Category: Endpoint Security

How to Improve Data Security in the Financial Sector

Financial service organizations including banks, wealth advisors, insurance providers and others rely on data to power their business. As a result, they hold vast amounts of highly sensitive, personal information and today, all of it is of course digital. This treasure trove of data makes the financial services industry a highly valued target for cyber criminals and a quick check of headlines prove they have been busy taking what they want from many. From Capital One to Equifax and countless others in between, data breaches across the financial sector are massive both in scope and cost.
High Cost of Data Breaches
As this year’s Cost of a Data Breach Report by the Ponemon Institute again shows, the price tag for falling victim to hackers continues to climb. The global, cross-industry average cost is now $3.92 million – an increase of 12% over what it was just 5 years ago. Driving the rising costs for all U.S. organizations is the lost business that results from a breach including lost customers, system downtime and general business disruption.
Adding further insult to injury, the financial impact of a data breach can last for years, particularly for highly regulated industries like financial services. Long, complex governance processes in which legal fees and fines are dragged out for long periods of time are painfully common. As the regulatory environment continues to evolve, with new state data protection laws such as the California Consumer Privacy Act (CCPA) coming onto the scene for example, compliance challenges and associated fines for financial services and other industries will only grow.
3 Steps to Better Data Security
How are cyber attackers getting in? There are several studies on this and for the financial services industry specifically right now, most point to phishing attacks as the primary culprit. Intended targets include both the institution’s employees and their customers.
Regardless of tactic however, there are a few steps you can take to improve your security posture.

Know your endpoints. Comprehensive asset intelligence equips IT and security teams with the full story of their device population and provides a single source of truth into where your devices are, how they are being used, and whether or not your security controls are working as they should. The 2019 Endpoint Security Trends report found 42 percent of all endpoints are unprotected at any given time and 100 percent of endpoint security agents eventually fail. Timely insight into your users, device fleet, the apps they run, and the data they touch will help you identify blind spots that often represent a breach waiting to happen.

Fortify endpoint resilience. To mitigate risks and potential security exposures, ensure your endpoints are self-healing machines capable of safeguarding distributed data without the need for human intervention. Automated self-healing is critical when it comes to fending off the barrage of attacks you (and your users) face every day. Absolute is already embedded in your devices; you just have to activate it. OEMs, including Dell, HP, Lenovo, and Microsoft, ship their machines with Absolute’s firmware-enabled Persistence™ module. With this unshakable connection to every device, Absolute examines hygiene and compliance drift, regenerates controls and boosts the resiliency of all your endpoints.

Implement the NIST Cybersecurity Framework (NIST CSF). Because much of the high cost of a data breach comes from compliance failures, continuous compliance must become your new normal. Ongoing, flexible checks that adapt to any standard like GDPR, SOX, PIPEDA (among others) are needed to identify and restore critical security controls including AV, encryption, EDR, DLP, VPN and others that cause compliance drift when disabled or outdated. One-way organizations are responding to this continuous need for visibility and control is by adopting the NIST CSF. The repeatable framework supports proactive cybersecurity disciplines and enables scalable operations. For more, read: How to Use the NIST Cybersecurity Framework.

The financial services industry doesn’t have the sole attention of cyber criminals – no industry is immune to attack anymore. But knowing your specific risks is the first step in providing better protection for your organization as well as your customers.
For more information on how Absolute helps financial organizations protect data and remain compliant, see our solution sheet.
 

