by monitoring internet activity in real-time at the Moscone Center. Be sure to stop by, say hi, and see how it works.
CEO, Christy Wyatt Speaks About 5G
Huawei’s potential domination of 5G markets brings with it significant economic and national security risks. Concerns of unfair trade practices and compromise of 5G networks by China are intertwined and these two problems need to be treated independently: deter unfair trade practices, but also devise smart industrial policies to encourage 5G and national security review of foreign 5G equipment. Our CEO Christy Wyatt will moderate a panel of experts as they discuss #5G and the need for a new approach to looking at securing the critical capabilities that impact us as a nation on Feb. 25. Register for the event here.
The Resilience Happy Hour
Mark your calendars for our Absolute Resilience Happy Hour February 25 from 5:30 – 7:30 PM at Hotel Zetta. Come rest those conference weary feet over a drink and some appetizers with our team. RSVP today.
Find a Green Umbrella!
From London to Austin, Vancouver to San Francisco, Absolute endpoint resilience has you covered with the visibility and control you need over your endpoints. Meet us at RSA by finding one of our green umbrellas and find out how we are dedicated to providing the best endpoit resilience platform around the world.
From all of us at Absolute, safe travels to SFO. We look forward to seeing you!

Can AI and ML Bridge the Cybersecurity Skills Gap?

It is estimated there will be more than 3.5 million vacant cybersecurity jobs by 2021. As companies face an ever expanding threat landscape and pressure to be able to detect and mitigate threats faster, bridging this skill gap is critical.
Without humans to fill the void, organizations have been turning to the potential of using artificial intelligence (AI) or, more aptly, machine learning (ML) to scale out the capabilities of their existing, limited teams.
It’s not that we don’t have plenty of people working hard on solving cybersecurity problems, but that they need leverage and magnification, and machines offer that potential.
Machines deliver on speed and scale 
Machine learning has the ability to conduct the data analytics that humans find challenging or time-consuming when dealing with massive volumes of data. When properly trained, it is able to find patterns and identify the signals that matter when it comes to threat detection and recognizing anomalies. Machines can do this faster than humans, and in a world where cybercriminals also use AI and ML, speed and scale are everything.
If we take the behaviors of cybersecurity professionals and the data they’ve acted upon in the past, and train a machine using machine learning to identify those patterns and behaviors, and put them together, we can build something very powerful. This doesn’t even require full-fledged AI;  it merely requires machine learning and in fact, in most cases it probably just requires a little bit of statistics. But by doing that, we get to magnify the capabilities of that core set of people we do have, to help fill that skills gap.
We humans don’t know which signals matter until we are able to detect patterns by analyzing large volumes of data. This takes time. Machines can achieve this far faster, giving cyber security teams the advantage of speed. With Absolute, we have collected more than a petabyte of data. With such a massive volume of data, we have the wherewithal to sift through that and look for the signals. Most of this will come from software and hardware inventories, the signals about load on the system, behavior of users, finding what’s a pattern and what’s an outlier.
Using Absolute to tighten endpoint security
Organizations use Absolute as part of their endpoint security posture. Absolute Persistence is installed in the BIOS at the manufacturer and cannot be uninstalled by a user even if they uninstall the operating system. Absolute Resilience provides complete visibility into the endpoint, giving organizations details on device usage, location, which apps are installed, and the ability to freeze and wipe data if a device is compromised or lost.
A big struggle for a lot of organizations is that they’ve bought various solutions, they lay it on and have a dozen different agents installed on the endpoint. But each of these controls get deconfigured and deinstalled, and often you don’t know what you don’t know. Having a single source of truth with the persistence that it will always be able to draw the data from the endpoint no matter what the user does, that is what Absolute does to give organizations to determine what value they are getting from these tools and to improve their security posture.
Learn how Absolute Resilience can secure your endpoints and help you bridge the cybersecurity skills gap.
 
