Skip to main content
All Posts By

Kyleigh Andries

Managing the Endpoint Vulnerability Gap: Key Findings

By Endpoint SecurityNo Comments

Syxsense is pleased to be a sponsor of Enterprise Strategy Group’s latest survey on the Endpoint Management Vulnerability Gap. Respondents of this survey included IT and cybersecurity professionals involved with endpoint management and security technologies and processes. These professionals work for companies with 100 employees or more and cover a variety of industries.

The objectives of this research are to:

  • Identify challenges, strategies and trends in endpoint management and security
  • Determine if and how endpoint management and security functions and systems are converging
  • Highlight opportunities for improving endpoint management and security fueled by functional convergence

Fill out the form below to get your copy of the eBook.

syxsense scores high in gigaom report

Syxsense Named a Fast Mover in GigaOm Radar Report for Patch Management Solutions

By Endpoint Security, News, Patch ManagementNo Comments

Syxsense Named a Fast Mover in GigaOm Radar Report for Patch Management Solutions

We are excited to announce that Syxsense has been named a Fast Mover in the GigaOm Radar Report for Patch Management. This report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria, and provides a forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution.

This report synthesizes the analysis of key criteria and their impact on evaluation metrics to inform the GigaOm Radar graphic, which plots vendor solutions across a series of concentric rings, with those set closer to the center judged to be of higher overall value. The chart characterizes each vendor on two axes—balancing Maturity versus Innovation, and Feature Play versus Platform Play—while providing an arrow that projects each solution’s evolution over the coming 12 to 18 months.

As a Fast Mover in Patch Management, Syxsense provides full coverage of Windows, macOS, and Linux desktops and servers, as well as mobile devices and remote systems. Our strengths lie in lifecycle management, patch testing, patch deployment, patch prioritization, and a large number of third-party applications. Syxsense also supports an API, allowing integration with other systems such as ITSM and CMDB. Our Patch Management solution is deployed as a SaaS application with agents installed on your organization’s endpoints, and is a good fit for market segments including mid-market, large enterprises, and MSPs.

To see the full report breakdown, fill out the form below:

syxsense award

Download the Full Report

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

By Endpoint SecurityNo Comments

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

Five ways to bolster your endpoint security defenses quickly

For years overstretched and under-resourced organizations have contended with a lack of robust cybersecurity expertise to defend their networks and data, leaving them ripe for attack or internal mutiny. As far back as 2016, 46% of businesses reported a “problematic shortage” of their current cybersecurity talent, which ballooned to more than 2.72 million in 2021. Not only is hiring a nightmare but getting talent proficient in cybersecurity is more challenging than ever.

When it comes to ensuring your endpoints and networks are secure, you can’t spend long cycles onboarding and training new talent. Threats don’t wait. You don’t have years! You need solutions that are simple to deploy, manage, and maintain. Threat actor tactics evolve quickly. Your endpoint defense must as well. This ebook will dive into the scary realities of overstretched and under-resourced teams, provide some tips on how you can improve endpoint security with limited staff, and offer a glimpse into how Syxsense helps automate your entire endpoint defense.

Download the eBook

Embracing the Zero Trust Mindset for Endpoints

By Zero TrustNo Comments

Embracing the Zero Trust Mindset for Endpoints

What is the Zero Trust mindset, and what are the basics of implementing a Zero Trust framework for IT security?

Zero Trust is a strategic security mindset that combines multiple security disciplines into a comprehensive solution. This white paper was written for Syxsense by Charles Kolodgy of Security Mindsets LLC. In the report, he explains the Zero Trust mindset, documents how it has evolved from concept to implementation, and walks through some basics around implementing a Zero Trust framework that you can utilize in your organization.

Embracing the Zero Trust Mindset for Endpoints

Download the White Paper

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Why Endpoint Management?

New Syxsense Zero Trust Delivers Industry’s Only End-To-End Solution for Zero Trust Solution.

By News, Press ReleaseNo Comments

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Black Hat USA, Las Vegas – August 10, 2022 – Syxsense, a global leader in Unified Security and Endpoint Management solutions, today announced Syxsense Zero Trust, a new module within Syxsense Enterprise that enables endpoint compliance with Zero Trust Network Access policies (ZTNA).  Zero Trust initiatives require a hyper-focus on endpoint protection, but traditional authentication solutions lack the ability to evaluate device health, ensure granular policy compliance, and automate risk remediation. Syxsense’s new Zero Trust module was designed to serve as an organization’s “Trust Evaluation Engine” for endpoints. Not only does it offer unparalleled visibility and control over network access policies, but also enables security teams to build sophisticated access policies and remediation workflows to ensure ZTNA compliance.

 

“As organizations work to build a Zero Trust strategy, many are facing implementation challenges. One of those challenges is the ability to ensure that endpoints accessing the network are trustworthy and conform to policies. Most solutions simply accept or deny access without an understanding of the current Device Security Posture,” said Ashley Leonard, CEO of Syxsense. “In talking with customers, they wanted the ability to evaluate endpoint access for ZTNA based on policies and if not compliant, be able to apply fixes or remediate in real time to enable proper access. Syxsense Zero Trust does just that by allowing organizations to have full control of endpoints and automating the end-to-end process.”