Secure More, Work Less

As digital transformation initiatives drive more hi-tech processes and connected devices, the threat landscape is more like a thicket, and IT security teams are already stretched. Device fleet security is already a heavy lift; the clever cybercriminals and skyrocketing vulnerabilities, that’s just a bonus (in reverse).
The Need for ML and AI
Mounting cyber risk is a global concern — the 2019 CEO Imperative Study from Ernst & Young shows CEOs now believe cybersecurity is the top threat to the global economy over the next five to ten years. And the rising cybersecurity skills shortage, as well as potential career burnout by existing IT security staff, makes this an international emergency.
In response to cyber fragility and the need for more effective IT operations, we recruited machines to help us meet this challenge—machine learning (ML) and artificial intelligence (AI). In a report from Capegemini, 69% of executives believe AI will be necessary to respond to cyberattacks and 73% of enterprises are testing use cases for AI for cybersecurity.
In a recent Forbes magazine article, Why AI is the Future of Cybersecurity, Absolute’s CTO Nicko van Someren puts it this way:
“It’s no surprise that Capgemini’s data shows security analysts are overwhelmed. The cybersecurity skills shortage has been growing for some time, and so have the number and complexity of attacks; using machine learning to augment the few available skilled people can help ease this. What’s exciting about the state of the industry right now is that recent advances in machine learning methods are poised to make their way into deployable products.”
The Power of Automation: Absolute Unveils New Updates to Enterprise Resilience Edition
As ML and AI balance the workload and improve response to cyber threats, automation is also the key to endpoint resilience. The Absolute Reach Library — the query and response capability in the Absolute platform —enables IT automation with 118 ready-made commands in the most recent release of the Absolute platform. Nothing is out of reach (pardon the pun), allowing IT and security teams to command any device anywhere, on or off the corporate network.
New Reach ready-to-use workflows introduced this week simplify security policy deployments and remotely manage your devices, including:

Windows Update Command: Pinpoint vulnerable devices with pending or failed Microsoft OS updates
Automated Log Analytics: Detect initial signs of endpoint security exposures and potential incidents by automatically discovering frequent and common issues from event logs
Windows Configuration Enforcement: Audit Windows features and local accounts on devices, as well as modify settings to maximize energy savings and ensure an optimal and consistent user experience

Absolute has also rolled out new Live Chat Support to give enterprise IT and security teams the consumer-like experience to realize endpoint resilience — no tickets, no email, no toll-free numbers. On-demand chat support removes the dependency on outdated modes of technology support, ensuring Absolute customers receive real-time answers and information, so they can focus on their organization’s resilience.
And there’s one, more thing… Policy is the bedrock of any security program. Because at its core, policy says, “This can do that. That cannot do this”. So, Absolute made policy simple and easy. With changes to your Absolute policy groups, you can swiftly and fluidly direct devices to dynamic policies without cycles of enroll/unenroll/reenroll that wastes valuable IT time and brain power.
Read: Creating an Information Security Policy That Works
With easy to manage and staggering speed, IT and security teams get the bedrock protection they demand (airtight policies), without the grind of manual cleanup.
Today’s threat landscape requires the automation of updates, patches and security policies in real-time. Short of that, exposures become exploits and endpoint resilience is lost.
Learn more about Reach and how Absolute enables IT to remote manage devices and seamlessly and fluidly apply and adjust security policies to any endpoint or group of endpoints.
 
 

Creating an Information Security Policy that Works

Before we talk about how to create an information security policy, it is important to clarify what information security really is.
Information security — sometimes shortened to InfoSec — is the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to ensure confidentiality, integrity, and availability.
CIA Triad: Confidentiality, Integrity, Availability
If you’ve been in the security field for a while, you probably know that information security is threefold. However, for those new to the field, information security involves three critical components of confidentiality, integrity, and availability (CIA):

Confidentiality: protection from unauthorized access
Integrity: protection from unauthorized alterations of data
Availability: ensuring timely and reliable access to and use of information