 
 

Strengthening Device Management and Endpoint Security Just Got Easier with Absolute Power of Resilience

With the increasing number and types of endpoint devices worldwide, establishing a tight knit security strategy to protect them, your users, and your data is now more critical than ever. A major cause for heartburn among IT and Security Operations teams is the consistent security and non-compliance failures occurring at the application layer.
This week, we announced that the power of Absolute’s Resilience solution and patented Absolute® Persistence™ technology now extends to more than 30 critical security applications – including, most recently, VMware® Carbon Black and Workspace OneTM as well as Crowdstrike® Falcon.
Failures at the Application Level
Organizations have long invested in Device Management, Encryption, VPN, Data Protection and other Endpoint Security tools to manage and secure devices within their fleet, protect sensitive data and maintain user productivity. The Absolute 2019 Endpoint Security Trends Report shows there are an average of 10 security agents deployed on each device at any particular point in time. A majority of these agents are easily tampered with or disabled negligently, causing multiple failures. On average, 13 percent of endpoints require at least one repair event of their AV tool every 30 days. Statistics are even more concerning for Encryption tools; 42 percent of endpoints have encryption failures at any given point in time.
Apart from inadvertent user behavior, application health is also affected by devices being reimaged, corrupted registry files, potential malware intrusions as well as the different agents essentially colliding with each other and reducing effectiveness. A majority of security events – 70 percent to be precise – originate at the endpoint.
Now more than ever, it is critical to ensure that the agents organizations invest in to maintain endpoint compliance and protect their environments remain healthy at all times.
Persisting at the Firmware Level
Most security tools in the market today operate at the operating system layer and so can be tampered with or disabled. The only way to truly secure your applications is to go to the firmware of a device to maintain connectivity and visibility across multiple security data points. Absolute Application Persistence is embedded in the firmware of close to 1 billion devices and actively monitors and remediates the health of the most-used security applications in the market today. This digital tether in the firmware ensures that Absolute’s OS agent and the agents of other security tools remain healthy and tamper proof to maintain compliance of the device and fleet overall.
AI based Endpoint Detection and Response (EDR) tools such as Carbon Black and Crowdstrike detect malware, identify unusual activity occurring on the device, and provide remediation guidance. Unified Endpoint Management (UEM) tools such as Workspace One manage devices as well as enhance end user experience through the deploying of applications, email, Wi-Fi, security settings and the provisioning of corporate resources as required.
Through automation, Application Persistence now ensures the policies and settings set through the three applications remain active to protect the device fleet from the ever-increasing list of external threats.
For more information about Absolute’s patented Persistence technology, see a complete list of the vendors and applications that make up the Absolute Resilience ecosystem. To see how Absolute’s firmware-embedded, self-healing technology ensures Greenville Health has continuous visibility and automated remediation for applications across 14,000 devices, download the case study.

Absolute is a Top 10 Cybersecurity Company to Watch For Second Consecutive Year

Absolute has again been recognized by Forbes Magazine as a Top 10 Cybersecurity Company to Watch in 2020. Written by Louis Columbus, this is the second consecutive year Absolute has made the top spot.
As worldwide spending on information security and risk management systems continues to grow and cybersecurity professionals are increasingly overwhelmed, organizations have an urgent need to improve endpoint security and resilience. Here’s an excerpt:
Absolute serves as the industry benchmark for endpoint resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers with self-healing endpoint security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required for the modern enterprise.
Organizations need complete visibility and real-time insights in order to pinpoint the dark endpoints, identify what’s broken and where gaps exist, as well as respond and take action quickly. Absolute mitigates this universal law of security decay and empowers organizations to build an enterprise security approach that is intelligent, adaptive and self-healing. Rather than perpetuating a false sense of security, Absolute provides a single source of truth and the diamond image of resilience for endpoints.
Rising Complexity
To thwart attackers, organizations today often layer on many security controls. Gartner estimates that more than $174B will be spent on security by 2022 and of that, $50B will be dedicated to protecting the endpoint. The Absolute Endpoint Security Trends Report finds that in spite of the astronomical investments being made, 100 percent of endpoint controls eventually fail and more than one in three endpoints are unprotected at any given time.
All of this has IT and security administrators grappling with increasing complexity and risk levels, while also facing mounting pressure to ensure endpoint controls maintain integrity, availability and functionality at all times, and deliver their intended value.
Clear Line of Sight
Rather than wondering if your endpoints are safe, organizations need a clear line of sight into every device, at all times. Fortifying your security posture with the power of Absolute Persistence means a persistent, self-healing connection to all devices, whether they are on the network or not. This is true endpoint resilience and the foundation of improved security.
For more on how Absolute fortifies your security with endpoint resilience and provides a single source of truth into whether or not your existing security controls are working as intended, read what our customers have to say.

