Category: Endpoint Security

Absolute Named Top 10 Cybersecurity Company to Watch in 2019

Absolute was recognized this week by Forbes magazine in the Top 10 Cybersecurity Companies to Watch by Louis Columbus. As the cybersecurity industry continues to experience unprecedented growth, endpoint resilience, visibility and control is more important than ever. Here’s an excerpt:
“Enterprises rely on Absolute to cut through the complexity to identify failures, model control options and refocus security intent. Rather than perpetuating organizations’ false sense of security, Absolute enables uncompromised endpoint persistence, builds resilience and delivers the intelligence needed to ensure security agents, applications, and controls continue functioning and deliver value as intended. Absolute has proven very effective in validating safeguards, fortifying endpoints, and stopping data security compliance failures.” – Forbes Magazine

In short, security agents fail reliably and predictability. Without visibility into the army of security agents you have running – you simply don’t know what’s working and what isn’t.
A Growing Need
As mega breaches continue to dominate headlines and the number of qualified personnel lags behind explosive job growth, Gartner predicts worldwide IT security spending will exceed $124 billion this year. This is more than double the $60 billion price tag reached just three years ago. The need for innovative responses to combat the barrage of cyber threats is reaching emergency levels, especially as data security regulations evolve and clean-up costs climb. One research firm estimates the global cost of cybercrime will reach $6 trillion annually by 2021.
Chief security officers are scrambling to build solid defenses while also championing the critical need for better data security across their organizations. Likewise, security vendors are building solutions that stop attackers in their tracks, particularly at the endpoint where 70% of breaches begin. But because cyber criminals are notoriously tenacious and there’s always more than one way in, organizations are forced to layer on multiple security tools to protect their data including encryption, anti-virus, anti-malware, patch management and others. While this approach certainly isn’t wrong, there are gaping holes in that theory too.
False Sense of Security
Complexity at the endpoint causes significant problems and often provides organizations with a false sense of security, not to mention negative ROI on the security dollars they worked so hard to secure. Too many agents — 10 on average according to our 2019 Endpoint Security Trends study of more than 6 million devices — will cause failure regularly and predictably. They are extremely fragile, degrade quickly, and create unnecessary friction for users so it’s inevitable that these agents will collide, be disabled by users, or go unpatched. These blind spots hinder the visibility of IT and security leaders and leave endpoints — and the organizations to which they belong — increasingly vulnerable over time.
Get our 2019 Endpoint Security Trends Report for more on how endpoint security agents fail.
Before layering on more tools, it’s important to first validate what you have and how well they are working. Without this critically important first step, a security team’s best efforts (and your budget) are likely wasted. The Motley Fool recently published an article on the importance of cybersecurity and, noting the rising costs of damages and a persistent need for security, the opportunities for Absolute are sizable. We couldn’t agree more.

Reducing Data Security Complexity: Avoiding Endpoint Bloat

According to Gartner, worldwide IT spending is projected to total $3.76 trillion in 2019, an increase of 3.2 percent from 2018. Today, 24 percent of the overall spend is allocated to endpoint security tools.
But there’s a dangerous downside to this investment: when tools collide, when they battle for resources, all fail. This reality renders systems and assets unprotected and vulnerable. Meanwhile, the organization is left with a false sense of security.
Complexity is the single largest contributing factor to the rising security failure rate. For starters, devices can have 10 or more endpoint security agents, and still, 70 percent of breaches originate on the endpoint and 100 percent of devices will experience an encryption failure within a year.
Recent research, which analyzed more than six million enterprise devices over a one-year period to uncover what causes security tools and agents to fail, found that nine out of 10 agents installed are from the same five technology categories: encryption, unified endpoint management (UEM), endpoint detection and response (EDR), endpoint protection platform (EPP/AV/AM), and virtual private network (VPN).
Ultimately, this means that multiple technologies exist on any given endpoint to perform the same task and the likelihood that these agents will conflict and collide with one another is high. But why? The answer lies in the fact that every control, app, and agent is tapping into hardware and software resources — a zero-sum game in which some feast while others starve.
Endpoint complexity also puts a strain on resources. A report by Ponemon found that 50 percent of companies require more than 35 full-time employees to manage their endpoints. The same report found that 425 hours are wasted weekly on false security alerts, likely due to conflicting endpoint agents sending convoluted signals back to SIEM solutions.
Fortifying the Endpoint
Today, endpoints are fragile, degrade quickly, and create unnecessary friction amongst each other. But investing more money on more security tools does not protect enterprises from threats. It triggers risk. Here are three tips to fortify the endpoint:

Reduce Complexity: Rather than spending more, IT and security teams should strive to reduce complexity on the endpoint and focus on ensuring that existing security tools are fortified, more resilient, and less inclined to fail. Measuring IT complexity entails identifying redundancy that is self-imposed by overloaded endpoints. Begin with these questions: Where is there agent creep, driver creep or app creep within your endpoints? What are all the OS types, device types, and client types within your organization? What is the lifecycle process?

