Within the past year, investments in cybersecurity technologies reached new heights to support the rapidly changing ways of working. Even the most sophisticated organizations were challenged to maintain a healthy security posture due to the increase in data breaches. This year in particular, companies were exposed to the unmanageable risks that result when organizations lack insight and control over their entire endpoint environment. Some of these risks have even prompted government intervention. Focusing on five key developments that are significant to your data security, it’s evident that without awareness, organizations are dangerously exposed at this present time.
Compromised security controls
An enterprise’s security posture is only as good as the applications that support it. With sophisticated attackers seeking access by any means, simply deploying protections such as encryption, VPN, antivirus, and anti-malware — and trusting that they remain effective — is not enough. To truly defend the endpoint and realize a return from these security investments, their effectiveness must be continuously monitored and maintained. In organizations without these measures in place, one in four devices reported unhealthy applications at any given time, including critical protections.
Vulnerabilities remain unaddressed
This year saw an expected increase in Windows 10 adoption, but surprisingly given the challenges of maintaining remote devices, a decrease in the length of time that endpoints were out-of-date with available OS patches — from 95 days last year to 80 days in 2021. For some organizations, maintaining outdated or unsupported operating systems is a calculated risk since they rely on core applications not yet compatible with current operating system (OS) releases. Offsetting risk by ensuring the effectiveness of endpoint security controls is crucial.
More sensitive data on more devices
Although every endpoint represents a potential target for cybercriminals, those containing sensitive data pose a more serious threat. This year, with more workers off-network and more information stored on local machines, that threat increased exponentially. Research showed that no industry was immune, with 73% of analyzed devices containing sensitive data, with financial and professional services holding the highest risks. This number, coupled with dramatic increases in the amount of data most at risk per device, stresses the need for automated discovery and remediation in today’s newly remote world, specifically to avoid the serious financial and reputable damages that can occur.
Endpoint complexity is impacting risk
Enterprises now have an average of 96 unique applications per device, including 13 mission-critical applications. The number of security controls has also increased to 11.7 per device, with the majority of devices containing multiple controls with the same function. 100% of devices have at least one encryption application installed. This increased complexity is itself a security risk, as each new control adds friction to the endpoint environment, increasing the likelihood of collision and decay. The challenge of keeping applications up to date on remote devices (especially when deploying patches off-network) increases the risk further.
President Biden intervenes
Key elements of American infrastructure are run by private companies who are vulnerable to the ever-evolving threat landscape. Considering the recent spike in data breaches, this prompted President Biden to sign an executive order aimed at protecting critical American infrastructure from cyberattacks. The New York Times reported that the order consists of voluntary measures for companies to meet a series of online security standards, like encrypting data and requiring two-factor authentication. The idea behind the order is to develop cybersecurity performance goals to assess how prepared companies are. Biden has already imposed security standards on providers of software to the federal government, betting that if a company is banned from selling to the government, it will also suffer in the commercial marketplace. The measures are outlined in the new national security memorandum, called “Improving Cybersecurity for Critical Infrastructure Control Systems.”
Businesses are growing increasingly reliant on trusted managed services to monitor and maintain their data security from exposure to cyber threats. Contact Lloyd to learn how we can help improve your overall security posture and reduce exposure.