10 Ways Asset Intelligence Improves Cybersecurity Resiliency And Persistence

This article was originally published on Software Strategies blog. 
Bottom Line: By securing every endpoint with a persistent connection and the resiliency to autonomously self-heal, CIOs are finding new ways to further improve network security by capitalizing on each IT assets’ intelligence.
Capturing real-time data from IT assets is how every organization can grow beyond its existing boundaries with greater security, speed, and trust. Many IT and cybersecurity teams and the CIOs that lead them, and with whom I’ve spoken with, are energized by the opportunity to create secured perimeterless networks that can flex in real-time as their businesses grow. Having a persistent connection to every device across an organizations’ constantly changing perimeter provides invaluable data for achieving this goal. The real-time data provided by persistent device connections give IT and cybersecurity teams the Asset Intelligence they need for creating more resilient, self-healing endpoints as well.
How Asset Intelligence Drives Stronger Endpoint Security
Real-time, persistent connections to every device in a network is the foundation of a strong endpoint security strategy. It’s also essential for controlling device operating expenses (OPEX) across the broad base of device use cases every organization relies on to succeed. Long-term persistent connections drive down capital expenses (CAPEX) too, by extending the life of every device while providing perimeterless growth of the network. By combining device inventory and analysis, endpoint data compliance with the ability to manage a device fleet using universal asset management techniques, IT and cybersecurity teams are moving beyond Asset Management to Asset Intelligence. Advanced analytics, benchmarks, and audits are all possible across every endpoint today. The following are the 10 ways Asset Intelligence improves cybersecurity resiliency and persistence:

Track, trace and find lost or stolen devices on or off an organizations’ network in real-time, disabling the device if necessary. Every device, from laptops, tablets, and smartphones to desktops and specialized use devices are another threat surface that needs to be protected. Real-time persistent connections to each of these devices make track-and-trace possible, giving CIOs and their teams more control than had been possible before. Real-time track-and-trace data combined with device condition feedback closes security blind spots too. IT and cybersecurity teams can monitor every device and know the state of hardware, software, network and use patterns from dashboards. Of the endpoint providers in this market, Absolute’s approach to providing dashboards that provide real-time visibility and control of every device on a network is considered state-of-the-art. An example of Absolute’s dashboard is shown below:

Asset Intelligence enables every endpoint to autonomously self-heal themselves and deliver constant persistence across an organization’s entire network. By capitalizing on the device, network, threat, and use data that defines Asset Intelligence, endpoint agents learn over time how to withstand breach attempts, user errors, and malicious attacks, and most importantly, how to return an endpoint device to its original safe state. Asset Intelligence is the future of endpoint security as it’s proving to be very effective at enabling self-healing persistence across enterprise networks.
Asset Intelligence solves the urgent problem created from having 10 or more agents installed on a single endpoint that collide, conflict and decay how secure the endpoint is. Absolute Software’s 2019 Endpoint Security Trends Report found that the more agents that are added to an endpoint, the greater the risk of a breach. Absolute also found that a typical device has ten or more endpoint security agents installed, often colliding and conflicting with the other. MITRE’s Cybersecurity research practice found there are on average, ten security agents on each device, and over 5,000 common vulnerabilities and exposures (CVEs) found on the top 20 client applications in 2018 alone.
Asset Intelligence sets the data foundation for achieving always-on persistence by tracking every devices’ unique attributes, identifiers, communication log history and more. Endpoint security platforms need a contextually-rich, real-time stream of data to know how and when to initialize the process of autonomously healing a given endpoint device. Asset Intelligence provides the centralized base of IT security controls needed for making endpoint persistence possible.
Having a real-time connection to every device on a perimeterless network contributes to creating a security cloud stack from the BIOS level that delivers persistence for every device. CIOs and CISOs interested in building secured perimeterless networks are focused on creating persistent, real-time connections to every device as a first step to creating a security cloud stack from each devices’ BIOS level. They’re saying that the greater the level of Asset Intelligence they can achieve, the broader they can roll out persistence-based endpoints across their networks that have the capacity to self-diagnose and self-heal.
Device fleets are churning 20% a year or more, increasing the urgency CIOs have for knowing where each device is and its current state, further underscoring Asset Intelligence’s value. Gavin Cockburn of ARUP is the global service lead for workplace automation and endpoint management, including how the firm acquires devices, manages and reclaims them. ARUP is using the Absolute Persistence platform for managing the many high-value laptops and remote devices their associates use on global projects. During a recent panel discussion he says that device replacements “becomes part of our budgeting process in that 33% of devices that we do replace every year, we know where they are.” Gavin is also using API calls to gain analytical data to measure how devices are being used, if the hard drive is encrypted or not and run Reach scripts to better encrypt a device if there is not enough security on them.
The more Asset Intelligence an organization has, the more they can predict and detect malware intrusion attempts, block them and restore any damage to any device on their perimeter. When there’s persistent endpoint protection across a perimeterless network, real-time data is enabling greater levels of Asset Intelligence which is invaluable in identifying, blocking and learning from malware attempts on any device on the network. Endpoint protection platforms that have persistence designed in are able to autonomously self-heal back to their original state after an attack, all without manual intervention.
Persistent endpoints open up the opportunity of defining geofencing for every device on a perimeterless network, further providing valuable data Asset Intelligence platforms capitalize on. Geofencing is proving to be a must-have for many organizations that have globally-based operations, as their IT and cybersecurity teams need to track the device location, usage, and compliance in real-time. Healthcare companies are especially focused on how Asset Intelligence can deliver geofencing at scale. Janet Hunt, Senior Director, IT User Support at Apria Healthcare recently commented during a recent panel discussion that “our geo-fencing is extremely tight. I have PCs that live in the Philippines. I have PCs that live in India. I have one PC or actually two PCs that live in Indonesia. If somebody goes from where they say that they’re going to be to another part of Indonesia, that device will freeze because that’s not where it’s supposed to be and that’s an automatic thing. Don’t ask forgiveness, don’t ask questions, freeze the device and see what happens. It’s one of the best things we’ve done for ourselves.” Gavin Cockburn says, “We actually do some kind of secretive work, government work and we have these secure rooms, dotted around the organization. So we know if we put a device in that room, what we do is, what we say is this device only works in this area and we can pinpoint that to a pretty decent accuracy.”  From healthcare to secured government contracting, geofencing is a must-have in any persistent endpoint security strategy.
Automating customer and regulatory audits and improving compliance reporting by relying on Asset Intelligence alleviates time-consuming tasks for IT and cybersecurity teams. When persistent endpoint protection is operating across an organization’s network, audit and compliance data is captured in real-time and automatically fed into reporting systems and dashboards. CIOs and their cybersecurity teams are using dashboards to monitor every device’s usage patterns, audit access, and application activity, and check for compliance to security and reporting standards. Audits and compliance reporting are being automated today using PowerShell, BASH scripts and API-based universal asset commands. Gavin Cockburn of ARUP mentioned how his firm gives customers the assurance their data is safe by providing them ongoing audits while project engagements are ongoing. “We need to show for our clients that we look after their data and we can prove that. And we show that again and again. I mean similar story, we’ve seen machines go missing, either breaking into cars, re-image three times. We wipe it every time. Put the new hard drive in, think it might be a hard drive issue, it wipes again. We never see it come online again, “ he said.
Asset Intelligence improves data hygiene, which has a direct effect on how effective all IT systems are and the customer experiences they deliver. CIOs and their teams’ incentives center on how effective IT is at meeting internal information needs that impact customer experiences and outcomes. Improving data hygiene is essential for IT to keep achieving their incentive plans and earning bonuses. As Janet Hunt, Senior Director, IT User Support at Apria Healthcare said, “right now we are all about hygiene and what I mean by that is we want our data to be good. We want all the things that make IT a valued partner with the business operation to be able to be reliable.” The more effective any organization is at achieving and sustaining a high level of data hygiene, the more secure their perimeterless network strategies become.