Maintain Visibility:Once the complexity problem is reeled in, it is critical to achieve ongoing and true visibility across all device activity within and outside of your network.

Get Encryption Right: Encryption is the staple security tool most often taken for granted. While it can certainly provide protection, it is not a “set it and forget it” solution — whether disabled by users or through malfunction, encryption is regularly broken, disabled, misconfigured, or missing entirely. In fact, research shows, at any given point in time, over 42 percent of endpoints experience encryption failures.

Visibility is Key
In order to strengthen endpoint security and avoid endpoint bloat, enterprises need to unlock value from existing investments. Investing more money into exciting new technologies is pointless if basic measures – visibility, control, and resilience – are not operating effectively first. Specifically, IT and security leaders must create an environment which fosters a path to:

Intelligence: Knowing what’s happening across their device fleets

Command: Seamless and automated responses to security decay

Resilience: Regenerated broken/disabled controls, apps, and agents – security immortality

Take a moment to consider your own environment. Do you have an understanding that spans time and space (intelligence histories and universal sight to all devices)? Can you validate exposures are mitigated? Can you withstand the reliable and predictable march of security decay?
These are the questions our newly minted environments are ready to answer: Yes, I know the inner workings of each device and can model moves throughout the population. Yes, I can seize command, never lose my grip, and instantly reclaim security slides and yes, my security agents are now immortal, because I have taken steps to halt endpoint entropy with the unflinching power of persistence.
Whether agents, particularly security control agents, persist over time is the only metric worth our attention, because it puts a spotlight on the greatest hidden danger of all: the naturalness of security decay. Things fall apart. Rust never sleeps. Agents topple over.
Decay is the fate of all security agents. But if these serve as the foundation of our security goals or most technical expression of security intent, then what could possibly be more important? It’s also not a question of whether security decay is happening in your environment, you can rest assured it is. What must be asked is, will you persist through it? This question demands an answer.
Ideally, organizations reduce their overall security costs by monitoring how their endpoint controls work (or don’t) to reduce endpoint security decay. They validate safeguards and eliminate compliance failures. And they respond to threats and exposures with the confidence to control devices from anywhere.
As a result, organizations can eliminate spending on ineffectual technology, and reduce the number of agents, while ensuring that endpoints are more secure than ever. Sometimes less really is more.
Originally printed in Information Management
For more information on endpoint security tool degradation, download the 2019 Endpoint Security Trends report. 

3 Steps to Strengthen Enterprise Endpoints

Cybersecurity threats are becoming more sophisticated — as evidenced by the spike in high-profile data breaches in recent years. Yet, most enterprise organizations feel more secure than they actually are. The three steps outlined below will help you to strengthen your endpoint security and remediate threats before they can cause damage.

Security Basics for One-To-One Computing In Education

One-to-one (or 1:1) computing can be a game-changer for K-12 schools, but before embarking on any hardware strategy, it’s critical to understand the big picture of how devices and endpoints should be managed.
First, a brief definition: one-to-one computing refers to a system in which every student has his or her own internet-connected laptop or tablet to use 24/7. In most cases, students use these devices at school and at home to work, communicate, collaborate, and research.
Before committing to a 1:1 program, you’ll want to answer these questions:

Are devices being used? When? How much?
Is it consistent across the district, e.g. different students, classrooms, levels, schools?
What decisions could the district make based on usage information?
Are students allowed to take computers home?
When there’s inclement weather, can you validate students are actually using the devices?

