Category: Endpoint Security

Quantifying K-12 Device Use with Absolute

by Surita Bains | Jul 12, 2019 | Data Visibility & Protection, Education, Endpoint Security, Industries

K-12 schools across the country rely on technology to further individualized learning but quantifying the efficacy of this effort and maintaining the fleet of devices that one-to-one computing requires comes with unique challenges. With funding opportunities on the decline, schools are increasingly challenged to prove that technology has had a meaningful impact on student outcomes.
Loudoun County Public Schools (LCPS) is the third largest school division in the Commonwealth of Virginia with more than 78,000 students in 89 facilities. In order to support their personalized learning initiative, the district invested heavily in a one-to-one program for students and staff, adding thousands of devices for use in-classroom, at home, or by teachers who travel.
The Challenge: Demonstrate Device Use and Keep Them Secure
In order to secure the budget for the purchase of tens of thousands of devices, Dr. Rich Contartesi, CIO for LCPS, was tasked with demonstrating device utilization rates, no matter if the device was on or off the school network, to drive consensus that teachers did need a laptop and that students were benefiting from using laptops in the classroom. The Board also needed assurances that security of sensitive data and device theft recovery were prioritized to safeguard the investment in these devices.
Read: Student Technology Analytics Key to K-12 Digital Learning
The Results: Increased Device Utility and Minimized Risk
Using Absolute, LCPS was able to provide quantitative information on device utilization rates right away. With security in mind, LCPS chose to purchase Dell laptops, which are protected from the factory with Absolute Persistence. Out of the box, these devices are able to withstand tampering and may be tracked no matter where they travel. With Absolute, the LCPS IT team now receives automated alerts on anomalies, so they can focus on reviewing potential security issues and taking action to ensure endpoint protection and data privacy.
“We were able to provide the board with quantitative information about device utilization that derives consensus so the budget could be approved. Also, peace of mind with security, privacy and theft recovery,” Contartesi said.
With Absolute, LCPS now has peace of mind of endpoint security, device theft recovery and data privacy. They have minimized their risk and increased the value and utility of their devices.
Learn more about how Absolute enables personalized learning at Loudoun County Public Schools by minimizing risk and increasing device utility.

The Rise of the Mobile Workforce Presents Data Security Challenges

by Dean Fogarty | Jun 27, 2019 | Endpoint Security

Today’s workforce has undergone a significant transformation. As organizations adopt more flexible work policies to accommodate shifting demographics, we are not far away from a workplace in which the majority of employees are considered “contingent.” According to a recent Intuit report, 40% of the workforce will be “contingent”—self-employed, contractors and temps — by 2020.
More importantly, however, the mobile workforce of today probably includes your typical employee. In fact, over half of the U.S. population can be considered a remote worker. This number is only expected to increase each year.
Mobile Users Are Everywhere
For most organizations, the definition of a mobile user has expanded dramatically and can almost be anybody in the company. Some may work from home only one day per month, or even if you have a laptop — guess what? You’re a mobile user. If you’re on vacation and bringing a company device along, you’re a mobile user. Think about your organization and try to find an employee who doesn’t meet this current definition. Unless you’re a financial institution that doesn’t allow employees to have a laptop, almost all of your employees can probably be considered a mobile user.
With the rise in both the BYOD-friendly mobile policies and a contingent workforce, there’s a significant strain on data security. For most companies, mobile users present the most significant risk.
Generally speaking, most data breaches can be tied to people, especially those with the least amount of training and oversight.
Read: The Insider Threat Is Real
It’s Only Overwhelming If Not Managed
Not only that, but as we add so many security controls in our organizations that it’s easy to get sloppy. It seems like year after year, there’s more for IT departments to manage and it can be overwhelming. You need to put in practices to filter out the exceptions and determine what’s bubbling up to the top, particularly with the remote workers.
Before we address how mobile workforce risk can be mitigated, there’s one risk that is often overlooked, which not only pertains to the mobile workforce but also in-office employees. It surrounds employee terminations — whether they give notice on their own or are terminated.
Your staff may have access to one or more mobile devices, and as soon as the employee is terminated, you should consider freezing the device so it can’t be used before it’s returned. Even if it gets lost in the mail or the employee refuses to return it for some reason, the device would be unusable and any data on it would be protected.
Read: Avoiding Endpoint Bloat
When it comes to working with mobile users, freelancers, contractors or business partners of any kind, organizations should:

Assess Risk: Conduct, and respond to, regular risk assessments that look both at how data is stored and how data is accessed.
Harden access: Ensure access to internal systems requires strong authentication and apply strict limits on information available to the outsider. Experts recommend two-factor authentication techniques, such as a combination of a token and a password, for external access.
Isolate access: Cordon off externally-accessed systems and networks from the rest of the internal network using internal firewalls (similar to a network DMZ used to isolate sacrificial servers). Log and review traffic that traverses the internal firewalls to the externally-accessed systems.
Log and audit: Maintain and review logs of external access. Unexpected access may turn out to be a false alarm, but check and verify.
Regularly review: Business partners, freelancers and contractors come and go; and their IT needs may change over time. Restrict or revoke access as necessary.
Use Mobile Device Management (MDM) software whenever possible to manage endpoints.
Test security patches as extensively as possible without disrupting corporate workflow. When Patch Tuesday comes, you should test for a week, and once you’re comfortable in a testing environment you can push the patches to the rest of the organization.
Remind your employees not to leave laptops in their car or unattended.
Lock your screen even at home, as your kids or a visitor can get access.
Use a secured VPN connection to your network whenever possible.
Embrace cybersecurity training! A cybersecurity-aware staff may be the best defense against potential attacks and threats. Have fun with this, and include a corporate rule that anyone leaving their screen unattended has to buy donuts for the team.
Don’t bring corporate devices to unfriendly foreign countries.

Ultimately, every organization must be prepared for a breach with a data breach response plan and a trained team to handle the incident. This can help both mitigate the breach and its fallout.
We understand that managing a mobile workforce can be overwhelming. But we’ve got you covered if you want to gain a better grasp of the cybersecurity basics around threats, risk and protection. Review our comprehensive cybersecurity 101 guide.

How Businesses Can Protect Devices from Cyber Attacks

by Absolute | Jun 26, 2019 | Data Visibility & Protection, Endpoint Security

Christy Wyatt, CEO of Absolute Software, spoke on Yahoo Finance’s web show, The Final Round, on June 19, 2019 to provide her expert opinion on endpoint security, the IPO market, what it’s going to take to out-innovate bad actors, and how to protect your data.
“Security is a journey. It’s not like there’s a checklist: you do ten things and it’s covered,” Wyatt informed viewers. “While we’re spending more and more on security, $124B this year as an industry, and a lot is going on these devices, it’s the fact that we have so many security controls that are creating a vulnerability that conflict with one another and decay over time.”
To learn more about the inevitable degradation of endpoint security controls, download the “2019 Endpoint Security Trends Report – New data security threats revealed from global study of six million devices.”

The Question that Sparked the 2019 Endpoint Security Trends Report

by Josh Mayfield | Jun 21, 2019 | Endpoint Security

At the beginning of 2018, the security research team at Absolute began to examine a widely overlooked conundrum facing IT and security professionals around the world:
Spending on security products, in particular, endpoint security products, was expanding. However, IT and security teams reported little confidence in their ability to protect the enterprise.
And they had a point: despite the spending frenzy, endpoints are still the source of more frequent and more severe breaches.
It didn’t make sense. While the global spend on IT security is predicted to total a whopping $128 billion by 2020, our perception of security-resilience is in decline. And for good reason — over two-thirds of companies are still being compromised by attacks that originate on the endpoint.
We asked ourselves, “Why is the investment not paying off?” Indeed, Forrester and Gartner have been warning about the dangers of equating IT security spending with security and risk maturity for several years. Yet despite these warnings, IT and security buyers continue to throw money at the problem.
But, if the spending playbook would have worked, then the spending playbook would have work. It doesn’t, it never has. So, Absolute’s research team went on a mission to find the answer to a burning question:
What is happening on the endpoint that’s causing our expensive endpoint security solutions to fail us?
Our research team had access to anonymized data from over one billion control events on over six million devices from 12,000 organizations across North America and Europe. So we embarked on a year-long journey to answer this question that then went on to spark the 2019 Endpoint Security Trends Report that shook up the cybersecurity world.
The Endpoint Resilience Index
Our researchers built and applied an Endpoint Resilience Index to the data sample to establish a baseline. We then monitored the results over a 12-month period to see how security solutions performed during that timeframe.
The Endpoint Resilience Index applies the method used by the World Economic Forum’s Environmental Performance Index to track the overall direction of key variables of quality.
To provide further context to the quantitative data, we commissioned a third-party research organization to conduct in-depth, exploratory interviews with senior executives from Fortune 500 organizations. This year-long analysis led to three main discoveries:

40 percent of endpoint security spend is voided on solutions that don’t work (due to missing and broken agents or disabled controls)
The effectiveness of endpoint security agents decays over time — reliably and predictably
Security gaps created by control decay is IT leadership’s most severe vulnerability

If Endpoint Security Worked, then Endpoint Security Would Work
The biggest, scariest, most eye-watering discovery from the analysis was that the security solutions that we rely on to protect our devices — and the data that lives on them — fail often. It’s no wonder we don’t trust them.

100% of devices that experienced an encryption failure in one year
19% Failed agents requiring at least one repair every 30 days
28% Endpoints unprotected at any given time

Source: 2019 Endpoint Security Trends Report
No devices lasted a year without an encryption failure, one-third of the sample had no functioning endpoint protection at any given time, and one-fifth of them required at least one repair within 30 days. Not very comforting, right?
In our estimation, the biggest contributing factor to the frequent failure rate is endpoint complexity.
Endpoint Complexity Exacerbates the Issue
Our findings demonstrated that when it comes to endpoint security, less is more. We found that devices can have 10 or more endpoint security agents installed. Nine of those agents come from the same five technology categories: encryption, unified endpoint management (UEM), endpoint detection and response (EDR), endpoint protection platform (EPP/AV/AM), and virtual private network (VPN).
This means that multiple technologies exist on any given endpoint to perform the same task. The likelihood that these agents will conflict and collide with one another is high. This creates a poor user experience and — more importantly — creates blind spots for security teams and disrupts key security controls.

“We should be testing this stuff before we put it out there. If we have 10 to 12 agents per device, we need to understand how they’re interacting with one another before they’re released into the wild. How do we know we’re not completely poisoning the well? Because that is an expensive well to unpoison.”
Renee Murphy
Principal Analyst for Security and Risk Professionals, Forrester
Source: The State of the Endpoint in 2019 Webinar

Re-establishing Confidence in Endpoint Security
Despite having a huge range of tools and technologies at our disposal — all endorsed by analyst quadrants, waves, and grids — we are failing to move the needle on endpoint security must be immense. The frustration is immense.
Endpoint security tools should not be allowed to take a day off and abandon their posts when they’re needed most. And if they do, IT and security professionals should at least know about it. We need to know when the tools we depend on are not dependable.
Thankfully, there’s one security watchdog that never sleeps — and it can ensure your other tools stay alert also. Absolute’s Persistence® technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. This persistent connection enables IT and security professionals to keep a close eye on existing agents and controls to ensure they’re always performing as they should. And then automatically self-heal when they break. It can even be extended to other endpoint security tools to ensure they self-heal if they’re missing or broken. So you can maximize the value of your existing investments.
Conclusion
Just over 18 months ago, our security research team took the initiative to face IT’s biggest quandary head on and address our most burning question: What is happening on the endpoint that’s causing our expensive endpoint security solutions to fail us?
Instead of accepting the conundrum and moving on, our tenacious team dug deep to shine a light on what’s happening on the endpoint.
The results speak for themselves. It’s now clear why IT and security professionals are still losing sleep about endpoint security — and spending more money in an attempt to quell their fears. Now that we better understand the problem, we’re in a position to address it. Talk to Absolute to see how you can gain greater persistence, intelligence, and resilience on your endpoints.
Download the Full Report
If you’re interested in taking a deeper dive into the state of endpoint security, you can read the full report: 2019 Endpoint Security Trends Report.