For more on how Apria Healthcare relies on Absolute, download the full case study.

What Do the City of Houston, Government of Canada, Eir, and Raley’s Supermarkets Have in Common?

This article was originally published in IT Pro Portal.
A Texas city, the Canadian Northwest Territories government, an Irish telecom provider, and a California supermarket chain. What ties them together? They were all impacted by headline-making data breaches involving the theft of data from an endpoint device.
Unfortunately, the string of incidents is not surprising given that 70 per cent of data breaches today originate on the endpoint and 15 per cent of them are caused by lost or missing devices. Not to mention major U.S. metros are still on alert as the “smash-and-grab” crime trend continues with cities like San Francisco reporting about 73 car break-ins per day in August alone, with laptops on the list of most in-demand and easy-to-snatch items.
It’s estimated that by 2020, the global spend on IT security is predicted to total a staggering $128 billion. But the physical thefts of laptop devices from office places, cars or otherwise, are still causing pain in the form of data leakage, exposure and regulatory issues. There are valuable lessons to be learned here, especially when endpoint breaches can be devastating to an organisation in terms of fines, reputational damage, lawsuits, and irreparable damage to customer trust.
To help organisations strengthen their endpoint security postures, we took a lens to several notable incidents that prove how vulnerable our endpoints continue to be and outlined our key takeaways:

Irish telecom company, Eir leaks data of 37,000 customers: The data of 37,000 customers of Ireland’s largest telecom provider, Eir, was compromised when an unencrypted device was stolen from outside an office building. The laptop contained personally identifiable information (PII) including names, email addresses, phone numbers, and Eir account numbers. It had been decrypted by a faulty security update the previous working day. The company was forced to report the incident to the police as well as the Data Protection Commissioner.
Stolen laptop exposes data of 10,000 Raley’s customers: Raley’s experienced a data breach affecting 10,000 pharmacy customers. The data included sensitive patient information as well as identification numbers and prescription drug records. Raley’s could not confirm whether the data had been accessed or misused, nor could they confirm if encryption was in place.
Stolen laptop compromises Houston’s health plan: A laptop stolen from an employee’s car may have contained protected health information (PHI) records of the city’s staff, including names, addresses, dates of birth, social security numbers, and medical information. The organisation couldn’t tell if data was accessed or if encryption was in place, so they had no choice but to treat the incident as a data breach.
Stolen laptop exposes health data of 80 per cent of N.W.T. Residents: A laptop was stolen from a locked vehicle in Ottawa, Ontario containing PHI of 33,661 residents of Canada’s Northwest Territories. The data included names of patients’ names, their birth dates, home communities, healthcare numbers, and, in some cases, medical conditions. The stolen laptop was a new device so the encryption process either failed or was missed.