Bountiful Benefits
The advantages for schools that embrace a 1:1 program are numerous. The most prominent is equal access and standardization, leveling the playing field for every student regardless of their learning abilities or demographic background.
When each student has a device, engagement increases and passive learning drastically declines. Even better, lesson or class content can be delivered digitally — which encourages independent study and allows the teacher to devote more class time to students who may require additional assistance.
Collaboration is also enhanced, in which group projects can be tackled during or after class via online collaboration tools.
On the administrative side, the capability for easy device upgrades, simplified networking, and the overall ability to monitor student progress and online behavior are huge selling features. 
Getting Real About the Challenges
However, 1:1 is not without its obstacles. The most obvious hurdle being costs — and it goes beyond the direct hardware costs. Schools must factor in the human resource overhead for increased student training and general computer literacy as well.
Professional development and training for the devices and their applications can take up significant time and focus.
One can also argue that too many 1:1 applications stress technology over learning and that these laptops and tablets may detract from learning. Depending on the curriculum or teacher, managing all these devices and applications may become too burdensome.
One of the major consequences of 1:1 programs is managing all of those devices, which can include provisioning devices, deploying applications, keeping them secure, managing returns at the end of the school year, and more.
Adding to the burden is when schools adopt a BYOD policy.
Why 1:1 is better than BYOD
BYOD brings about a myriad of issues that some schools probably want to avoid. Whereas a standardized device policy means the same equipment for every student, BYOD means a growing disparity that further disadvantages low-income families. Next, the rise in the number of devices being carried to and from school can endanger student safety, making them a prime target for thieves. Further, lost or stolen student devices have a major impact on learning, with no school-district management capability to track or recover these devices.
While BYOD is obviously appealing, the main issues in management, equality of learning and security are driving many districts to reconsider and adopt a 1:1 program instead.
When a school can maintain visibility and control of its devices, students are better protected. The school can be alerted of any suspicious activity so they can remotely detect and remediate at-risk devices.
What It Means For Education To Have Embedded Endpoint Security
Finally, to save even more on IT resources, a year-round 1:1 program can work wonders. Think about it: what happens at the end of the year when all your devices must be collected? It places an unnecessary drain on IT resources. With the support of endpoint tools, districts can perform remote device maintenance, keep track of device inventory and automatically enforce compliance with student privacy regulations such as the Children’s Internet Protection Act (CIPA) —preventing students from accessing harmful content or doing something harmful themselves (like hacking).
Beating The Summer Brain Drain
With these tools in place, supporting a year-round 1:1 program is more manageable. What’s more, these programs can be instrumental in supporting student’s education and the inevitable “Summer Brain Drain.” The stats don’t lie: students lose an average of two months of reading skills and 2.6 months of math skills over the summer, and teachers spend up to six weeks of fall class time re-teaching old materials to make up for this loss.
Ultimately, education is no different from other industries in that endpoints (like student tablets and laptops) must be properly managed. Remember, most successful breaches begin at the endpoint (according to an IDC study, the endpoint was the cause of 70 percent of successful breaches).
If these devices are not well-managed, attacks can quickly morph from a brushfire to a widespread blaze. Maintaining visibility and control of your endpoints is crucial.
Learn more about how Absolute is making a difference in one-to-one programs by watching our Santa Margarita Catholic High School’s One-to-one Program video.
 

