Bottom Line: Absolute’s 2020 Endpoint Resilience Report illustrates why the purpose of any cybersecurity program needs to be attaining a balance between protecting an organization and the need to keep the business running, starting with secured endpoints.
Enterprises who’ve taken a blank-check approach in the past to spending on cybersecurity are facing the stark reality that all that spending may have made them more vulnerable to attacks. While cybersecurity spending grew at a Compound Annual Growth Rate (CAGR) of 12% in 2018, Gartner’s latest projections are predicting a decline to only 7% CAGR through 2023. Nearly every CISO I’ve spoken with in the last three months say prioritizing cybersecurity programs by their ROI and contribution to the business is how funding gets done today.
Cybersecurity Has Always Been A Business Decision
Overcoming the paradox of keeping a business secure while fueling its growth is the essence of why cybersecurity is a business decision. Securing an entire enterprise is an unrealistic goal; balancing security and ongoing operations is. CISOs speak of this paradox often and the need to better measure the effectiveness of their decisions.
This is why the findings from Absolute’s 2020 State of Endpoint Resilience Report are so timely given the shift to more spending accountability on cybersecurity programs. The report’s methodology is based on anonymized data from enterprise-specific subsets of nearly 8.5 million Absolute-enabled devices active across 12,000+ customer organizations in North America and Europe. Please see the last page of the study for additional details regarding the methodology.
Key insights from the study include the following:
- More than one of every three enterprise devices had an Endpoint Protection (EP), client management or VPN application out of compliance, further exposing entire organizations to potential threats. More than 5% of enterprise devices were missing one or more of these critical controls altogether. Endpoints, encryption, VPN and Client Management are more, not less fragile, despite millions of dollars being spent to protect them before the downturn. The following graphic illustrates how fragile endpoints are by noting average compliances rate alongside installation rates:
- When cybersecurity spending isn’t being driven by a business case, endpoints become more complex, chaotic and nearly impossible to protect. Absolute’s survey reflects what happens when cybersecurity spending isn’t based on a solid business decision, often leading to multiple endpoint security agents. The survey found the typical organization has 10.2 endpoint agents on average, up from 9.8 last year. One of the most insightful series of findings in the study and well worth a read is the section on measuring Application Resilience. The study found that the resiliency of an application varies significantly based on what else it is paired with. It’s interesting to see that same-vendor pairings don’t necessarily do better or show higher average compliance rates than pairings from different vendors. The bottom line is that there’s no guarantee that any agent, whether sourced from a single vendor or even the most innovative vendors, will work seamlessly together and make an organization more secure. The following graphic explains this point:
- 60% of breaches can be linked to a vulnerability where a patch was available, but not applied. When there’s a compelling business case to keep all machines current, patches get distributed and installed. When there isn’t, operating system patches are, on average, 95 days late. Counting up the total number of vulnerabilities addressed on Patch Tuesday in February through May 2020 alone, it shows that the average Windows 10 enterprise device has hundreds of potential vulnerabilities without a fix applied – including four zero-day vulnerabilities. Absolute’s data shows that Post-Covid-19, the average patch age has gone down slightly, driven by the business case of supporting an entirely remote workforce.
- Organizations that had defined business cases for their cybersecurity programs are able to adapt better and secure vulnerable endpoint devices, along with the sensitive data piling up on those devices, being used at home by employees. Absolute’s study showed that the amount of sensitive data – like Personal Identifiable Information (PII), Protected Health Information (PHI) and Personal Financial Information (PFI) data – identified on endpoints soared as the Covid-19 outbreak spread and devices went home to work remotely. Without autonomous endpoints that have an unbreakable digital tether to ensure the health and security of the device, the greater the chance of this kind of data being exposed, the greater the potential for damages, compliance violations and more.
Absolute’s latest study on the state of endpoints amplifies what many CISOs and their teams are doing today. They’re prioritizing cybersecurity endpoint projects on ROI, looking to quantify agent effectiveness and moving beyond the myth that greater compliance is going to get them better security. The bottom line is that increasing cybersecurity spending is not going to make any business more secure, knowing the effectiveness of cybersecurity spending will, however. Being able to capable of tracking how resilient and persistent every autonomous endpoint is in an organization makes defining the ROI of endpoint investments possible, which is what every CISO I’ve spoken with is focusing on this year.
- 86% of all breaches are financially motivated, where threat actors are after company financial data, intellectual property, health records, and customer identities that can be sold fast on the Dark Web.
