Endpoint security insights highlighted by coronavirus outbreak
Absolute, the leader in endpoint resilience, revealed striking insights in the wake of the global COVID-19 outbreak, including a spike in enterprise and education device usage, sustained gaps in endpoint health and security, and an alarming number of Windows 10 devices not being patched. More of these trends can be found in the company’s Remote Work and Distance Learning Insights Center, which is being updated weekly.
After President Cyril Ramaposa announced a national lockdown, we were all faced with the reality of being forced to try to make things work in the new world. We knew it would not be perfect, but we had to keep the show on the road.
On 26 March, millions of employees were sent home and instructed to work remotely, armed with laptops and some carrying desktops and extra screens and a hope and a prayer that their data would last, and that their connection from their home town or rural village they escaped to would actually work.
Governments around the world implemented widespread school closures impacting over 90% of the world’s student population. Suddenly, you had students who had homework sent to them via WhatsApp and they were working from any device possible.
This result placed IT and security teams under immediate pressure to quickly stand up work-from-home or learn-from-home environments to ensure continued productivity, connectivity and security.
“COVID-19 marks the beginning of a new era where we believe the nature of work will be forever changed,” said Christy Wyatt, President and CEO of Absolute. “As this crisis took hold, we saw our customers mobilise quickly to get devices into the hands of students and employees and navigate the challenges of standing up remote work and distance learning programs. What has become resoundingly clear is there has never been a more critical time for having un-deletable endpoint resilience.”
Now, as focus shifts to optimising remote work and distance learning programs, Absolute's Insights Center enables both enterprise and education organisations to measure and benchmark the health and security of their remote device programs, pre- and post-COVID-19.
Top insights include: (as of 24 April 2020)
Sensitive data is piling up on enterprise devices.
There has been a 46% increase in the number of items of sensitive data – such as personally identifiable information (PII) and protected health information (PHI) – identified on enterprise endpoints, compared to pre-COVID-19. Compounded by the pre-existing gaps in endpoint security and health, this means enterprise organisations are at heightened risk.*
Enterprise organisations are at heightened risk of breaches or compliance violations.
On average, one in four enterprise endpoint devices have a critical security application (anti-malware, encryption, VPN or client management) that is missing, inactive or out of date. With the significant increases in sensitive data being stored on these endpoints, enterprises are putting themselves at risk of legal compliance violations and data breaches as COVID-19 cyber-attacks accelerate.
Employee and student device usage continues to rise post-COVID.
The data shows a nearly 50% increase in the amount of heavy device usage – more than eight hours per day – across enterprise organisations, jumping to an increase of 62% in heavy education device usage. The average number of hours education endpoint devices are being used daily is also up 27%.
Device health sees slight improvement, but patch management continues to plague both enterprise and education IT teams. The average enterprise endpoint device running Windows 10 continues to be nearly three months behind in applying the latest patch, with that delay spiking to more than 180 days since a patch has been applied to the average student Windows 10 device – leaving students and employees vulnerable.
Absolute’s insights also shine a light on the value of automated, self-healing capabilities in both boosting endpoint security control health and minimising the strain that remote work environments put on the IT organisations tasked with ensuring controls are present and working on remote devices. The data shows that customers using Absolute’s patented Application Persistence technology to seamlessly manage and repair critical security apps – notably VPN, anti-virus and encryption apps – saw compliance rates of 94% or above, whereas the average enterprise organisation recorded compliance rates below 80% across the same app categories.
Application Persistence for VPN, enabling IT teams to ensure remote employees and students have a continuous, secure connection to their data and applications
A comprehensive library of automated, custom workflows, allowing IT to proactively pinpoint vulnerabilities and quickly take remedial action, whether a device is on or off the corporate network.
To access Absolute’s Remote Work and Distance Learning Insights Center, and see additional detail about the offers available to existing Absolute customers, visit here.
These insights leverage anonymised data from enterprise and education-specific subsets of nearly 8.5 million active, Absolute-enabled devices.
* Absolute’s Endpoint Data Discovery does not collect or store this information; it merely indicates if it is present on endpoints.
Absolute serves as the industry benchmark for Endpoint Resilience, visibility and control. Embedded in over a half-billion devices, the company enables more than 12,000 customers (organisations) with Self-Healing Endpoint® security, always-connected visibility into their devices, data, users, and applications – whether endpoints are on or off the corporate network – and the ultimate level of control and confidence required to support the modern enterprise. For the latest information, visit www.absolute.com and follow us on LinkedIn or Twitter.