From an IT perspective, an important part ofendpoint security refers to ensuring that the endpoint devices connected to your network—computers, laptops, mobile devices, tablets, etc.—are running on the latest version or patch to all operating systems or software.
Some companies take an extreme or hardline approach to endpoint security controls by, for example, not allowing personal devices to be connected to their enterprise network. For the most part, however, the use of devices such as laptops, mobile devices, and tablets is common in the workplace.
Ensuring that users are running the latest software and operating systems from those devices—and that they aren’t partaking in risky cyber behavior while connected to your network—is critical from a cybersecurity perspective.It’s not so much about preventing people from using the network (many companiesneedtheir employees to “BYOD,” or bring your own devices for the company to operate smoothly); it’s primarily about making sure those users are following the right security controls.
Securing endpoints from afirst-party perspectiveis all about monitoring. Do you have a way of knowing the latest operating systems and browsers being used by those connected to your network? Is critical data being passed between these endpoints?
From athird-party perspective, do you know if your vendors are using outdated endpoints to access your data? For example, you may have lower-tier, non-critical vendors using computers with an old version of XP. This may seem inconsequential, but if they log on to your network with that computer, that could touch critical areas of your network and create a major problem. That same vendor could unknowingly introduce something risky—like malware or a virus—into your network without you knowing it. Some companies have vendor portals segmented from the rest of their network, but that isn’t always the case. In 2013, Target’s HVAC vendor was able to access Target’s network andhackers then infiltrated Target’s main networkthrough the HVAC vendor’s access, causing a disastrous breach.
One of the most interesting things we found was that over 2,000 organizations are running more than half of their computers on an outdated version of an operating system—which makes those companies nearlythreetimes as likely to experience a publicly-disclosed breach.
2. In recent months, you’ve heard about the executive order from President Trump focusing on the security of computers and systems run by the government.Interestingly, our team found that more than 25% of computers used in the government sector in the U.S. were running outdated operating systems.About 80% of those outdated systems were old versions of MacOS, and 20% were Windows. When you think about the fact that a quarter of the government systems we analyzed were still using these old systems, the security challenges this presents are undeniable.
3. Consider the recentWannaCry ransomware attacks. Some companies affected by this attack had the latest operating system, just not the latest patch.The WannaCry attack highlighted the dangerous reality of outdated systemsandpatching cadenceand also emphasized the widespread nature of archaic technology that so many companies and individuals are grappling with.If this situation sounds familiar, it could cost your company a great deal at some point down the line.
Conveying The Criticality Of Endpoint Security To The Board
If you’re a large organization with thousands of employees and possibly hundreds of thousands of endpoints, tracking and monitoring system versions is ahugeundertaking. Organizations use various tools to help them monitor those areas—but ultimately, knowing what’s connected is a huge hurdle.
Beyond that, ask yourself if you have any trusted third parties using outdated endpoints, andwhether that could potentially put your organization at risk?
It’s not just about you—your critical vendors are also vulnerable to endpoint security issues, which increases the vulnerability of your organization and your valued data. Questions are being asked more frequently by both internal security teamsandexecutive teams, including boards of directors. If your organization hasn’t started asking these questions yet, it’s time to do so.
If you’re using a “one-size fits all” approach to managing your vendor lifecycle, you are missing opportunities to save money and operate more efficiently. Vendor management efficiencies don’t end in the onboarding stage: using a...
If you’re experiencing frustrating delays and procedural roadblocks during your vendor management process, you’re not alone. Security managers are seeing an increase in the number of third-parties integrating with their business, and ...
During this dynamic and stressful workplace environment 2020 has brought us, finding the most efficient ways to perform in your job has never been more important. When it comes to managing your vendor lifecycle, there are three ways you...