Absolute Named Top 10 Cybersecurity Company to Watch in 2019

by Absolute | Jun 18, 2019 | Data Visibility & Protection, Endpoint Security

Absolute was recognized this week by Forbes magazine in the Top 10 Cybersecurity Companies to Watch by Louis Columbus. As the cybersecurity industry continues to experience unprecedented growth, endpoint resilience, visibility and control is more important than ever. Here’s an excerpt:
“Enterprises rely on Absolute to cut through the complexity to identify failures, model control options and refocus security intent. Rather than perpetuating organizations’ false sense of security, Absolute enables uncompromised endpoint persistence, builds resilience and delivers the intelligence needed to ensure security agents, applications, and controls continue functioning and deliver value as intended. Absolute has proven very effective in validating safeguards, fortifying endpoints, and stopping data security compliance failures.” – Forbes Magazine

In short, security agents fail reliably and predictability. Without visibility into the army of security agents you have running – you simply don’t know what’s working and what isn’t.
A Growing Need
As mega breaches continue to dominate headlines and the number of qualified personnel lags behind explosive job growth, Gartner predicts worldwide IT security spending will exceed $124 billion this year. This is more than double the $60 billion price tag reached just three years ago. The need for innovative responses to combat the barrage of cyber threats is reaching emergency levels, especially as data security regulations evolve and clean-up costs climb. One research firm estimates the global cost of cybercrime will reach $6 trillion annually by 2021.
Chief security officers are scrambling to build solid defenses while also championing the critical need for better data security across their organizations. Likewise, security vendors are building solutions that stop attackers in their tracks, particularly at the endpoint where 70% of breaches begin. But because cyber criminals are notoriously tenacious and there’s always more than one way in, organizations are forced to layer on multiple security tools to protect their data including encryption, anti-virus, anti-malware, patch management and others. While this approach certainly isn’t wrong, there are gaping holes in that theory too.
False Sense of Security
Complexity at the endpoint causes significant problems and often provides organizations with a false sense of security, not to mention negative ROI on the security dollars they worked so hard to secure. Too many agents — 10 on average according to our 2019 Endpoint Security Trends study of more than 6 million devices — will cause failure regularly and predictably. They are extremely fragile, degrade quickly, and create unnecessary friction for users so it’s inevitable that these agents will collide, be disabled by users, or go unpatched. These blind spots hinder the visibility of IT and security leaders and leave endpoints — and the organizations to which they belong — increasingly vulnerable over time.
Get our 2019 Endpoint Security Trends Report for more on how endpoint security agents fail.
Before layering on more tools, it’s important to first validate what you have and how well they are working. Without this critically important first step, a security team’s best efforts (and your budget) are likely wasted. The Motley Fool recently published an article on the importance of cybersecurity and, noting the rising costs of damages and a persistent need for security, the opportunities for Absolute are sizable. We couldn’t agree more.

Reducing Data Security Complexity: Avoiding Endpoint Bloat

by Josh Mayfield | Jun 11, 2019 | Data Visibility & Protection, Endpoint Security

According to Gartner, worldwide IT spending is projected to total $3.76 trillion in 2019, an increase of 3.2 percent from 2018. Today, 24 percent of the overall spend is allocated to endpoint security tools.
But there’s a dangerous downside to this investment: when tools collide, when they battle for resources, all fail. This reality renders systems and assets unprotected and vulnerable. Meanwhile, the organization is left with a false sense of security.
Complexity is the single largest contributing factor to the rising security failure rate. For starters, devices can have 10 or more endpoint security agents, and still, 70 percent of breaches originate on the endpoint and 100 percent of devices will experience an encryption failure within a year.
Recent research, which analyzed more than six million enterprise devices over a one-year period to uncover what causes security tools and agents to fail, found that nine out of 10 agents installed are from the same five technology categories: encryption, unified endpoint management (UEM), endpoint detection and response (EDR), endpoint protection platform (EPP/AV/AM), and virtual private network (VPN).
Ultimately, this means that multiple technologies exist on any given endpoint to perform the same task and the likelihood that these agents will conflict and collide with one another is high. But why? The answer lies in the fact that every control, app, and agent is tapping into hardware and software resources — a zero-sum game in which some feast while others starve.
Endpoint complexity also puts a strain on resources. A report by Ponemon found that 50 percent of companies require more than 35 full-time employees to manage their endpoints. The same report found that 425 hours are wasted weekly on false security alerts, likely due to conflicting endpoint agents sending convoluted signals back to SIEM solutions.
Fortifying the Endpoint
Today, endpoints are fragile, degrade quickly, and create unnecessary friction amongst each other. But investing more money on more security tools does not protect enterprises from threats. It triggers risk. Here are three tips to fortify the endpoint:

Reduce Complexity: Rather than spending more, IT and security teams should strive to reduce complexity on the endpoint and focus on ensuring that existing security tools are fortified, more resilient, and less inclined to fail. Measuring IT complexity entails identifying redundancy that is self-imposed by overloaded endpoints. Begin with these questions: Where is there agent creep, driver creep or app creep within your endpoints? What are all the OS types, device types, and client types within your organization? What is the lifecycle process?

Maintain Visibility:Once the complexity problem is reeled in, it is critical to achieve ongoing and true visibility across all device activity within and outside of your network.

Get Encryption Right: Encryption is the staple security tool most often taken for granted. While it can certainly provide protection, it is not a “set it and forget it” solution — whether disabled by users or through malfunction, encryption is regularly broken, disabled, misconfigured, or missing entirely. In fact, research shows, at any given point in time, over 42 percent of endpoints experience encryption failures.

Visibility is Key
In order to strengthen endpoint security and avoid endpoint bloat, enterprises need to unlock value from existing investments. Investing more money into exciting new technologies is pointless if basic measures – visibility, control, and resilience – are not operating effectively first. Specifically, IT and security leaders must create an environment which fosters a path to:

Intelligence: Knowing what’s happening across their device fleets

Command: Seamless and automated responses to security decay

Resilience: Regenerated broken/disabled controls, apps, and agents – security immortality

Take a moment to consider your own environment. Do you have an understanding that spans time and space (intelligence histories and universal sight to all devices)? Can you validate exposures are mitigated? Can you withstand the reliable and predictable march of security decay?
These are the questions our newly minted environments are ready to answer: Yes, I know the inner workings of each device and can model moves throughout the population. Yes, I can seize command, never lose my grip, and instantly reclaim security slides and yes, my security agents are now immortal, because I have taken steps to halt endpoint entropy with the unflinching power of persistence.
Whether agents, particularly security control agents, persist over time is the only metric worth our attention, because it puts a spotlight on the greatest hidden danger of all: the naturalness of security decay. Things fall apart. Rust never sleeps. Agents topple over.
Decay is the fate of all security agents. But if these serve as the foundation of our security goals or most technical expression of security intent, then what could possibly be more important? It’s also not a question of whether security decay is happening in your environment, you can rest assured it is. What must be asked is, will you persist through it? This question demands an answer.
Ideally, organizations reduce their overall security costs by monitoring how their endpoint controls work (or don’t) to reduce endpoint security decay. They validate safeguards and eliminate compliance failures. And they respond to threats and exposures with the confidence to control devices from anywhere.
As a result, organizations can eliminate spending on ineffectual technology, and reduce the number of agents, while ensuring that endpoints are more secure than ever. Sometimes less really is more.
Originally printed in Information Management
For more information on endpoint security tool degradation, download the 2019 Endpoint Security Trends report.

3 Steps to Strengthen Enterprise Endpoints

by Josh Mayfield | Jun 6, 2019 | Endpoint Security

Cybersecurity threats are becoming more sophisticated — as evidenced by the spike in high-profile data breaches in recent years. Yet, most enterprise organizations feel more secure than they actually are. The three steps outlined below will help you to strengthen your endpoint security and remediate threats before they can cause damage.