Five Quick Tips to Help Companies Mitigate Insider Threats

Traditionally, the insider threat was defined as an employee with malicious intent to harm the company by stealing data or property. Sometimes even transcending the IT realm for incidents like workplace violence. But today, the most insidious form of insider threat is from people who are just irresponsible. For example, if a company issued laptop is left in the car that gets broken into, and the laptop gets stolen — that is an insider threat. The good news is that you can teach people to be responsible. In this post we will share the most common mistakes employees make that create risk, plus five quick tips that can help companies mitigate insider threats.
Types of Insider Threats
The term insider threat is broad in scope and can cover many different examples. Here in the Investigations & Recovery Services team at Absolute, we began categorizing the different scenarios in which endpoints can be at risk to be lost or stolen, and what we quickly realized was that almost all of them resulted from some insider threat.
Read: The Evolution of Insider Threats
While most of the headlines proclaim the biggest threats to an organization come from hacking and ransomware (which are undoubtedly non-malicious insider threats when an employee clicks on a link they shouldn’t have), the most likely cause of data loss is not due to malicious cybercriminals, but simple human nature.
Every year, thousands of endpoints are lost or stolen in coffee shops, bars, airports, taxis, parking lots, hotels, conferences, restaurants, subways, offices, schools, buses, and residences. Often, the endpoint is left unattended in one of these places, either intentionally or accidentally, and before the user realizes it and can return to collect their belongings, the endpoint – and the data it contains – is gone.
Physical Endpoint Protection
For this article, we will be focusing primarily on the insider threat to an organization’s physical endpoints.
We hear about employees leaving laptops in their cars all the time. They’ll cover them with a towel or something, or they’ll leave them in a backpack left on the seat.
When they return to the car, they discover that a thief has stolen it.
It’s a common scenario.
Stolen devices can quickly and easily be converted to cash by criminals, who often take it to a pawn shop, computer repair store, or a local individual who is familiar with computer basics, where the hard drive may be replaced. The facilitator may actually purchase the stolen computer from the thief and attempt to resell it to an unsuspecting customer. Stolen computers are routinely purchased by innocent third parties on eBay, Craigslist, and other apps like OfferUp. According to Statista, only about 6% of stolen electronic goods in 2017 were recovered, mainly because law enforcement rarely has any clues as to where stolen property is located.
One of the most important takeaways we can offer here is that companies need to develop policies regarding these types of threats. We see endpoints being stolen all the time, but it appears many companies don’t have enough of a policy to enforce any disciplinary actions.
Every company should have some sort of best practices guide for physical device security.
If your organization is in the healthcare industry, a stolen laptop could mean disaster, with the loss of the physical device representing the least of your worries. The loss of data and the potential leaking of personally identifiable information is the critical concern. For some, it’s not a data problem; it’s an access problem. If your organization is in education, there’s very little if any sensitive information on the laptop. But if ten laptops get stolen, ten kids won’t be able to study.
There’s a balance between meeting the need and protecting the property.
What’s Easier to Enforce?
It’s critical to compare the threat of unintentional loss of data (from phishing or not using a VPN) to the physical loss of endpoints. From my perspective, I understand the risks involved when you log on to public Wi-Fi and those types of corporate directives designed to prevent someone from hacking your connections, but those aren’t the typical stories we hear. More commonly it is someone that has logged into a Starbucks network, then they go to the bathroom for two minutes and when they return, their laptop is gone. That happens every day. We can talk about all the man-in-the-middle attacks – and it happens – but it isn’t as frequent as the physical threat to our endpoints.
It’s easier and more effective to teach someone not to leave their laptop unattended than to about Wi-Fi spoofing. More employees can relate to “don’t leave laptops where someone can grab it.”
Read: Have You Defined Your Insider Threats?
Endpoint Security Best Practices Guide To Prevent Insider Threats
Finally, here are five quick tips for companies to follow that, if enforced, should go a long way in preventing this type of insider threat.
A quick reminder about what constitutes an endpoint: an endpoint is essentially any remote device that sends and receives communications with the network to which it’s connected. Endpoints can include:

Desktops/Workstations
Laptops
Smartphones
POS Systems
Tablets
Servers

Five Quick Tips to Mitigate Insider Threats

Many endpoints are stolen in broad daylight when they’re temporarily left unattended in a public place, even if only for a minute or two. When in public, personal belongings should be kept in sight and never left unattended. Equally important, organizations should have a policy addressing the need to protect company property like endpoints and should inform employees of the potential repercussions if the policy is negligently violated.
Endpoints should not be left in an unoccupied vehicle. If this isn’t possible, it should be placed in the trunk or covered up completely so it can’t be seen through the car windows.
Office creepers rely on the fact that most people are non-confrontational, so they will look for opportunities to access secure places and systems. An organization should have a sign-in system for visitors, and shouldn’t let unaccompanied visitors into the work area.
Access to secure areas should be restricted to authorized individuals. Make sure secure doors close and latch behind you and that nobody is trailing you. If a secure door is propped open or damaged—or if you see someone or something else out of the ordinary—alert your security team immediately.
Endpoints should not be left unattended in an unlocked meeting or conference room.  Additionally, endpoints should be locked in a desk drawer or cabinet during off-hours. Thefts have been known to be committed by cleaning crews, maintenance staff, and temporary workers.

No matter what cybersecurity incident occurs in your organization, reacting in panic can create more harm, exposing your organization to further liabilities. You need a tested cyber threat response plan at-the-ready to jump into action immediately and neutralize the threat — before it takes control.
SANS Institute and Absolute have teamed up to assemble the key components you need to include when building your plan.
Watch our webinar Cyber Threat Checklist: Are You Prepared to find out the must-have items to include in a cyber-threat checklist to prevent future incidents.

Is Your Organization Underestimating Its Endpoint Risk?

