<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1175921925807459&amp;ev=PageView&amp;noscript=1">
Vendor Risk Management

What Is Endpoint Security & Why Is It Important?

Joel Alcon | July 20, 2017

From an IT perspective, an important part of endpoint security refers to ensuring that the endpoint devices connected to your network—computers, laptops, mobile devices, tablets, etc.—are running on the latest version or patch to all operating systems or software.

Some companies take an extreme or hardline approach to endpoint security controls by, for example, not allowing personal devices to be connected to their enterprise network. For the most part, however, the use of devices such as laptops, mobile devices, and tablets is common in the workplace.

Ensuring that users are running the latest software and operating systems from those devices—and that they aren’t partaking in risky cyber behavior while connected to your network—is critical from a cybersecurity perspective. It’s not so much about preventing people from using the network (many companies need their employees to “BYOD,” or bring your own devices for the company to operate smoothly); it’s primarily about making sure those users are following the right security controls.

Securing endpoints from a first-party perspective is all about monitoring. Do you have a way of knowing the latest operating systems and browsers being used by those connected to your network? Is critical data being passed between these endpoints?

From a third-party perspective, do you know if your vendors are using outdated endpoints to access your data? For example, you may have lower-tier, non-critical vendors using computers with an old version of XP. This may seem inconsequential, but if they log on to your network with that computer, that could touch critical areas of your network and create a major problem. That same vendor could unknowingly introduce something risky—like malware or a virus—into your network without you knowing it. Some companies have vendor portals segmented from the rest of their network, but that isn’t always the case. In 2013, Target’s HVAC vendor was able to access Target’s network and hackers then infiltrated Target’s main network through the HVAC vendor’s access, causing a disastrous breach.

Three Critical Takeaways About Endpoint Security New Call-to-action

1. As part of our latest BitSight Insights report, our data scientists analyzed over 35,000 companies and a large number of publicly disclosed breaches. 

One of the most interesting things we found was that over 2,000 organizations are running more than half of their computers on an outdated version of an operating system—which makes those companies nearly three times as likely to experience a publicly-disclosed breach.

2. In recent months, you’ve heard about the executive order from President Trump focusing on the security of computers and systems run by the government. Interestingly, our team found that more than 25% of computers used in the government sector in the U.S. were running outdated operating systems. About 80% of those outdated systems were old versions of MacOS, and 20% were Windows. When you think about the fact that a quarter of the government systems we analyzed were still using these old systems, the security challenges this presents are undeniable.

3. Consider the recent WannaCry ransomware attacks. Some companies affected by this attack had the latest operating system, just not the latest patch. The WannaCry attack highlighted the dangerous reality of outdated systems and patching cadence and also emphasized the widespread nature of archaic technology that so many companies and individuals are grappling with. If this situation sounds familiar, it could cost your company a great deal at some point down the line.

Conveying The Criticality Of Endpoint Security To The Board

If you’re a large organization with thousands of employees and possibly hundreds of thousands of endpoints, tracking and monitoring system versions is a huge undertaking. Organizations use various tools to help them monitor those areas—but ultimately, knowing what’s connected is a huge hurdle.

Beyond that, ask yourself if you have any trusted third parties using outdated endpoints, and whether that could potentially put your organization at risk?

It’s not just about you—your critical vendors are also vulnerable to endpoint security issues, which increases the vulnerability of your organization and your valued data. Questions are being asked more frequently by both internal security teams and executive teams, including boards of directors. If your organization hasn’t started asking these questions yet, it’s time to do so.

As a security professional, you need to understand the security of your endpoints and those of your critical vendors. When your board sees data showing the increasing likelihood of a breach, they’re far more likely to take the necessary security actions, set up better security controls, or begin implementing better employee awareness programs around endpoint security management and the criticality of updating their systems. Download this BitSight Insights report today to get more advice on how to present the criticality of this issue to your organization.



Suggested Posts

A Vendor Risk Management Questionnaire Template

IT Risk Assessment Questions for Third Parties

Digital relationships with third-party vendors increase opportunities for growth, but they also increase opportunities for cyberattacks — a recent study found that 61% of U.S. companies said...


Worthwhile TPRM Certifications for Security & Risk Professionals

As the importance of third-party risk management (TPRM) continues to grow, organizations are hiring for related roles more seriously than ever before. To compensate, security and risk professionals are seeking out certification programs in...


Which Third-Party Risk Management Tools Do You Really Need?

With high-profile breaches being traced back to supply chain vulnerabilities and a regulatory environment that’s waking up to the realities of vendor risk, many organizations are investing heavily in third-party risk management (TPRM)...


Subscribe to get security news and updates in your inbox.