Security Basics for One-To-One Computing In Education

by Juanma Rodriguez | May 30, 2019 | Education, Endpoint Security

One-to-one (or 1:1) computing can be a game-changer for K-12 schools, but before embarking on any hardware strategy, it’s critical to understand the big picture of how devices and endpoints should be managed.
First, a brief definition: one-to-one computing refers to a system in which every student has his or her own internet-connected laptop or tablet to use 24/7. In most cases, students use these devices at school and at home to work, communicate, collaborate, and research.
Before committing to a 1:1 program, you’ll want to answer these questions:

Are devices being used? When? How much?
Is it consistent across the district, e.g. different students, classrooms, levels, schools?
What decisions could the district make based on usage information?
Are students allowed to take computers home?
When there’s inclement weather, can you validate students are actually using the devices?

Bountiful Benefits
The advantages for schools that embrace a 1:1 program are numerous. The most prominent is equal access and standardization, leveling the playing field for every student regardless of their learning abilities or demographic background.
When each student has a device, engagement increases and passive learning drastically declines. Even better, lesson or class content can be delivered digitally — which encourages independent study and allows the teacher to devote more class time to students who may require additional assistance.
Collaboration is also enhanced, in which group projects can be tackled during or after class via online collaboration tools.
On the administrative side, the capability for easy device upgrades, simplified networking, and the overall ability to monitor student progress and online behavior are huge selling features.
Getting Real About the Challenges
However, 1:1 is not without its obstacles. The most obvious hurdle being costs — and it goes beyond the direct hardware costs. Schools must factor in the human resource overhead for increased student training and general computer literacy as well.
Professional development and training for the devices and their applications can take up significant time and focus.
One can also argue that too many 1:1 applications stress technology over learning and that these laptops and tablets may detract from learning. Depending on the curriculum or teacher, managing all these devices and applications may become too burdensome.
One of the major consequences of 1:1 programs is managing all of those devices, which can include provisioning devices, deploying applications, keeping them secure, managing returns at the end of the school year, and more.
Adding to the burden is when schools adopt a BYOD policy.
Why 1:1 is better than BYOD
BYOD brings about a myriad of issues that some schools probably want to avoid. Whereas a standardized device policy means the same equipment for every student, BYOD means a growing disparity that further disadvantages low-income families. Next, the rise in the number of devices being carried to and from school can endanger student safety, making them a prime target for thieves. Further, lost or stolen student devices have a major impact on learning, with no school-district management capability to track or recover these devices.
While BYOD is obviously appealing, the main issues in management, equality of learning and security are driving many districts to reconsider and adopt a 1:1 program instead.
When a school can maintain visibility and control of its devices, students are better protected. The school can be alerted of any suspicious activity so they can remotely detect and remediate at-risk devices.
What It Means For Education To Have Embedded Endpoint Security
Finally, to save even more on IT resources, a year-round 1:1 program can work wonders. Think about it: what happens at the end of the year when all your devices must be collected? It places an unnecessary drain on IT resources. With the support of endpoint tools, districts can perform remote device maintenance, keep track of device inventory and automatically enforce compliance with student privacy regulations such as the Children’s Internet Protection Act (CIPA) —preventing students from accessing harmful content or doing something harmful themselves (like hacking).
Beating The Summer Brain Drain
With these tools in place, supporting a year-round 1:1 program is more manageable. What’s more, these programs can be instrumental in supporting student’s education and the inevitable “Summer Brain Drain.” The stats don’t lie: students lose an average of two months of reading skills and 2.6 months of math skills over the summer, and teachers spend up to six weeks of fall class time re-teaching old materials to make up for this loss.
Ultimately, education is no different from other industries in that endpoints (like student tablets and laptops) must be properly managed. Remember, most successful breaches begin at the endpoint (according to an IDC study, the endpoint was the cause of 70 percent of successful breaches).
If these devices are not well-managed, attacks can quickly morph from a brushfire to a widespread blaze. Maintaining visibility and control of your endpoints is crucial.
Learn more about how Absolute is making a difference in one-to-one programs by watching our Santa Margarita Catholic High School’s One-to-one Program video.

