Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:05 PM
Connect Directly

Enterprises Applying OS Patches Faster as Endpoint Risks Grow

New study shows sharp increase in number of endpoint devices with sensitive data on them.

Over the past 12 months, many organizations have become slightly faster at applying operating system patches on endpoint systems despite the challenges associated with maintaining remote devices, a new report from Absolute Software shows.

Even so, the length of time that enterprise endpoints were out-of-date with available OS patches remained relatively high at 80 days.

Related Content:

XDR Pushing Endpoint Detection and Response Technologies to Extinction

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: How Are Cyber Insurance Companies Assessing Ransomware Risk?

"Surprisingly, given the challenges of maintaining remote devices, we actually saw a decrease in the length of time that endpoints were behind in applying the latest OS patches available," says Steven Spadaccini, vice president of global sales engineering at Absolute Software.

Over the past year, even the most sophisticated organizations had a hard time supporting and securing remote workforces. A lack of visibility and control over their entire endpoint environment exacerbated the security challenge for many organizations, he says.

"While a lag of two-plus months is certainly still cause for concern, it is encouraging to see that organizations worked to improve fundamental security hygiene practices even with employees out of the building and off the corporate network," Spadaccini says.

For the report, Absolute analyzed anonymized data from some 5 million devices running the company's software across 13,000 customer sites in North America and Europe. One key takeaway from the analysis was the large proportion of endpoint devices with sensitive data on them. Also of note was the overall increase in the volume of sensitive data on these systems.

Seventy-three percent of the systems overall that Absolute analyzed had at least some sensitive data on them, such as personally identifiable information and protected health information. Devices in the financial services and professional service sectors tended to have substantially more sensitive data on them than in other sectors like government and healthcare.

Absolute discovered substantial increases in endpoint data volumes as well. For example, 30% of devices in the financial services sector contained more than 500 instances of sensitive data — a 15% increase from pre-COVID days. Similarly, 15% of healthcare endpoints contained more than 500 instances of sensitive data — up 12% from before the pandemic began.

Spadaccini attributes the increased data volumes to the shift to remote work in recent months.

"With more employees working remotely over the past year, we saw more sensitive information stored locally on endpoint devices, likely due to the difficulties many experienced with connecting to and accessing corporate systems and data while off the corporate network," he says.

The growing volume of sensitive data on endpoint devices presents a heightened risk for organizations, especially since nearly one in four (23%) of the devices containing such data have weak or ineffective encryption controls, Spadaccini says.

Another takeaway from the Absolute report is the increase in the number of applications installed on enterprise endpoint devices and the number of security controls in place to protect the devices. On average, Absolute discovered 96 unique applications per device and 11.7 security controls, such as antivirus, encryption, endpoint management, identity and access management, and endpoint detection and response tools.

The problem for organizations with having too many security controls in place is increased complexity and vulnerability to attack, Spadaccini says. Some of the most common vulnerabilities that attackers exploited last year in ransomware attacks involved virtual private networks and other security applications, he adds. In fact, almost any application deployed on the endpoint carries the potential of opening a security gap and expanding an organization’s attack surface, he says.

Windows 10 Adoption Increases
Absolute's analysis shows that adoption of Windows 10 increased substantially over the past year. Windows 10 adoption was highest among organizations in the professional services sector (98%), government (94%), financial services (92%), and retail (92%).

Somewhat troublingly, though, more than four in 10 of the Windows 10 systems that Absolute analyzed were running version 1909 — a November 2019 version of the operating system associated with over 1,000 known vulnerabilities. Earlier this month, Microsoft announced it would no longer issue monthly security patches and quality updates for the Home and Pro editions of Windows 10, version 1909, and all server editions of the software as well.

The healthcare industry lagged other sectors in Windows 10 adoption with some 10% of organizations still on Windows 7, a version of the operating system that Microsoft stopped supporting in January 2020. Spadaccini says. One likely reason that organizations in some sectors lag others is that the core applications they rely on may not be compatible with current OS releases. In these situations, organizations are taking a calculated risk by remaining on outdated and unsupported operating systems, he says.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
How Data Breaches Affect the Enterprise
Data breaches continue to cause negative outcomes for companies worldwide. However, many organizations report that major impacts have declined significantly compared with a year ago, suggesting that many have gotten better at containing breach fallout. Download Dark Reading's Report "How Data Breaches Affect the Enterprise" to delve more into this timely topic.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-11-27
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
PUBLISHED: 2021-11-26
This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV file. Through this a malicious actor can embed or generate a malicious link or execute commands via C...
PUBLISHED: 2021-11-26
@joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious...
PUBLISHED: 2021-11-26
Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other se...
PUBLISHED: 2021-11-26
There is a Potential Zip Slip Vulnerability and OS Command Injection Vulnerability on the management system of baserCMS. Users with permissions to upload files may upload crafted zip files which may execute arbitrary commands on the host operating system. This is a vulnerability that needs to be add...