Understanding the security CIA Triad, the various principles behind it, and how it applies to your organization will help you implement a sound security policy.
Why Create an Information Security Policy?
Organizations commonly create an information security policy because “ISO 27001 says we should have one” or “it’s required for the audit.” Sure, but that’s not the primary reason for having a policy.
A security policy, or policies, are designed to mitigate risk (e.g., data breach) and are usually developed in response to an actual or perceived threat (a situation that could potentially cause undesirable consequences or impacts). The policy will contain a high-level statement of management intent and direction and should be developed or modified to support an organization’s strategic objectives.
Security policies on their own are not enough. Employees must understand what the rules are for protecting information and assets, and the reasons why security standards are developed.
Security standards are developed to set boundaries for people, processes, technologies, and procedures to help maintain compliance with policies and support the achievement of the organization’s goals and objectives.
Best Practices in Creating an Information Security Policy
After over a decade of creating security policies, perhaps the most important advice I can give any organization for creating a successful policy is to write it specifically with the organization’s strategic objectives, risk appetite and tolerance, and culture in mind.
Ensure that the policy is written by an individual that can translate security requirements at a high level in business terms. It should be written in a way employees can understand; just like a good app, it should be user-friendly. It should explain why security is important within the organization, and define everyone’s responsibilities for protecting the organization’s information and assets.
What Makes an Effective Security Policy?
What you don’t want to include in your policy is a list of “thou shalt nots.” Because in my experience, whenever a policy is full of strict directives that sound more like commandments it’s doomed to fail and it’s difficult to monitor compliance. You can avoid bloating your policy by constructing one that is clear, concise, relatable and easy to understand.
A good rule of thumb is to write it for the average, non-technical person. Within 60 seconds, it should be clear to the reader what the security policy is about. Any struggle comprehending it, and you may need to go back to the drawing board.
As mentioned earlier, an effective security policy should not only align with an organization’s strategic objectives but it should also consider the organization’s overall risk profile.
You should be able to answer these questions: How much security risk is the organization willing to tolerate? What is the consensus on security risk and do the policies and corporate mandate address that? How is the tone at the top? What is the organization’s culture towards security?
Finally, your policy should be updated annually as it helps your organization keep up to date with regulations, changes in technology and threat landscape, and industry best practices.
But the truth is too many organization’s searches for a boilerplate policy and don’t make many changes. If the policy isn’t tailored to your organization, it probably won’t be followed — I’ve seen it happen far too often.
What Should Your Security Policy Cover?
To get you started, here are 10 potential policy elements and relevant questions that should be answered when designing an enterprise security policy:

Purpose: Why do you need this policy?
Scope and Applicability: What’s the scope of the policy? Whom does this policy apply to?
Policy Authority and Review Cycle: Who has the Board or CEO granted authority to establish security policies and standards? Who can approve the policy? Who can update the policy? If there is a requirement in the policy that cannot be met, is a policy exemption request submitted?
Policy Review Cycle: How often will the policy be reviewed?
Company Culture: How can the policy adapt to your corporate culture? Does your organization’s culture support your security efforts? Do you have commitment and support from senior executives?
Topics of Focus: What topics (e.g., Email & Internet, BYOD, Social Media), should be included in your policy that you would like employees to be aware of as it relates to security responsibilities around your organization’s information and assets?
Specific Information Security Policies: What policies will cover a subsidiary area of information security (e.g., Key Management, Security Incident Response, Firewall) that further mandates the information security controls required at an operational level?
Training: How does the organization approach security awareness? What methods are used for awareness training and how often does training occur?
Communication: Who do employees contact when they have questions about anything security-related? How will you communicate the security policy? Will you require employees to acknowledge and sign off on your policy?
Compliance: How will you monitor compliance with this policy?

Read: 5 Quick Tips To Mitigate Insider Threats
The Importance of Policy Enforcement
A security policy can only be effective if employees are confident that rules will be enforced. There must be clear responsibilities defined for compliance as well as stipulations regarding steps that will be taken for non-compliance.
Depending on an organization’s industry, the security policy should reference the importance of adherence to that industry’s regulations. This may include the PCI Data Security Standard, the Dodd-Frank Wall Street Reform, the Federal Risk and Authorization Management Program (FedRAMP), the General Data Protection Regulation (GDPR) or HIPAA (Health Insurance Portability and Accountability Act), to name a few.
Read: What Is Regulatory Compliance?
To achieve best enforcement results, your policy should be in-sync with the current threat landscape as well as privacy regulations. When a policy reflects what is happening online (think phishing, ransomware (malware), privacy fines etc.), you have a better chance of employees following along. If that policy is clear and understandable, enforcement is easier.
When writing your policy, keep compliance and enforcement in mind. If you don’t think you can follow through with the rules for a specific element of the policy, it may need to be re-written.
Ultimately, the policy must not impede the organization and its employees from achieving its mission or goals.
To find out how to benchmark your security posture, download our Cybersecurity Frameworks Solution Sheet 