For decades, IT professionals have been fighting the good fight against malware, hackers, negligent or malicious insiders, and other threats. We focus on securing the network as if it’s a tangible thing we can put in bubble wrap and lock inside a vault. If only it were that straightforward!
The reality is that the network is now fluid — stretching inside and outside the walls of the organization — and accessed easily by mobile endpoints. We’ve invested heavily in security to protect the endpoint from attack but experts have noticed a worrying correlation between greater endpoint security spending and increased endpoint complexity and risk.
The endpoint is now the largest attack vector
With endpoints accessing and storing data from literally anywhere in the world, the endpoint has become the largest surface area for attack. And cybercriminals know this — according to Ponemon Institute, the frequency of attacks on endpoints is increasing. Last year, two-thirds of companies were compromised by attacks that originated on their endpoints.
We presume that the humble endpoint is protected because we spend millions of dollars per year on encryption, AV/AM, client-patch management, and other endpoint protection tools. This presumption could cost us. As of 2018, the average cost of a data breach involving the endpoint sits at a cool $7.1 million. Could your organization survive an attack of this magnitude?
The full picture of endpoint vulnerability
The security solutions that we rely on to protect our devices — and the data that lives on them — fail often. According to a new report by Absolute that studied six million devices over 12 months, our endpoints are not as secure as we’d like to think:

No devices survived a full year without an encryption failure
28 percent of endpoints are unprotected at any given time
19 percent of endpoints require at least one repair within 30 days

Let those numbers sink in.
All of your devices will experience an encryption failure in the next year. At a time when zero-day attacks are four times more likely to compromise organizations, one third of your devices may be unprotected and one fifth may need patching. According to Ponemon, the average time to patch is 102 days. So for 102 days, your endpoints could be exposed to zero-day attacks.
Are those scenarios acceptable to your CISO and CEO?
Make existing endpoint security more resilient
It’s clear that we need a better way to reduce vulnerabilities and take back control of the endpoint. We must address the root of endpoint security failure by ensuring that existing security controls remain in place and functioning correctly at all times. But how?
Persistence technology can help. Persistence technology is embedded in the firmware of over 70 percent of the world’s endpoint devices. It enables Absolute to have the only cloud-based platform that maintains a constant, persistent connection to devices, regardless of user behavior or device performance. The always-on connection enables you to keep a close eye on existing security controls to ensure they’re always performing at an optimal level. In this way, you can unlock value from solutions you’re already paying for and avoid unnecessary spend on yet more endpoint security.
Your staff can do their best work safely, from anywhere. And you can rest assured that your devices are resilient.
Interested in taking a deeper dive into the current state of endpoint security? Read the full report: 2019 Endpoint Security Trends Report
 

Managing and Securing the Digital Classroom

The use of technology in classrooms has revolutionized the learning environment for both teachers and students. It democratizes education by allowing a greater number of resources to be available to a wider range of students. Textbooks are being replaced by digital devices and virtual classrooms, expanding the idea of the ‘classroom’ and enabling teachers to shift the education model to help students develop the skills needed for the digital future.
While there has never been a doubt that technology is beneficial to learning, there was less certainty about how to manage and secure the devices used by students. Heightening the situation, school districts usually operate with lean IT teams and limited budgets, leaving two big challenges to be solved:
1) how can schools rationalize and maximize technology budgets; and,
2) how can they ensure their technology is safe for students, educators, and staff?
Growing Budget and Keeping It
Finding the funds for technology in an already overburdened budget isn’t easy. Most school administrators know the key to securing funding is found in the results or strong learning outcomes. If students learn more, faster and with greater efficiency, digital classrooms are a no-brainer. The hurdle, however, is translating exactly how technology supports improved student learning and then communicating that fact with credibility.
In education, as is the case in every other industry today, data is required to make a strong business case for increased resources. Detailed student technology analytics is a key component to understanding device use and correlating that use to improved academic performance. Data provides you with the foundation for solid decision-making as well as a way to justify ROI and secure further budget. School boards and other stakeholders want to invest in technology for learning, but schools must prove that they are good stewards of that investment in order for it to continue.
Protecting At-Risk Devices and Data
With new technology comes added risk, including major data privacy concerns. Cybersecurity is now the number one priority for K-12 IT teams according to the latest K-12 leadership survey by COSN. In fact, there have been 479 cybersecurity incidents during the last two to three years, and schools with known one-to-one programs are often targeted by thieves. Kids themselves are also increasingly the victims of theft as they walk to and from school, or even within the school grounds.
In addition, students regularly lose or misplace devices which can lead to exposed sensitive information and/or unauthorized access to the school network. The theft or loss of a device has many repercussions. A stolen student device, school-owned or BYOD, greatly impact that student’s learning ability, as device replacement through insurance can take up to eight weeks.
Within K-12 specifically, the need to ensure that the content accessed by students is also sanctioned. If not adequately protected, the information contained on or accessed through these devices could pose threats that lead to data breaches and fines by the ICO.
Safe, Smart, Secure Schools
In order to sustain digital classrooms, technology must be managed and secured regardless of form, factor or operating system. In our highly mobile environment with devices continuously on-the-move and off the school network, persistent visibility and control is no longer a nice-to-have. It’s a must.
Read: Better Device Security in 3 Steps for Education
With one single solution, IT should be able to determine the status of each device, manage typical IT maintenance requirements, and take immediate security actions when required. This streamlined, automated management option not only provides important security but also improved operational efficiencies that can cut down on hundreds of IT hours.
It may seem like a steep curve, but it is possible to support the shift to digital learning while also helping to protect school districts’ investment in technologies. Absolute’s Persistence technology is embedded in the core of devices at the factory, providing a reliable two-way connection so that education organizations can confidently manage mobility, investigate potential threats, and maintain the safety of students who use these devices. Student Technology Analytics allows schools to prove the positive impact of technology to secure continued investment and ensure no student gets left behind.
It’s an exciting time to be an educator. Learn more about how Absolute is uniquely positioned to help manage and secure your Edtech investment in the IDC commissioned report, Student Technology Analytics: How K-12 Leaders Make the Case for Better Technology in the Classroom.

