Thursday, September 23 2021

As remote workers prepare to return to the office—often bringing their personal devices—risk leaders face a new set of challenges in securing endpoints. A recent report warned that the amount of sensitive data contained on enterprise devices increased by 10% since the pre-COVID era.

Absolute Software analyzed data from approximately five million enterprise devices. The company’s endpoint risk report found 73% of the enterprise devices analyzed contained sensitive data such as Protected Health Information (PHI) and Personally Identifiable Information (PII). Of the devices containing high levels of sensitive data, 23% contained poor encryption controls. The amount of sensitive data contained per device on average increased by 10% as the pandemic prompted a transition to remote work.

The report warned of unaddressed vulnerabilities, increased sensitive data on devices, higher endpoint complexity, and compromised security controls.

Patching delays continue to plague enterprises. Researchers noted that over 40% of the Windows 10 devices analyzed were operating on version 1909. Last month, Microsoft ceased service updates for the version, which is known to have more than 1,000 vulnerabilities.

Many industries, including healthcare, rely on software that is still incompatible with current operating systems. As the FBI continues to warn of increased ransomware activity targeted the healthcare sector, among other industries, the report emphasized endpoint security control. The findings demonstrate the importance of “resilient endpoints and applications in the evolving ‘work from anywhere’ era,” said Absolute president and chief executive Christy Wyatt.

In 2020, the average number of security applications installed on enterprise devices surged as enterprises struggled to secure remote employees. Nearly two-thirds (60%) of the enterprise devices analyzed contained two or more encryption applications installed, while 52% contained three or more endpoint management applications installed.

Multiple security controls add friction to environment, increasing the risk of failure and non-compliance, possibly even making these additional efforts to secure endpoints redundant.

The threat to security operations has escalated due to the COVID-19 pandemic. Absolute asserts that simply deploying protections such as anti-malware, encryption, and VPM, is insufficient.

As security teams prepare for the next phase of pandemic-related security challenges, senior executives can take proactive approach to help their teams navigate the new environment. Appropriate budgets for anti-virus and anti-malware solutions are a start. Effective security controls are also vital to protect endpoints as threats continue to evolve.

Previous

Cybersecurity M&A and Funding Update: May 28

Next

Supreme Court Limits Scope of Federal Anti-Hacking Law

Check Also

Widget

Don’t Miss

Cyber Deal Update: Upstream Security, Hunters, build.security

Khushi Arora

Upstream Security and Hunters complete Series C and Series A funding rounds, respectively. Elastic NV acquires build.security. Funding Upstream Security, an Israeli provider of automotive cybersecurity and a data analytics platform for connected vehicles, has closed a $62 million Series C funding round led by Mitsui Sumitomo Insurance, along with new investors I.D.I. Insurance, NextGen […]

Cyber Deal Update: Loop Secure, Intelligent Automation, Blumira

Khushi Arora

Tesserent acquires Loop Secure to complement its own services, and BlueHalo merges with Intelligent Automation. Blumira completes a Series A funding round. Mergers and Acquisitions Tesserent, an Australian network security company, has announced its intent to acquire Loop Secure, a provider of managed security services, governance risk and compliance, and offensive security services also based […]

Cyber Deal Update: FHIRBlocks, InfoSum

Khushi Arora

Healthcare cybersecurity company ConsenSys Health acquires FHIRBlocks. InfoSum and Monte Carlo close a Series B and Series C funding round, respectively. Mergers and Acquisitions Otava, a Michigan-headquartered cloud solutions provider, has announced its acquisition of NewCloud Networks, a Colorado-based cloud computing services provider. The acquisition provides Otava a product portfolio that includes security services, cloud […]

Cyber Deal Update: Carve Systems, Baffle, Certik

Khushi Arora

iVision acquires Carve Systems, Baffle closes a Series B funding round, and CertiK closes adds to its Series B funding round announced last month. Mergers and Acquisitions iVision, a Georgia-based provider of IT infrastructure and application solutions, has acquired Carve Systems, a New York-based cybersecurity company that provides security testing, security engineering, and security strategy […]

Cyber Executive Moves: Aegon Asset Management, Tego Cyber

Khushi Arora

Aegon Asset Management hires former COO of MN and Tego Cyber gains a new CISO. Aegon Asset Management, based in The Netherlands, has appointed Nicole Grootveld-Sandig as its chief technology officer. Grootveld-Sandig joins Aegon from the Dutch specialist pensions management company MN NV. Tego Cyber, a Nevada-based developer of cyber threat intelligence solutions, has hired […]

Cyber Deal Update: Appriss Insights, Espagon

Khushi Arora

Equifast acquires data analytics company Appriss Insights, while Cisco acquires observability provider Espagon. Mergers and Acquisitions Equifax, an Atlanta-based global data, analytics and technology company, has announced its acquisition of Appriss Insights, a Kentucky-based information technology company providing customized solutions to enhance security and financial processes for businesses, for $1.825 billion. “We are extending the […]