Lessons learned
These examples show how easy an unnecessary breach can occur. But when one laptop is stolen every 53 seconds, according to Gartner, and the average total cost of a data breach is $3.92 million, it is wise to ensure organisations have measures in place to prevent putting their data at risk. Here are the top three takeaways we can apply to endpoint security strategy, as risks continue to heighten in today’s IT landscape:

Lack of visibility is a common denominator. There is a common thread across all of these cases: a lack of endpoint visibility and an inability to prove that data protection technology was in place and functioning at the time the device went missing. In addition, there was no way to know if data was accessed post incident and certainly no way to ensure the device was remotely disabled and all personal data deleted. When it comes to endpoint data protection, you’ve likely already purchased the necessary security tools, namely device encryption. The Raley’s case, though, is a reminder that there are unencrypted devices out there and attackers know it. Organisations must have the visibility to know that their controls are, in fact, turned on and working. There’s massive risk associated with not knowing the answer.

The efficacy of endpoint security tools diminishes significantly over time. Despite the increase in IT security spending, endpoint attacks are still common. Recent research shows investment in security is wasted as endpoint controls predictably decay. The reasons vary, from controls being disabled by users to underlying services becoming disabled or broken and/or communication channels inside of the operating system (OS) breaking or experiencing disruption in some way. There is no scarcity of tools and controls. The problem is that these things are not naturally resilient. If you’ve got multiple agents on the device, beware that complexity is in itself a vulnerability and understand that less may, in fact, be more. IT, security, and risk professionals are wise to focus on streamlining and simplifying when it comes to securing their organisations’ data.

Endpoint security is endpoint resilience. It may be counter intuitive, but endpoint controls are fragile. Compromise happens not because there are no guards, but often because controls compete for resources and some thrive while others fail, which defeats the goal of safeguarding data, systems and assets.

It’s important to understand that security tools conflict and collide, and that where there is friction there is decay. We must also acknowledge that these tools must be deliberately controlled in order to improve endpoint resilience.
Back to the basics
Building endpoint resiliency and improving endpoint security requires us to get back to the basics of cybersecurity and hone in on the most critical elements for ensuring data protection at scale: people, process, and technology. It is only then that organisations can start to buck the trend of spending more of their IT budget on endpoint security while still seeing endpoint data breaches grow in frequency and severity.

Tracking & Recovering Missing Devices After the Holidays

If you’re an IT professional in education, you know that missing and stolen devices are an unfortunate reality of the holidays. Students, faculty and staff become more pre-occupied with merrymaking than keeping devices safe. Not only is the holiday season prime time for thieves to stock up on valuable electronics left in airports, vehicles and cafes, but it’s also common for students and staff to misplace school-owned devices at home or while traveling. With mid-year inventories coming up, it’s inevitable that there will be plenty of missing and stolen devices.
Greater Visibility and Control
In December, Absolute introduced a new Missing Devices feature whereby Absolute customers can now track, locate, and recover missing devices. Customers now have the capability to easily understand where their devices are, who’s using them, and how to locate them — information previously only available to law enforcement. Customers can now flag devices as missing, track them within a single report, and receive an automatic alert the next time they connect to the internet. This empowers users to either self-locate a missing device and contact the student or faculty member directly, or verify that the device has been stolen so that they can file a Theft Report, provided that they are willing to prosecute and have reported the incident to law enforcement.
Absolute’s team of reliable Investigators, with a total of 115 years of combined law enforcement experience, will then immediately begin an investigation, assist the police, and facilitate the safe return of the stolen device. Absolute Resilience for Education customers may also be eligible for a Service Guarantee; a warranty to back our proven ability to recover stolen devices, provided that the police report is uploaded within 30 days of the customer submitting the theft report and other conditions are met.
This feature represents a new degree of visibility and control for our customers. At a time where technology investment safeguards have never been more critical, Absolute is leading the way in supporting educators demonstrate ROI.
To learn more about how to track and recover missing devices with Absolute, watch this webinar.

Loading

Categories