3 High-Maintenance Endpoint Agents

Without the proper intelligence and control, high-maintenance endpoint security agents fail us more often than we know.
Not all endpoint agents are created equal. With some, you can take a set-it-and-forget-it approach. With others, like endpoint security, you need a more thoughtful maintenance strategy to ensure your devices are protected and not creating data security risks for your organization.
Recent research has demonstrated that fundamental endpoint security tools — encryption, client management tools, antivirus, antimalware, and so on — are more high-maintenance than they appear. Without the proper controls and maintenance in place, these agents degrade over time — and fail us often.
High-Maintenance Endpoint Agents

42% of a device population has encryption failure at any point given time.
20% of devices require at least one client/patch management repair monthly.
28% of devices have missing or outdated AV/AM tools.

Source: 2019 Endpoint Security Trends Report
Endpoint security agents require continuous monitoring
Absolute’s 2019 Endpoint Security Trends Report documents how three of our most conventional and widely-trusted security tools — encryption, client management tools (CMT), and anti-virus/anti-malware (AV/AM) are also the most high-maintenance agents on the endpoint. The research studied more than six million devices over a one-year period and examined one billion change events to see how security solutions performed.
Here’s what we discovered:
1. Encryption gives us a false sense of security
Encryption is often considered to be the most important security solution on the endpoint. We put so much trust in it to protect intellectual property, protected health information, and other sensitive data stored on the endpoint.
Absolute’s study found that encryption tools are regularly broken, disabled, misconfigured, or missing entirely from the endpoint. At any given point in time, over 42 percent of endpoints had an encryption failure and 100 percent of devices experienced encryption failure within one year.
Encryption recovery times are equally as concerning — the average window of vulnerability for unencrypted devices was 12 days, but 30 percent of devices remained unencrypted for more than two months.
The bottom line is that while encryption is important and necessary, it is also a high-maintenance agent that requires persistent controls and continuous monitoring to ensure it is operating effectively at all times. It only takes one failure on the wrong endpoint at the wrong time to cause a data breach.
2. Client and patch management tools are as vulnerable as the clients and agents they patch
The 20 most common client applications published over 5,000 vulnerabilities in 2018. If a device had just half of these applications, it would experience up to 55 vulnerabilities. Thankfully client and patch management tools exist to ensure vulnerabilities are addressed as they arise, right? Wrong. Like encryption, client management and patching tools such as Tanium, Ivanti, SCCM, and AirWatch also break reliably and predictably.
In fact, almost 20 percent of endpoints required at least one client/patch management repair monthly. Of those patching agents requiring repair, 75 percent reported at least two repair events and fifty percent reported three or more repair events.
Client patch management agents are even more high-maintenance than encryption, failing at double the rate encryption agents do.
3. Anti-virus/anti-malware are complex and leave almost one third of devices unprotected at any time
Anti-virus/anti-malware is a must-have security solution on any endpoint. Absolute’s research revealed that, at any point in time, 21 percent of AV/AM tools are outdated and 7 percent are missing altogether. In other words, 28 percent of all endpoints are unprotected on any given day.
The research also found that, on average, there is 1.2 AV/AM agents present on any device. This increases the risk of these agents colliding with or overriding one another. These unsafe interactions among components create dangerous blind spots which make endpoint infrastructures increasingly vulnerable over time.
Enhanced endpoint intelligence leads to more resilient devices
The high-maintenance nature of our most important endpoint security agents is concerning, especially since in the last 12 months, two-thirds of companies have been compromised by attacks that originated on their endpoints.
If basic visibility, control, and resilience measures are not in place, investment in encryption, CMT, AV/AM, or any other security solution is a waste of time and money. Absolute estimated that as much as 40% of all endpoint security spend is squandered on agents that fail often.
Organizations must address the root of this failure by ensuring that existing security controls remain in place and functioning correctly at all times. That’s where Absolute can help. Absolute’s technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. Because it’s the only embedded security solution, it is the only cloud-based platform that maintains a constant, persistent connection to devices, regardless of user behavior or device performance.
This always-on connection ensures high-maintenance endpoint agents always performing as they should.
Interested in taking a deeper dive into the current state of endpoint security? Read the full report: 2019 Endpoint Security Trends Report.
 

