A quarter of all enterprise devices using faulty security controls
One in four enterprise devices are using faulty or ineffective security controls, according to a new report from Absolute Software.
Absolute Software announced key findings from its third annual Endpoint Risk Report. It revealed that one in four enterprise devices analysed had unhealthy or ineffective security applications, such as encryption, antivirus or VPN, at any given time, leaving sensitive data at risk.
The report also revealed that the average number of security controls has increased to more than 11 per enterprise device, with the majority of devices containing multiple controls with the same function.
Two in three (60 per cent) enterprise devices analysed had two or more encryption applications installed, while more than half (52 per cent) had three or more endpoint management applications installed.
Furthermore, nearly three in four (73 per cent) enterprise devices analysed contained sensitive data, such as Protected Health Information (PHI) or Personally Identifiable Information (PII), the report found. Compounding the risk of exposure, nearly one in four (23 per cent) devices with high levels of sensitive data also reported unhealthy encryption controls.
The average Windows 10 enterprise device was found to be 80 days behind in applying the latest available OS patches, and more than 40 per cent of Windows 10 enterprise devices were running version 1909, which is associated with over 1,000 known vulnerabilities.
“The trends in this year’s report — unaddressed vulnerabilities, unprotected data, and failing security controls – are clear indicators that it is time for organisations to put rigor around ensuring the endpoint security tools they’ve invested in are effectively protecting their valuable, and vulnerable, corporate devices and data," says Christy Wyatt, president and CEO of Absolute Software.
“And, the findings underscore the critical need for resilient endpoints and applications in the evolving ‘work from anywhere’ era," she adds.
"The ability to identify and mitigate risk is dependent on having the ability to monitor the state of every device and application, identify where things might be fragile or falling down, and autonomously heal them when needed.”
Absolute’s 2021 Endpoint Risk Report was developed using anonymised data from nearly five million Absolute-enabled devices active across 13,000 customer organisations in North America and Europe.
Absolute Software provides Endpoint Resilience solutions and the industry’s only undeletable defense platform embedded in more than a half-billion devices.
Enabling a permanent digital tether between the endpoint and the enterprise who distributed it, Absolute provides IT and security organisations with complete connectivity, visibility, and control, whether a device is on or off the corporate network and empowers them with Self-Healing Endpoint security to ensure mission-critical apps remain healthy and deliver intended value.