- 70% of breaches are perpetrated by external actors, making endpoint security a high priority in any cybersecurity strategy.
- 55% of breaches originate from organized crime groups.
- Attacks on Web apps accessed from endpoints were part of 43% of breaches, more than double the results from last year.
These and many other insights are from Verizon’s 2020 Data Breach Investigations Report (DBIR), downloadable here (PDF, 119 pp. free, opt-in). One of the most-read and referenced data breach reports in cybersecurity, Verizon’s DBIR, is considered the definitive source of annual cybercrime statistics. Verizon expanded the scope of the report to include 16 industries this year, also providing break-outs for Asia-Pacific (APAC); Europe, Middle East and Africa (EMEA); Latin America and the Caribbean (LAC); and North America, Canada, and Bermuda, which Verizon says is experiencing more breaches (NA).
The study’s methodology is based on an analysis of a record total of 157,525 incidents. Of those, 32,002 met Verizon’s quality standards, and 3,950 were confirmed data breaches. The report is based on an analysis of those findings. Please see Appendix A for the methodology.
Key insights include the following:
- Verizon’s DBIR reflects the stark reality that organized crime-funded cybercriminals are relentless in searching out unprotected endpoints and exploiting them for financial gain, which is why autonomous endpoints are a must-have today. After reading the 2020 Verizon DBIR, it’s clear that if organizations had more autonomous endpoints, many of the most costly breaches could be averted. Autonomous endpoints that can enforce compliance, control, automatically regenerating, and patching cybersecurity software while providing control and visibility is the cornerstone of cybersecurity’s future. For endpoint security to scale across every threat surface, the new hybrid remote workplace is creating an undeletable tether to every device as a must-have for achieving enterprise scale.
- The lack of diligence around Asset Management is creating new threat surfaces as organizations often don’t know the current health, configurations, or locations of their systems and devices. Asset Management is a black hole in many organizations leading to partial at best efforts to protect every threat surface they have. What’s needed is more insightful data on the health of every device. There are several dashboards available, and one of the most insightful is from Absolute, called the Remote Work and Distance Learning Insights Center. An example of the dashboard shown below:
- 85% of victims and subjects were in the same country, 56% were in the same state, and 35% were even in the same city based on FBI Internet Crime Complaint Center (IC3) data. Cybercriminals are very opportunistic when it comes to attacking high-profile targets in their regions of the world. Concerted efforts of cybercriminals funded by organized crime look for the weakest threat surfaces to launch an attack on, and unprotected endpoints are their favorite target. What’s needed is more of a true endpoint resilience approach that is based on a real-time, unbreakable digital tether that ensures the security of every device and the apps and data it contains.
- Cloud assets were involved in about 24% of breaches this year, while on-premises assets are still 70%. Ask any CISO what the most valuable lesson they learned from the pandemic has been so far, and chances are they’ll say they didn’t move to the cloud quickly enough. Cloud platforms enable CIOs and CISOs to provide a greater scale of applications for their workforces who are entirely remote and a higher security level. Digging deeper into this, cloud-based Security Information and Event Management (SIEM) provides invaluable real-time analysis, alerts, and deterrence of potential breaches. Today it’s the exceptional rather than the rule that CISOs prefer on-premise over cloud-based SIEM and endpoint security applications. Cloud-based endpoint platforms and the apps they support are the future of cybersecurity as all organizations now are either considering or adopting cloud-based cybersecurity strategies.
- Over 80% of breaches within hacking involve brute force or the use of lost or stolen credentials. One of the most valuable insights from the Verizon DBIR is how high of a priority cybercriminals are placing on stealing personal and privileged access credentials. Shutting down potential breach attempts from stolen passwords involves keeping every endpoint completely up to date on software updates, monitoring aberrant activity, and knowing if anyone is attempting to change the configuration of a system as an administrator. By having an unbreakable digital tether to every device, greater control and real-time response to breach attempts are possible.
Autonomous endpoints that can self-heal and regenerate operating systems and configurations are the future of cybersecurity, a point that can be inferred from Verizon’s DBIR this year. While CIOs are more budget-focused than ever, CISOs are focused on how to anticipate and protect their enterprises from new, emerging threats. Closing the asset management gaps while securing every endpoint is a must-have to secure any business today. There are several cybersecurity companies offering endpoint security today. Based on customer interviews I’ve done, one of the clear leaders in endpoint resilience is Absolute Software, whose persistent-firmware technology allows them to self-heal their own agent, as well as any endpoint security control and productivity tool on any protected device such as their Resilience suite of applications.