Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


End of Bibblio RCM includes -->
06:05 PM
Connect Directly

Enterprises Applying OS Patches Faster as Endpoint Risks Grow

New study shows sharp increase in number of endpoint devices with sensitive data on them.

Over the past 12 months, many organizations have become slightly faster at applying operating system patches on endpoint systems despite the challenges associated with maintaining remote devices, a new report from Absolute Software shows.

Even so, the length of time that enterprise endpoints were out-of-date with available OS patches remained relatively high at 80 days.

Related Content:

XDR Pushing Endpoint Detection and Response Technologies to Extinction

Special Report: Assessing Cybersecurity Risk in Today's Enterprises

New From The Edge: How Are Cyber Insurance Companies Assessing Ransomware Risk?

"Surprisingly, given the challenges of maintaining remote devices, we actually saw a decrease in the length of time that endpoints were behind in applying the latest OS patches available," says Steven Spadaccini, vice president of global sales engineering at Absolute Software.

Over the past year, even the most sophisticated organizations had a hard time supporting and securing remote workforces. A lack of visibility and control over their entire endpoint environment exacerbated the security challenge for many organizations, he says.

"While a lag of two-plus months is certainly still cause for concern, it is encouraging to see that organizations worked to improve fundamental security hygiene practices even with employees out of the building and off the corporate network," Spadaccini says.

For the report, Absolute analyzed anonymized data from some 5 million devices running the company's software across 13,000 customer sites in North America and Europe. One key takeaway from the analysis was the large proportion of endpoint devices with sensitive data on them. Also of note was the overall increase in the volume of sensitive data on these systems.

Seventy-three percent of the systems overall that Absolute analyzed had at least some sensitive data on them, such as personally identifiable information and protected health information. Devices in the financial services and professional service sectors tended to have substantially more sensitive data on them than in other sectors like government and healthcare.

Absolute discovered substantial increases in endpoint data volumes as well. For example, 30% of devices in the financial services sector contained more than 500 instances of sensitive data — a 15% increase from pre-COVID days. Similarly, 15% of healthcare endpoints contained more than 500 instances of sensitive data — up 12% from before the pandemic began.

Spadaccini attributes the increased data volumes to the shift to remote work in recent months.

"With more employees working remotely over the past year, we saw more sensitive information stored locally on endpoint devices, likely due to the difficulties many experienced with connecting to and accessing corporate systems and data while off the corporate network," he says.

The growing volume of sensitive data on endpoint devices presents a heightened risk for organizations, especially since nearly one in four (23%) of the devices containing such data have weak or ineffective encryption controls, Spadaccini says.

Another takeaway from the Absolute report is the increase in the number of applications installed on enterprise endpoint devices and the number of security controls in place to protect the devices. On average, Absolute discovered 96 unique applications per device and 11.7 security controls, such as antivirus, encryption, endpoint management, identity and access management, and endpoint detection and response tools.

The problem for organizations with having too many security controls in place is increased complexity and vulnerability to attack, Spadaccini says. Some of the most common vulnerabilities that attackers exploited last year in ransomware attacks involved virtual private networks and other security applications, he adds. In fact, almost any application deployed on the endpoint carries the potential of opening a security gap and expanding an organization’s attack surface, he says.

Windows 10 Adoption Increases
Absolute's analysis shows that adoption of Windows 10 increased substantially over the past year. Windows 10 adoption was highest among organizations in the professional services sector (98%), government (94%), financial services (92%), and retail (92%).

Somewhat troublingly, though, more than four in 10 of the Windows 10 systems that Absolute analyzed were running version 1909 — a November 2019 version of the operating system associated with over 1,000 known vulnerabilities. Earlier this month, Microsoft announced it would no longer issue monthly security patches and quality updates for the Home and Pro editions of Windows 10, version 1909, and all server editions of the software as well.

The healthcare industry lagged other sectors in Windows 10 adoption with some 10% of organizations still on Windows 7, a version of the operating system that Microsoft stopped supporting in January 2020. Spadaccini says. One likely reason that organizations in some sectors lag others is that the core applications they rely on may not be compatible with current OS releases. In these situations, organizations are taking a calculated risk by remaining on outdated and unsupported operating systems, he says.

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Threaded  |  Newest First  |  Oldest First
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...