Quantifying K-12 Device Use with Absolute

K-12 schools across the country rely on technology to further individualized learning but quantifying the efficacy of this effort and maintaining the fleet of devices that one-to-one computing requires comes with unique challenges. With funding opportunities on the decline, schools are increasingly challenged to prove that technology has had a meaningful impact on student outcomes.
Loudoun County Public Schools (LCPS) is the third largest school division in the Commonwealth of Virginia with more than 78,000 students in 89 facilities. In order to support their personalized learning initiative, the district invested heavily in a one-to-one program for students and staff, adding thousands of devices for use in-classroom, at home, or by teachers who travel.
The Challenge: Demonstrate Device Use and Keep Them Secure
In order to secure the budget for the purchase of tens of thousands of devices, Dr. Rich Contartesi, CIO for LCPS, was tasked with demonstrating device utilization rates, no matter if the device was on or off the school network, to drive consensus that teachers did need a laptop and that students were benefiting from using laptops in the classroom. The Board also needed assurances that security of sensitive data and device theft recovery were prioritized to safeguard the investment in these devices.
Read: Student Technology Analytics Key to K-12 Digital Learning
The Results: Increased Device Utility and Minimized Risk
Using Absolute, LCPS was able to provide quantitative information on device utilization rates right away. With security in mind, LCPS chose to purchase Dell laptops, which are protected from the factory with Absolute Persistence. Out of the box, these devices are able to withstand tampering and may be tracked no matter where they travel. With Absolute, the LCPS IT team now receives automated alerts on anomalies, so they can focus on reviewing potential security issues and taking action to ensure endpoint protection and data privacy.
“We were able to provide the board with quantitative information about device utilization that derives consensus so the budget could be approved. Also, peace of mind with security, privacy and theft recovery,” Contartesi said.
With Absolute, LCPS now has peace of mind of endpoint security, device theft recovery and data privacy. They have minimized their risk and increased the value and utility of their devices.
Learn more about how Absolute enables personalized learning at Loudoun County Public Schools by minimizing risk and increasing device utility.

The Rise of the Mobile Workforce Presents Data Security Challenges

Today’s workforce has undergone a significant transformation. As organizations adopt more flexible work policies to accommodate shifting demographics, we are not far away from a workplace in which the majority of employees are considered “contingent.” According to a recent Intuit report, 40% of the workforce will be “contingent”—self-employed, contractors and temps — by 2020.
More importantly, however, the mobile workforce of today probably includes your typical employee. In fact, over half of the U.S. population can be considered a remote worker. This number is only expected to increase each year. 
Mobile Users Are Everywhere
For most organizations, the definition of a mobile user has expanded dramatically and can almost be anybody in the company. Some may work from home only one day per month, or even if you have a laptop — guess what? You’re a mobile user. If you’re on vacation and bringing a company device along, you’re a mobile user. Think about your organization and try to find an employee who doesn’t meet this current definition. Unless you’re a financial institution that doesn’t allow employees to have a laptop, almost all of your employees can probably be considered a mobile user.
With the rise in both the BYOD-friendly mobile policies and a contingent workforce, there’s a significant strain on data security. For most companies, mobile users present the most significant risk.
Generally speaking, most data breaches can be tied to people, especially those with the least amount of training and oversight.
Read: The Insider Threat Is Real
It’s Only Overwhelming If Not Managed
Not only that, but as we add so many security controls in our organizations that it’s easy to get sloppy. It seems like year after year, there’s more for IT departments to manage and it can be overwhelming. You need to put in practices to filter out the exceptions and determine what’s bubbling up to the top, particularly with the remote workers.
Before we address how mobile workforce risk can be mitigated, there’s one risk that is often overlooked, which not only pertains to the mobile workforce but also in-office employees. It surrounds employee terminations — whether they give notice on their own or are terminated.
Your staff may have access to one or more mobile devices, and as soon as the employee is terminated, you should consider freezing the device so it can’t be used before it’s returned. Even if it gets lost in the mail or the employee refuses to return it for some reason, the device would be unusable and any data on it would be protected.
Read: Avoiding Endpoint Bloat
When it comes to working with mobile users, freelancers, contractors or business partners of any kind, organizations should:

Assess Risk: Conduct, and respond to, regular risk assessments that look both at how data is stored and how data is accessed.
Harden access: Ensure access to internal systems requires strong authentication and apply strict limits on information available to the outsider. Experts recommend two-factor authentication techniques, such as a combination of a token and a password, for external access.
Isolate access: Cordon off externally-accessed systems and networks from the rest of the internal network using internal firewalls (similar to a network DMZ used to isolate sacrificial servers). Log and review traffic that traverses the internal firewalls to the externally-accessed systems.
Log and audit: Maintain and review logs of external access. Unexpected access may turn out to be a false alarm, but check and verify.
Regularly review: Business partners, freelancers and contractors come and go; and their IT needs may change over time. Restrict or revoke access as necessary.
Use Mobile Device Management (MDM) software whenever possible to manage endpoints.
Test security patches as extensively as possible without disrupting corporate workflow. When Patch Tuesday comes, you should test for a week, and once you’re comfortable in a testing environment you can push the patches to the rest of the organization.
Remind your employees not to leave laptops in their car or unattended.
Lock your screen even at home, as your kids or a visitor can get access.
Use a secured VPN connection to your network whenever possible.
Embrace cybersecurity training! A cybersecurity-aware staff may be the best defense against potential attacks and threats. Have fun with this, and include a corporate rule that anyone leaving their screen unattended has to buy donuts for the team.
Don’t bring corporate devices to unfriendly foreign countries.

Ultimately, every organization must be prepared for a breach with a data breach response plan and a trained team to handle the incident. This can help both mitigate the breach and its fallout.
We understand that managing a mobile workforce can be overwhelming. But we’ve got you covered if you want to gain a better grasp of the cybersecurity basics around threats, risk and protection. Review our comprehensive cybersecurity 101 guide.
 

How Businesses Can Protect Devices from Cyber Attacks

Christy Wyatt, CEO of Absolute Software, spoke on Yahoo Finance’s web show, The Final Round, on June 19, 2019 to provide her expert opinion on endpoint security, the IPO market, what it’s going to take to out-innovate bad actors, and how to protect your data.
“Security is a journey. It’s not like there’s a checklist: you do ten things and it’s covered,” Wyatt informed viewers. “While we’re spending more and more on security, $124B this year as an industry, and a lot is going on these devices, it’s the fact that we have so many security controls that are creating a vulnerability that conflict with one another and decay over time.”
To learn more about the inevitable degradation of endpoint security controls, download the “2019 Endpoint Security Trends Report – New data security threats revealed from global study of six million devices.”
 

The Question that Sparked the 2019 Endpoint Security Trends Report

At the beginning of 2018, the security research team at Absolute began to examine a widely overlooked conundrum facing IT and security professionals around the world:
Spending on security products, in particular, endpoint security products, was expanding. However, IT and security teams reported little confidence in their ability to protect the enterprise.
And they had a point: despite the spending frenzy, endpoints are still the source of more frequent and more severe breaches.
It didn’t make sense. While the global spend on IT security is predicted to total a whopping $128 billion by 2020, our perception of security-resilience is in decline. And for good reason — over two-thirds of companies are still being compromised by attacks that originate on the endpoint.
We asked ourselves, “Why is the investment not paying off?” Indeed, Forrester and Gartner have been warning about the dangers of equating IT security spending with security and risk maturity for several years. Yet despite these warnings, IT and security buyers continue to throw money at the problem.
But, if the spending playbook would have worked, then the spending playbook would have work. It doesn’t, it never has. So, Absolute’s research team went on a mission to find the answer to a burning question:
What is happening on the endpoint that’s causing our expensive endpoint security solutions to fail us?
Our research team had access to anonymized data from over one billion control events on over six million devices from 12,000 organizations across North America and Europe. So we embarked on a year-long journey to answer this question that then went on to spark the 2019 Endpoint Security Trends Report that shook up the cybersecurity world.
The Endpoint Resilience Index
Our researchers built and applied an Endpoint Resilience Index to the data sample to establish a baseline. We then monitored the results over a 12-month period to see how security solutions performed during that timeframe.
The Endpoint Resilience Index applies the method used by the World Economic Forum’s Environmental Performance Index to track the overall direction of key variables of quality.
To provide further context to the quantitative data, we commissioned a third-party research organization to conduct in-depth, exploratory interviews with senior executives from Fortune 500 organizations. This year-long analysis led to three main discoveries:

40 percent of endpoint security spend is voided on solutions that don’t work (due to missing and broken agents or disabled controls)
The effectiveness of endpoint security agents decays over time — reliably and predictably
Security gaps created by control decay is IT leadership’s most severe vulnerability

If Endpoint Security Worked, then Endpoint Security Would Work
The biggest, scariest, most eye-watering discovery from the analysis was that the security solutions that we rely on to protect our devices — and the data that lives on them — fail often. It’s no wonder we don’t trust them.

100% of devices that experienced an encryption failure in one year
19% Failed agents requiring at least one repair every 30 days
28% Endpoints unprotected at any given time

 
Source: 2019 Endpoint Security Trends Report
No devices lasted a year without an encryption failure, one-third of the sample had no functioning endpoint protection at any given time, and one-fifth of them required at least one repair within 30 days. Not very comforting, right?
In our estimation, the biggest contributing factor to the frequent failure rate is endpoint complexity.
Endpoint Complexity Exacerbates the Issue
Our findings demonstrated that when it comes to endpoint security, less is more. We found that devices can have 10 or more endpoint security agents installed. Nine of those agents come from the same five technology categories: encryption, unified endpoint management (UEM), endpoint detection and response (EDR), endpoint protection platform (EPP/AV/AM), and virtual private network (VPN).
This means that multiple technologies exist on any given endpoint to perform the same task. The likelihood that these agents will conflict and collide with one another is high. This creates a poor user experience and — more importantly — creates blind spots for security teams and disrupts key security controls.

 “We should be testing this stuff before we put it out there. If we have 10 to 12 agents per device, we need to understand how they’re interacting with one another before they’re released into the wild. How do we know we’re not completely poisoning the well? Because that is an expensive well to unpoison.”
Renee Murphy
Principal Analyst for Security and Risk Professionals, Forrester
 Source: The State of the Endpoint in 2019 Webinar

Re-establishing Confidence in Endpoint Security
Despite having a huge range of tools and technologies at our disposal — all endorsed by analyst quadrants, waves, and grids — we are failing to move the needle on endpoint security must be immense. The frustration is immense.
Endpoint security tools should not be allowed to take a day off and abandon their posts when they’re needed most. And if they do, IT and security professionals should at least know about it. We need to know when the tools we depend on are not dependable.
Thankfully, there’s one security watchdog that never sleeps — and it can ensure your other tools stay alert also. Absolute’s Persistence® technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. This persistent connection enables IT and security professionals to keep a close eye on existing agents and controls to ensure they’re always performing as they should. And then automatically self-heal when they break. It can even be extended to other endpoint security tools to ensure they self-heal if they’re missing or broken. So you can maximize the value of your existing investments.
Conclusion
Just over 18 months ago, our security research team took the initiative to face IT’s biggest quandary head on and address our most burning question: What is happening on the endpoint that’s causing our expensive endpoint security solutions to fail us?
Instead of accepting the conundrum and moving on, our tenacious team dug deep to shine a light on what’s happening on the endpoint.
The results speak for themselves. It’s now clear why IT and security professionals are still losing sleep about endpoint security — and spending more money in an attempt to quell their fears. Now that we better understand the problem, we’re in a position to address it. Talk to Absolute to see how you can gain greater persistence, intelligence, and resilience on your endpoints.
Download the Full Report
If you’re interested in taking a deeper dive into the state of endpoint security, you can read the full report: 2019 Endpoint Security Trends Report.