Most Devastating Cyber-Attacks at the Endpoint

Two years ago this month, WannaCry shut down computers across the globe in a matter of hours. Hackers ransomed hundreds of thousands of machines across 150 countries and demanded cryptocurrency to unlock them. On the anniversary of one of the world’s most devastating cyber-attacks, there are big lessons to be learned from the whirlwind that was WannaCry and other damaging global cyber threats.
WannaCry Then and Now
WannaCry was one of several highly classified hacking tools developed by and then stolen from the National Security Agency (NSA) in 2017. Hackers published the ransomware online for anyone to use. Microsoft, already aware of the theft, pushed out a patch that would protect systems from WannaCry; however, those slow to make the fix had to be reminded – the hard way – of the importance of timely patching.
WannaCry was unique in several ways but perhaps most notably, the wild-fire speed at which it spread. In a few hours, WannaCry created billions of dollars in damage. No industry was immune – hospitals, governments, private companies and others were all hit. Even now, two years later, WannaCry variants continue to be a threat despite the availability of patches. New reports say Eastern countries, namely India, have the highest detection rates.
Nearly as old as common-use of the Internet, ransomware is said to have started in 1989 when the World Health Organization fell victim to the AIDS Trojan. The hacker demanded users cough up $189 to regain access. Beyond ransomware, cyber criminals also have countless other exploit possibilities to secure financial gain.
Attack Types on the Rise
A new report from Booz Allen predicts organizations will face growing cyber-attacks across eight categories in 2019:

Government-run information warfare campaigns
IoT device hacks
‘Chip and Pin’ weaknesses
Weaponization of adware networks
Use of AI in information warfare
Expansion of wireless attack surface
State-sponsored threat actors
Water utility targeting

While all scary predictions, these are layered on top of the now-standard attack types every organization faces almost daily: phishing tactics, denial of service attacks, web-based malware and many others.
For more information on top cyber threats, we’ve highlighted a few of our favorites in our next episode of Cybersecurity Insights, including: MafiaBoy’s Denial of Service, Conficker, Jonathan James and the US Department of Defense, Shamoon and the Melissa virus. Watch the video below for more our top 5 cyber-attacks and how to prevent them. While you’re at it, subscribe to our full Cybersecurity Insights video series on YouTube.

