Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/26/2021
06:05 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Enterprises Applying OS Patches Faster as Endpoint Risks Grow

New study shows sharp increase in number of endpoint devices with sensitive data on them.

Over the past 12 months, many organizations have become slightly faster at applying operating system patches on endpoint systems despite the challenges associated with maintaining remote devices, a new report from Absolute Software shows.

Even so, the length of time that enterprise endpoints were out-of-date with available OS patches remained relatively high at 80 days.

Related Content:

XDR Pushing Endpoint Detection and Response Technologies to Extinction

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: How Are Cyber Insurance Companies Assessing Ransomware Risk?

"Surprisingly, given the challenges of maintaining remote devices, we actually saw a decrease in the length of time that endpoints were behind in applying the latest OS patches available," says Steven Spadaccini, vice president of global sales engineering at Absolute Software.

Over the past year, even the most sophisticated organizations had a hard time supporting and securing remote workforces. A lack of visibility and control over their entire endpoint environment exacerbated the security challenge for many organizations, he says.

"While a lag of two-plus months is certainly still cause for concern, it is encouraging to see that organizations worked to improve fundamental security hygiene practices even with employees out of the building and off the corporate network," Spadaccini says.

For the report, Absolute analyzed anonymized data from some 5 million devices running the company's software across 13,000 customer sites in North America and Europe. One key takeaway from the analysis was the large proportion of endpoint devices with sensitive data on them. Also of note was the overall increase in the volume of sensitive data on these systems.

Seventy-three percent of the systems overall that Absolute analyzed had at least some sensitive data on them, such as personally identifiable information and protected health information. Devices in the financial services and professional service sectors tended to have substantially more sensitive data on them than in other sectors like government and healthcare.

Absolute discovered substantial increases in endpoint data volumes as well. For example, 30% of devices in the financial services sector contained more than 500 instances of sensitive data — a 15% increase from pre-COVID days. Similarly, 15% of healthcare endpoints contained more than 500 instances of sensitive data — up 12% from before the pandemic began.

Spadaccini attributes the increased data volumes to the shift to remote work in recent months.

"With more employees working remotely over the past year, we saw more sensitive information stored locally on endpoint devices, likely due to the difficulties many experienced with connecting to and accessing corporate systems and data while off the corporate network," he says.

The growing volume of sensitive data on endpoint devices presents a heightened risk for organizations, especially since nearly one in four (23%) of the devices containing such data have weak or ineffective encryption controls, Spadaccini says.

Another takeaway from the Absolute report is the increase in the number of applications installed on enterprise endpoint devices and the number of security controls in place to protect the devices. On average, Absolute discovered 96 unique applications per device and 11.7 security controls, such as antivirus, encryption, endpoint management, identity and access management, and endpoint detection and response tools.

The problem for organizations with having too many security controls in place is increased complexity and vulnerability to attack, Spadaccini says. Some of the most common vulnerabilities that attackers exploited last year in ransomware attacks involved virtual private networks and other security applications, he adds. In fact, almost any application deployed on the endpoint carries the potential of opening a security gap and expanding an organization’s attack surface, he says.

Windows 10 Adoption Increases
Absolute's analysis shows that adoption of Windows 10 increased substantially over the past year. Windows 10 adoption was highest among organizations in the professional services sector (98%), government (94%), financial services (92%), and retail (92%).

Somewhat troublingly, though, more than four in 10 of the Windows 10 systems that Absolute analyzed were running version 1909 — a November 2019 version of the operating system associated with over 1,000 known vulnerabilities. Earlier this month, Microsoft announced it would no longer issue monthly security patches and quality updates for the Home and Pro editions of Windows 10, version 1909, and all server editions of the software as well.

The healthcare industry lagged other sectors in Windows 10 adoption with some 10% of organizations still on Windows 7, a version of the operating system that Microsoft stopped supporting in January 2020. Spadaccini says. One likely reason that organizations in some sectors lag others is that the core applications they rely on may not be compatible with current OS releases. In these situations, organizations are taking a calculated risk by remaining on outdated and unsupported operating systems, he says.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-20027
PUBLISHED: 2021-06-14
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause a Denial of Service (DoS) by sending a specially crafted request. This vulnerability affects SonicOS Gen5, Gen6, Gen7 platforms, and SonicOSv virtual firewalls.
CVE-2021-32684
PUBLISHED: 2021-06-14
magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the start, stop, exec, an...
CVE-2021-34693
PUBLISHED: 2021-06-14
net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized.
CVE-2021-27887
PUBLISHED: 2021-06-14
Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids ...
CVE-2021-27196
PUBLISHED: 2021-06-14
Improper Input Validation vulnerability in Hitachi ABB Power Grids Relion 670 Series, Relion 670/650 Series, Relion 670/650/SAM600-IO, Relion 650, REB500, RTU500 Series, FOX615 (TEGO1), MSM, GMS600, PWC600 allows an attacker with access to the IEC 61850 network with knowledge of how to reproduce the...