theDocumentId => 1341151 Enterprises Applying OS Patches Faster as Endpoint ...

Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:05 PM
Connect Directly

Enterprises Applying OS Patches Faster as Endpoint Risks Grow

New study shows sharp increase in number of endpoint devices with sensitive data on them.

Over the past 12 months, many organizations have become slightly faster at applying operating system patches on endpoint systems despite the challenges associated with maintaining remote devices, a new report from Absolute Software shows.

Even so, the length of time that enterprise endpoints were out-of-date with available OS patches remained relatively high at 80 days.

Related Content:

XDR Pushing Endpoint Detection and Response Technologies to Extinction

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: How Are Cyber Insurance Companies Assessing Ransomware Risk?

"Surprisingly, given the challenges of maintaining remote devices, we actually saw a decrease in the length of time that endpoints were behind in applying the latest OS patches available," says Steven Spadaccini, vice president of global sales engineering at Absolute Software.

Over the past year, even the most sophisticated organizations had a hard time supporting and securing remote workforces. A lack of visibility and control over their entire endpoint environment exacerbated the security challenge for many organizations, he says.

"While a lag of two-plus months is certainly still cause for concern, it is encouraging to see that organizations worked to improve fundamental security hygiene practices even with employees out of the building and off the corporate network," Spadaccini says.

For the report, Absolute analyzed anonymized data from some 5 million devices running the company's software across 13,000 customer sites in North America and Europe. One key takeaway from the analysis was the large proportion of endpoint devices with sensitive data on them. Also of note was the overall increase in the volume of sensitive data on these systems.

Seventy-three percent of the systems overall that Absolute analyzed had at least some sensitive data on them, such as personally identifiable information and protected health information. Devices in the financial services and professional service sectors tended to have substantially more sensitive data on them than in other sectors like government and healthcare.

Absolute discovered substantial increases in endpoint data volumes as well. For example, 30% of devices in the financial services sector contained more than 500 instances of sensitive data — a 15% increase from pre-COVID days. Similarly, 15% of healthcare endpoints contained more than 500 instances of sensitive data — up 12% from before the pandemic began.

Spadaccini attributes the increased data volumes to the shift to remote work in recent months.

"With more employees working remotely over the past year, we saw more sensitive information stored locally on endpoint devices, likely due to the difficulties many experienced with connecting to and accessing corporate systems and data while off the corporate network," he says.

The growing volume of sensitive data on endpoint devices presents a heightened risk for organizations, especially since nearly one in four (23%) of the devices containing such data have weak or ineffective encryption controls, Spadaccini says.

Another takeaway from the Absolute report is the increase in the number of applications installed on enterprise endpoint devices and the number of security controls in place to protect the devices. On average, Absolute discovered 96 unique applications per device and 11.7 security controls, such as antivirus, encryption, endpoint management, identity and access management, and endpoint detection and response tools.

The problem for organizations with having too many security controls in place is increased complexity and vulnerability to attack, Spadaccini says. Some of the most common vulnerabilities that attackers exploited last year in ransomware attacks involved virtual private networks and other security applications, he adds. In fact, almost any application deployed on the endpoint carries the potential of opening a security gap and expanding an organization’s attack surface, he says.

Windows 10 Adoption Increases
Absolute's analysis shows that adoption of Windows 10 increased substantially over the past year. Windows 10 adoption was highest among organizations in the professional services sector (98%), government (94%), financial services (92%), and retail (92%).

Somewhat troublingly, though, more than four in 10 of the Windows 10 systems that Absolute analyzed were running version 1909 — a November 2019 version of the operating system associated with over 1,000 known vulnerabilities. Earlier this month, Microsoft announced it would no longer issue monthly security patches and quality updates for the Home and Pro editions of Windows 10, version 1909, and all server editions of the software as well.

The healthcare industry lagged other sectors in Windows 10 adoption with some 10% of organizations still on Windows 7, a version of the operating system that Microsoft stopped supporting in January 2020. Spadaccini says. One likely reason that organizations in some sectors lag others is that the core applications they rely on may not be compatible with current OS releases. In these situations, organizations are taking a calculated risk by remaining on outdated and unsupported operating systems, he says.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-07-23
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and ...
PUBLISHED: 2021-07-23
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy rem...
PUBLISHED: 2021-07-23
An issue in Jumpserver 2.6.2 and below allows attackers to create a connection token through an API which does not have access control and use it to access sensitive assets.
PUBLISHED: 2021-07-23
Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if t...
PUBLISHED: 2021-07-23
A code injection vulnerability in backup/plugin.php of Bludit 3.13.1 allows attackers to execute arbitrary code via a crafted ZIP file.