Absolute Named Top 10 Cybersecurity Company to Watch in 2019

Absolute was recognized this week by Forbes magazine in the Top 10 Cybersecurity Companies to Watch by Louis Columbus. As the cybersecurity industry continues to experience unprecedented growth, endpoint resilience, visibility and control is more important than ever. Here’s an excerpt:
“Enterprises rely on Absolute to cut through the complexity to identify failures, model control options and refocus security intent. Rather than perpetuating organizations’ false sense of security, Absolute enables uncompromised endpoint persistence, builds resilience and delivers the intelligence needed to ensure security agents, applications, and controls continue functioning and deliver value as intended. Absolute has proven very effective in validating safeguards, fortifying endpoints, and stopping data security compliance failures.” – Forbes Magazine

In short, security agents fail reliably and predictability. Without visibility into the army of security agents you have running – you simply don’t know what’s working and what isn’t.
A Growing Need
As mega breaches continue to dominate headlines and the number of qualified personnel lags behind explosive job growth, Gartner predicts worldwide IT security spending will exceed $124 billion this year. This is more than double the $60 billion price tag reached just three years ago. The need for innovative responses to combat the barrage of cyber threats is reaching emergency levels, especially as data security regulations evolve and clean-up costs climb. One research firm estimates the global cost of cybercrime will reach $6 trillion annually by 2021.
Chief security officers are scrambling to build solid defenses while also championing the critical need for better data security across their organizations. Likewise, security vendors are building solutions that stop attackers in their tracks, particularly at the endpoint where 70% of breaches begin. But because cyber criminals are notoriously tenacious and there’s always more than one way in, organizations are forced to layer on multiple security tools to protect their data including encryption, anti-virus, anti-malware, patch management and others. While this approach certainly isn’t wrong, there are gaping holes in that theory too.
False Sense of Security
Complexity at the endpoint causes significant problems and often provides organizations with a false sense of security, not to mention negative ROI on the security dollars they worked so hard to secure. Too many agents — 10 on average according to our 2019 Endpoint Security Trends study of more than 6 million devices — will cause failure regularly and predictably. They are extremely fragile, degrade quickly, and create unnecessary friction for users so it’s inevitable that these agents will collide, be disabled by users, or go unpatched. These blind spots hinder the visibility of IT and security leaders and leave endpoints — and the organizations to which they belong — increasingly vulnerable over time.
Get our 2019 Endpoint Security Trends Report for more on how endpoint security agents fail.
Before layering on more tools, it’s important to first validate what you have and how well they are working. Without this critically important first step, a security team’s best efforts (and your budget) are likely wasted. The Motley Fool recently published an article on the importance of cybersecurity and, noting the rising costs of damages and a persistent need for security, the opportunities for Absolute are sizable. We couldn’t agree more.

