Numerous cyberattacks and data breach headlines are a constant reminder to businesses that cybersecurity is fragile. The remote working model increases the burden on IT and security teams as there is no longer a well-defined network boundary.
Telemetry data published in Absolute's 2023 Resilience Index shows that corporate device locations have increased by 15 percent. This means that significant amounts of employees are now working on networks that are not owned or controlled by the company, dramatically increasing the risk to an organization. In addition, existing challenges related to device health and security are compounded by a broad mix of networks, hardware, operating system versions, and patches. Absolute Software data also shows that 94 percent of corporate devices are running Windows 10, and the largest accounts are 158 days past a patch.
Balance between security and cyber resilience
As a result, companies are looking for ways to securely connect their employees to corporate networks and resources. This is leading to a new “comply-to-connect” trend that strikes a balance between security and cyber resiliency to enable secure work no matter where risk meets the user.
This means that organizations shouldn't focus solely on preventing an attack, but must develop a plan to mitigate the impact of a successful attack. For this reason, many forward-thinking companies are adopting a new strategy to deal with today's increasing cyber threats: cyber resilience. With this they want to ensure that an undesired cyber event, whether intentional or unintentional, does not have a negative impact on the confidentiality, integrity and availability of a company's business processes.
Assess cyber resilience
Torsten George, VP of Absolute Software, recommends a method that companies can use to assess their cyber resilience. He advises considering the following aspects: complexity, compliance and continuity.
- Complexity: Complexity focuses on the health of the applications and includes the number of endpoint controls, the number of devices and users, and the number of operating systems. Security leaders can ask the following questions to determine the level of complexity of endpoints, devices, and operating systems: What is the percentage of devices by operating system that are behind in patching? What is the number of security checks per device? Are the optimal combinations of antivirus/antimalware and encryption applications in use?
- Compliance: Compliance is the scorecard that focuses on risk and encryption. Security leaders can ask these questions to learn more about their state of compliance: Is sensitive data encrypted at all endpoints, in transit, or in transit? Is there visibility into the effectiveness of security controls at any given point in time? Is it known at all times where all devices assigned to the company are located and whether they contain sensitive data?
- Continuity: Continuity includes mobility, application functionality and availability. The following questions should be asked to learn more about the state of continuity: Do you have visibility into the coverage gap or link quality that would allow SLAs to be enforced? Are there ways to communicate with the end users without relying on the email system? Are there automated ways to repair and/or reinstall business-critical applications to prevent attacks or help with recovery?
Do you have a moment?
Take a few minutes for our 2023 user survey and help make B2B-CYBER-SECURITY.de better!You only have to answer 10 questions and you have an immediate chance to win prizes from Kaspersky, ESET and Bitdefender.
Here you go directly to the survey
In its fourth year of regularly investigating trends in endpoint resiliency, Absolute has analyzed anonymized data from 14 million Absolute-enabled devices active in customer organizations in North America, Europe and APAC. Data and information from trusted third-party sources were also included. The 2023 Resilience Trend examines the state of resilience of the work-from-anywhere model by assessing its complexity, continuity and compliance status. The results confirm that despite the longstanding assumption that deploying more security solutions leads to better protection against threats, the truth is quite different.
More at AbsoluteSoftware.com
About Absolute Software Absolute Software accelerates its customers' transition to remote working with the industry's first self-healing Zero Trust platform that ensures maximum security and uncompromised productivity. Absolute is the only solution embedded in more than half a billion devices providing an always-on digital connection.