From an IT perspective, an important part of endpoint security refers to ensuring that the endpoint devices connected to your network—computers, laptops, mobile devices, tablets, etc.—are running on the latest version or patch to all operating systems or software.
Some companies take an extreme or hardline approach to endpoint security controls by, for example, not allowing personal devices to be connected to their enterprise network. For the most part, however, the use of devices such as laptops, mobile devices, and tablets is common in the workplace.
Ensuring that users are running the latest software and operating systems from those devices—and that they aren’t partaking in risky cyber behavior while connected to your network—is critical from a cybersecurity perspective. It’s not so much about preventing people from using the network (many companies need their employees to “BYOD,” or bring your own devices for the company to operate smoothly); it’s primarily about making sure those users are following the right security controls.
Securing endpoints from a first-party perspective is all about monitoring. Do you have a way of knowing the latest operating systems and browsers being used by those connected to your network? Is critical data being passed between these endpoints?
From a third-party perspective, do you know if your vendors are using outdated endpoints to access your data? For example, you may have lower-tier, non-critical vendors using computers with an old version of XP. This may seem inconsequential, but if they log on to your network with that computer, that could touch critical areas of your network and create a major problem. That same vendor could unknowingly introduce something risky—like malware or a virus—into your network without you knowing it. Some companies have vendor portals segmented from the rest of their network, but that isn’t always the case. In 2013, Target’s HVAC vendor was able to access Target’s network and hackers then infiltrated Target’s main network through the HVAC vendor’s access, causing a disastrous breach.
1. As part of our latest BitSight Insights report, our data scientists analyzed over 35,000 companies and a large number of publicly disclosed breaches.
One of the most interesting things we found was that over 2,000 organizations are running more than half of their computers on an outdated version of an operating system—which makes those companies nearly three times as likely to experience a publicly-disclosed breach.
2. In recent months, you’ve heard about the executive order from President Trump focusing on the security of computers and systems run by the government. Interestingly, our team found that more than 25% of computers used in the government sector in the U.S. were running outdated operating systems. About 80% of those outdated systems were old versions of MacOS, and 20% were Windows. When you think about the fact that a quarter of the government systems we analyzed were still using these old systems, the security challenges this presents are undeniable.
3. Consider the recent WannaCry ransomware attacks. Some companies affected by this attack had the latest operating system, just not the latest patch. The WannaCry attack highlighted the dangerous reality of outdated systems and patching cadence and also emphasized the widespread nature of archaic technology that so many companies and individuals are grappling with. If this situation sounds familiar, it could cost your company a great deal at some point down the line.
Conveying The Criticality Of Endpoint Security To The Board
If you’re a large organization with thousands of employees and possibly hundreds of thousands of endpoints, tracking and monitoring system versions is a huge undertaking. Organizations use various tools to help them monitor those areas—but ultimately, knowing what’s connected is a huge hurdle.
Beyond that, ask yourself if you have any trusted third parties using outdated endpoints, and whether that could potentially put your organization at risk?
It’s not just about you—your critical vendors are also vulnerable to endpoint security issues, which increases the vulnerability of your organization and your valued data. Questions are being asked more frequently by both internal security teams and executive teams, including boards of directors. If your organization hasn’t started asking these questions yet, it’s time to do so.
As a security professional, you need to understand the security of your endpoints and those of your critical vendors. When your board sees data showing the increasing likelihood of a breach, they’re far more likely to take the necessary security actions, set up better security controls, or begin implementing better employee awareness programs around endpoint security management and the criticality of updating their systems. Download this BitSight Insights report today to get more advice on how to present the criticality of this issue to your organization.