Video transcript:
Today, let’s take a look at some recently successful cyber attacks. Some of these no one saw coming.
To be sure, attacks can be successful or extinguished from the very start. But the iron-clad rule of cyberattacks is that they come in many forms, from all directions, and from incredibly different sources.
Let’s count down some of the interesting ones…
Number 5: Mafiaboy’s Denial of Service.
Michael Kals, aka Mafiaboy, then 15 years old, claimed that he had unknowingly input several widely known IP addresses into a security tool that he had downloaded from the web. Being a teenager, Kals went off to school and returned home to find his exploits were plastered all over the news.
Denial of service attacks, like Mafiaboy, flood a site with traffic, disabling its ability to serve legitimate users. Yahoo, which, at the time, was the world’s most used search engine, collapsed. Buy.com, eBay, CNN, and Amazon were all brought down for several hours, costing billions in the aftermath.
Number 4: Conficker
In 2008, the worm exploited a number of Windows operating systems. It, then, linked computers together into a massive botnet (which was a new idea at the time).
Conficker had several spoils of victory, including the creation of a whole class of threats and leaving many world leaders with no choice but to call in favors from other nations to mitigate the attack.
Number 3: Jonathan James (1999)
James breaches the US Department of Defense in 1999, stealing passwords, confidential messages, and software designed for space exploration and the US military.
In the 1960s John F. Kennedy had famously urged the US to “Go to the moon…not because it is easy, but because it is hard”. Mission accomplished.
But 30 years later, NASA had to shut down its entire network for three weeks, costing millions in response to James’s brute force attack.
Number 2: Sony Pictures
The Guardians of Peace (GOP) fessed up to the crime by releasing a trove of sensitive data, including: personal information, messages and correspondence, executive salaries, and even snatching several of Sony’s films.
The group used a modified Shamoon malware with a mechanism to wipe hard drives. Unlike the typical goal of stealing data, this malware hurts victims by completely eliminating valuable information.
And Number 1:  Melissa
David Smith is (perhaps) the discoverer of phishing attacks.
Taking to an America Online chat group, Smith posted a document claiming to have credentials to several websites, but whose true content was the Melissa virus.
Melissa, then went viral: spawning itself across global email servers.
Several tech-savvy companies (Microsoft, Intel, Lockheed Martin) were forced to shut down their email services, after Melissa caused over $80 million in damages.
Attacks are inevitable. Successful attacks are not. But when we lock our focus on cyber RESILIENCE, we can withstand the unending parade of attacks.
By PERSISTING our security posture and maintaining line-of-sight, the attack surface is compressed and becomes an inhospitable place
for attackers to win.
What are your top 5? Drop them in the comments section below. I can’t wait to see who’s on your list.
 

GDPR Fines Are Coming: Are You Ready?

When GDPR came into force on May 25, 2018 and with it the prospect of hefty fines for organizations who fail to protect the personal information of EU citizens, many thought we would see a flurry of high-priced penalties. While we have seen a deluge of data breach notifications being filed with the Information Commissioner’s Office (ICO) — nearly 65,000 so far according to a new EU data protection board report — we haven’t witnessed the barrage of high-profile violations many people predicted. At least not yet.
Google is the one exception. As has been highly reported, French data protection authority CNIL issued Google a €50m fine for violating GDPR transparency rules and failing to have a legal basis for processing user data for advertising. Google is appealing the case. There have been other fines handed down too, but none come close to bearing the Google price tag.
One Year Later
One year into GDPR enforcement, regulators are busy investigating the thousands of breach notifications – and staffing up to meet the now-immense workload. The ICO has doubled their staff; Nordic regulators have increased their funding for growing legal case work, to name but two examples. We can expect that once the legal and investigative teams have completed their work, enforcement will begin and with that, high prices for non-compliance.
While regulators scramble to investigate the thousands of data breaches already in their pipeline (with more coming in every day) and teams of attorneys navigate new waters within the legal system, what can you do to ensure your organization won’t be making the wrong kind of headlines in 2019 and beyond?
Read: How Ready Are You For GDPR Enforcement?
Make Data Privacy an Organizational Priority
To be most effective, GDPR compliance must be an organization-wide effort. Here are five tips for integrating data privacy principles across all levels of your organization:

Involve leadership and communicate clearly. Because data privacy must start at the top, let senior leadership or the Board of Directors know where the organization is regarding risks and mitigation action plans. Accountability for completion of planned actions should be communicated and enforced.
Train employees. Clear and concise information on the importance of data privacy should be continuously made throughout the organization. Training on GDPR (or any other data privacy regulation) should be required for any employee who may access, process, transmit, or store personal information. Open dialogue with employees should be enabled to provide mechanisms for employees to share when privacy violations occur, or when policies, processes, or controls need improvement.
Set guidelines for your partners. Open dialogue and communication between partners who process data on your behalf if your organization is a controller or if your organization is processing on behalf of a controller should be a priority.
Test and audit. Testing and validation of data privacy processes and controls should be an ongoing initiative. Leverage internal audits to perform independent testing of processes and controls.
Conduct incident response practice exercises. Control owners should perform table-top exercises to ensure that everyone is familiar with incident response procedures.

Because you can’t secure what you can’t see, another important step is to maintain uncompromised visibility and control over all of your endpoints, whether they are on or off your corporate network. Be sure to benchmark your security controls against compliance standards and stay audit-ready.
For more on how to lay out a path for harmonious ways to work within the law while also advancing technology, listen to our panel discussion with both legal and IT experts, IT on Trial – Guilty Until Proven Innocent?
 

Loading

Categories