Reducing Data Security Complexity: Avoiding Endpoint Bloat

According to Gartner, worldwide IT spending is projected to total $3.76 trillion in 2019, an increase of 3.2 percent from 2018. Today, 24 percent of the overall spend is allocated to endpoint security tools.
But there’s a dangerous downside to this investment: when tools collide, when they battle for resources, all fail. This reality renders systems and assets unprotected and vulnerable. Meanwhile, the organization is left with a false sense of security.
Complexity is the single largest contributing factor to the rising security failure rate. For starters, devices can have 10 or more endpoint security agents, and still, 70 percent of breaches originate on the endpoint and 100 percent of devices will experience an encryption failure within a year.
Recent research, which analyzed more than six million enterprise devices over a one-year period to uncover what causes security tools and agents to fail, found that nine out of 10 agents installed are from the same five technology categories: encryption, unified endpoint management (UEM), endpoint detection and response (EDR), endpoint protection platform (EPP/AV/AM), and virtual private network (VPN).
Ultimately, this means that multiple technologies exist on any given endpoint to perform the same task and the likelihood that these agents will conflict and collide with one another is high. But why? The answer lies in the fact that every control, app, and agent is tapping into hardware and software resources — a zero-sum game in which some feast while others starve.
Endpoint complexity also puts a strain on resources. A report by Ponemon found that 50 percent of companies require more than 35 full-time employees to manage their endpoints. The same report found that 425 hours are wasted weekly on false security alerts, likely due to conflicting endpoint agents sending convoluted signals back to SIEM solutions.
Fortifying the Endpoint
Today, endpoints are fragile, degrade quickly, and create unnecessary friction amongst each other. But investing more money on more security tools does not protect enterprises from threats. It triggers risk. Here are three tips to fortify the endpoint:

Reduce Complexity: Rather than spending more, IT and security teams should strive to reduce complexity on the endpoint and focus on ensuring that existing security tools are fortified, more resilient, and less inclined to fail. Measuring IT complexity entails identifying redundancy that is self-imposed by overloaded endpoints. Begin with these questions: Where is there agent creep, driver creep or app creep within your endpoints? What are all the OS types, device types, and client types within your organization? What is the lifecycle process?

Maintain Visibility:Once the complexity problem is reeled in, it is critical to achieve ongoing and true visibility across all device activity within and outside of your network.

Get Encryption Right: Encryption is the staple security tool most often taken for granted. While it can certainly provide protection, it is not a “set it and forget it” solution — whether disabled by users or through malfunction, encryption is regularly broken, disabled, misconfigured, or missing entirely. In fact, research shows, at any given point in time, over 42 percent of endpoints experience encryption failures.

Visibility is Key
In order to strengthen endpoint security and avoid endpoint bloat, enterprises need to unlock value from existing investments. Investing more money into exciting new technologies is pointless if basic measures – visibility, control, and resilience – are not operating effectively first. Specifically, IT and security leaders must create an environment which fosters a path to:

Intelligence: Knowing what’s happening across their device fleets

Command: Seamless and automated responses to security decay

Resilience: Regenerated broken/disabled controls, apps, and agents – security immortality

Take a moment to consider your own environment. Do you have an understanding that spans time and space (intelligence histories and universal sight to all devices)? Can you validate exposures are mitigated? Can you withstand the reliable and predictable march of security decay?
These are the questions our newly minted environments are ready to answer: Yes, I know the inner workings of each device and can model moves throughout the population. Yes, I can seize command, never lose my grip, and instantly reclaim security slides and yes, my security agents are now immortal, because I have taken steps to halt endpoint entropy with the unflinching power of persistence.
Whether agents, particularly security control agents, persist over time is the only metric worth our attention, because it puts a spotlight on the greatest hidden danger of all: the naturalness of security decay. Things fall apart. Rust never sleeps. Agents topple over.
Decay is the fate of all security agents. But if these serve as the foundation of our security goals or most technical expression of security intent, then what could possibly be more important? It’s also not a question of whether security decay is happening in your environment, you can rest assured it is. What must be asked is, will you persist through it? This question demands an answer.
Ideally, organizations reduce their overall security costs by monitoring how their endpoint controls work (or don’t) to reduce endpoint security decay. They validate safeguards and eliminate compliance failures. And they respond to threats and exposures with the confidence to control devices from anywhere.
As a result, organizations can eliminate spending on ineffectual technology, and reduce the number of agents, while ensuring that endpoints are more secure than ever. Sometimes less really is more.
Originally printed in Information Management
For more information on endpoint security tool degradation, download the 2019 Endpoint Security Trends report. 

3 Steps to Strengthen Enterprise Endpoints

Cybersecurity threats are becoming more sophisticated — as evidenced by the spike in high-profile data breaches in recent years. Yet, most enterprise organizations feel more secure than they actually are. The three steps outlined below will help you to strengthen your endpoint security and remediate threats before they can cause damage.

Loading

Categories