Five Quick Tips to Help Companies Mitigate Insider Threats

by Jeff Gambrell | May 28, 2019 | Endpoint Security, Insider Threats

Traditionally, the insider threat was defined as an employee with malicious intent to harm the company by stealing data or property. Sometimes even transcending the IT realm for incidents like workplace violence. But today, the most insidious form of insider threat is from people who are just irresponsible. For example, if a company issued laptop is left in the car that gets broken into, and the laptop gets stolen — that is an insider threat. The good news is that you can teach people to be responsible. In this post we will share the most common mistakes employees make that create risk, plus five quick tips that can help companies mitigate insider threats.
Types of Insider Threats
The term insider threat is broad in scope and can cover many different examples. Here in the Investigations & Recovery Services team at Absolute, we began categorizing the different scenarios in which endpoints can be at risk to be lost or stolen, and what we quickly realized was that almost all of them resulted from some insider threat.
Read: The Evolution of Insider Threats
While most of the headlines proclaim the biggest threats to an organization come from hacking and ransomware (which are undoubtedly non-malicious insider threats when an employee clicks on a link they shouldn’t have), the most likely cause of data loss is not due to malicious cybercriminals, but simple human nature.
Every year, thousands of endpoints are lost or stolen in coffee shops, bars, airports, taxis, parking lots, hotels, conferences, restaurants, subways, offices, schools, buses, and residences. Often, the endpoint is left unattended in one of these places, either intentionally or accidentally, and before the user realizes it and can return to collect their belongings, the endpoint – and the data it contains – is gone.
Physical Endpoint Protection
For this article, we will be focusing primarily on the insider threat to an organization’s physical endpoints.
We hear about employees leaving laptops in their cars all the time. They’ll cover them with a towel or something, or they’ll leave them in a backpack left on the seat.
When they return to the car, they discover that a thief has stolen it.
It’s a common scenario.
Stolen devices can quickly and easily be converted to cash by criminals, who often take it to a pawn shop, computer repair store, or a local individual who is familiar with computer basics, where the hard drive may be replaced. The facilitator may actually purchase the stolen computer from the thief and attempt to resell it to an unsuspecting customer. Stolen computers are routinely purchased by innocent third parties on eBay, Craigslist, and other apps like OfferUp. According to Statista, only about 6% of stolen electronic goods in 2017 were recovered, mainly because law enforcement rarely has any clues as to where stolen property is located.
One of the most important takeaways we can offer here is that companies need to develop policies regarding these types of threats. We see endpoints being stolen all the time, but it appears many companies don’t have enough of a policy to enforce any disciplinary actions.
Every company should have some sort of best practices guide for physical device security.
If your organization is in the healthcare industry, a stolen laptop could mean disaster, with the loss of the physical device representing the least of your worries. The loss of data and the potential leaking of personally identifiable information is the critical concern. For some, it’s not a data problem; it’s an access problem. If your organization is in education, there’s very little if any sensitive information on the laptop. But if ten laptops get stolen, ten kids won’t be able to study.
There’s a balance between meeting the need and protecting the property.
What’s Easier to Enforce?
It’s critical to compare the threat of unintentional loss of data (from phishing or not using a VPN) to the physical loss of endpoints. From my perspective, I understand the risks involved when you log on to public Wi-Fi and those types of corporate directives designed to prevent someone from hacking your connections, but those aren’t the typical stories we hear. More commonly it is someone that has logged into a Starbucks network, then they go to the bathroom for two minutes and when they return, their laptop is gone. That happens every day. We can talk about all the man-in-the-middle attacks – and it happens – but it isn’t as frequent as the physical threat to our endpoints.
It’s easier and more effective to teach someone not to leave their laptop unattended than to about Wi-Fi spoofing. More employees can relate to “don’t leave laptops where someone can grab it.”
Read: Have You Defined Your Insider Threats?
Endpoint Security Best Practices Guide To Prevent Insider Threats
Finally, here are five quick tips for companies to follow that, if enforced, should go a long way in preventing this type of insider threat.
A quick reminder about what constitutes an endpoint: an endpoint is essentially any remote device that sends and receives communications with the network to which it’s connected. Endpoints can include:

Desktops/Workstations
Laptops
Smartphones
POS Systems
Tablets
Servers

Five Quick Tips to Mitigate Insider Threats

Many endpoints are stolen in broad daylight when they’re temporarily left unattended in a public place, even if only for a minute or two. When in public, personal belongings should be kept in sight and never left unattended. Equally important, organizations should have a policy addressing the need to protect company property like endpoints and should inform employees of the potential repercussions if the policy is negligently violated.
Endpoints should not be left in an unoccupied vehicle. If this isn’t possible, it should be placed in the trunk or covered up completely so it can’t be seen through the car windows.
Office creepers rely on the fact that most people are non-confrontational, so they will look for opportunities to access secure places and systems. An organization should have a sign-in system for visitors, and shouldn’t let unaccompanied visitors into the work area.
Access to secure areas should be restricted to authorized individuals. Make sure secure doors close and latch behind you and that nobody is trailing you. If a secure door is propped open or damaged—or if you see someone or something else out of the ordinary—alert your security team immediately.
Endpoints should not be left unattended in an unlocked meeting or conference room. Additionally, endpoints should be locked in a desk drawer or cabinet during off-hours. Thefts have been known to be committed by cleaning crews, maintenance staff, and temporary workers.

No matter what cybersecurity incident occurs in your organization, reacting in panic can create more harm, exposing your organization to further liabilities. You need a tested cyber threat response plan at-the-ready to jump into action immediately and neutralize the threat — before it takes control.
SANS Institute and Absolute have teamed up to assemble the key components you need to include when building your plan.
Watch our webinar Cyber Threat Checklist: Are You Prepared to find out the must-have items to include in a cyber-threat checklist to prevent future incidents.

Is Your Organization Underestimating Its Endpoint Risk?

by Josh Mayfield | May 27, 2019 | Endpoint Security

For decades, IT professionals have been fighting the good fight against malware, hackers, negligent or malicious insiders, and other threats. We focus on securing the network as if it’s a tangible thing we can put in bubble wrap and lock inside a vault. If only it were that straightforward!
The reality is that the network is now fluid — stretching inside and outside the walls of the organization — and accessed easily by mobile endpoints. We’ve invested heavily in security to protect the endpoint from attack but experts have noticed a worrying correlation between greater endpoint security spending and increased endpoint complexity and risk.
The endpoint is now the largest attack vector
With endpoints accessing and storing data from literally anywhere in the world, the endpoint has become the largest surface area for attack. And cybercriminals know this — according to Ponemon Institute, the frequency of attacks on endpoints is increasing. Last year, two-thirds of companies were compromised by attacks that originated on their endpoints.
We presume that the humble endpoint is protected because we spend millions of dollars per year on encryption, AV/AM, client-patch management, and other endpoint protection tools. This presumption could cost us. As of 2018, the average cost of a data breach involving the endpoint sits at a cool $7.1 million. Could your organization survive an attack of this magnitude?
The full picture of endpoint vulnerability
The security solutions that we rely on to protect our devices — and the data that lives on them — fail often. According to a new report by Absolute that studied six million devices over 12 months, our endpoints are not as secure as we’d like to think:

No devices survived a full year without an encryption failure
28 percent of endpoints are unprotected at any given time
19 percent of endpoints require at least one repair within 30 days

Let those numbers sink in.
All of your devices will experience an encryption failure in the next year. At a time when zero-day attacks are four times more likely to compromise organizations, one third of your devices may be unprotected and one fifth may need patching. According to Ponemon, the average time to patch is 102 days. So for 102 days, your endpoints could be exposed to zero-day attacks.
Are those scenarios acceptable to your CISO and CEO?
Make existing endpoint security more resilient
It’s clear that we need a better way to reduce vulnerabilities and take back control of the endpoint. We must address the root of endpoint security failure by ensuring that existing security controls remain in place and functioning correctly at all times. But how?
Persistence technology can help. Persistence technology is embedded in the firmware of over 70 percent of the world’s endpoint devices. It enables Absolute to have the only cloud-based platform that maintains a constant, persistent connection to devices, regardless of user behavior or device performance. The always-on connection enables you to keep a close eye on existing security controls to ensure they’re always performing at an optimal level. In this way, you can unlock value from solutions you’re already paying for and avoid unnecessary spend on yet more endpoint security.
Your staff can do their best work safely, from anywhere. And you can rest assured that your devices are resilient.
Interested in taking a deeper dive into the current state of endpoint security? Read the full report: 2019 Endpoint Security Trends Report