 

The true power of Syxsense Zero Trust lies in three key areas. First, the granularity of hundreds of parameters IT can use to report and act on device compliance. For example, is a laptop accessing your NetSuite server after hours and with an IP address from an unfamiliar location? If so, block it. Second, the power to enforce compliance with Zero Trust policies prior to granting access on an asset-by-asset basis. And third, the automated remediation of non-compliant endpoints, which could include patching the system, enabling an antivirus tool and making sure it is up to date on patterns, emailing IT about unauthorized access, and much more. When combined with the simplicity of building policy playbooks quickly and simply using the powerful workflow orchestration and automation tool of Syxsense Cortex™, these tools give organizations a uniquely powerful endpoint evaluation and network access solution for Zero Trust.

The specific features of Syxsense Zero Trust include:

  • Complete visibility into all endpoints’ configuration and state of compliance using a single agent.
  • Build sophisticated access policies based on a large array of configuration and security parameters, setting unique policies for each individual corporate asset.
  • Automate the immediate enforcement of access policy requirements and remediation of non-compliant endpoints using the Syxsense Cortex remediation engine.
  • Verify trusted user authentication requests via the Syxsense console or optionally, connect with external multi-factor authentication (MFA) tools to provide a “go, no-go” security status of devices. For example, if a customer uses Duo, Okta, or other MFA tools, simply connect those tools with the Syxsense API and it will report compliance on each endpoint looking to access corporate assets.

 

Syxsense Zero Trust will be available for purchase in late September 2022, but attendees at Black Hat on August 10th and 11th can experience a product overview at the Syxsense booth #1272. For more information about Syxsense at Black Hat click here.

About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first unified security and endpoint management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Patch Management

Syxsense Enterprise Recognized as the Best Endpoint Security Solution in 2022 Tech Ascension Awards

By News, Press ReleaseNo Comments

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

ALISO VIEJO, Calif. August 23 2022 Syxsense, a global leader in Unified Security and Endpoint Management solutions, today announced that Syxsense Enterprise has been recognized as the Best Endpoint Security Solution in the 2022 Tech Ascension Awards. The awards recognize B2B and B2C companies and leaders that drive cutting edge, innovative technologies that solve critical challenges in the market.

Launched earlier this year, Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution that delivers real-time vulnerability monitoring and facilitated remediation for every endpoint across an organization’s entire environment. It combines Syxsense Secure, Syxsense Manage, Mobile Device Manager, and newly released Zero Trust to deliver a completely unified platform that scans and manages all endpoints, resolves problems in real-time, and reduces the risks associated with system misconfigurations. This enables organizations to better predict, identify, and remediate endpoint vulnerabilities.

Tech Ascension recognized Syxsense Enterprise for addressing the three key elements of endpoint security – vulnerabilities, patch, and compliance. By layering on a powerful workflow automation tool called Syxsense Cortex™ , the platform remediates and eliminates endpoint security weaknesses – all through a single cloud-based, drag-and-drop management interface, with hundreds of prebuilt workflows. This includes the ability to identify software vulnerabilities in both OS and 3rd party applications, misconfigurations from open ports, disabled firewalls, ineffective user account polices and more.

As the market shifts to a hybrid workforce, the number of endpoints is growing exponentially, with corporate network-connected mobile endpoints rising,” said Ashley Leonard, CEO of Syxsense. “The need to manage and secure an increasing number of endpoints, including desktops, servers, virtual devices, mobile phones and other devices, is becoming more and more apparent as complex, sophisticated threats continue to grow. We are thrilled to be recognized by Tech Ascension for our work in endpoint security and look forward to continually evolving our product to keep up with the ever-changing security landscape.”

The Tech Ascension Awards recognized the very best innovations in cybersecurity. The Tech Ascension awards judged cybersecurity applicants based on technology innovation, market research, and competitive differentiators. The class-leading vendors that received recognition from these awards showcased technology that solves critical industry challenges and produces invaluable business outcomes for their customers.

“Organizations are now tasked with navigating the extreme security challenges of new remote and hybrid work environments while combatting a surge in emerging advanced threats,” said David Campbell, CEO, Tech Ascension Awards. “These recognized security industry leaders are producing innovative technology and services to drive cyber forward in a truly evolving digital environment.”

The key features of Syxsense Enterprise include:

  • Vulnerability Scanning – Prevent cyberattacks by identifying scanning authorization issues, security implementation problems, and antivirus status.
  • Patch Everything – Automatically deploy OS and third-party patches to remediate all endpoint vulnerabilities inside the network and on roaming devices outside the network.
  • Prove Compliance and Device Health – Document patching with reporting for risk assessments, vulnerable devices, task summaries and more. And scan and prioritize patching relative to risk exposure.
  • Quarantine Devices – Block communication for an infected device, isolate endpoints, and kill malicious processes before they impact the network.
  • Control All Mobile Devices – Oversee devices remotely, silently push OTA configurations, applications, and policies from iOS to Android to Windows and more.
  • Collaborate with Ease – IT and security teams can now collaborate in a single console to identify and close endpoint attack vectors quickly.
  • Newly introduced Zero Trust, the industry’s first end-to-end Zero Trust solution, allows granular access to corporate assets based on device security posture.

For more details on Syxsense Enterprise or to schedule a demo, visit: https://www.syxsense.com/gc-demo-syxsense

About Syxsense

Syxsense is a leading provider of innovative, intuitive endpoint security and management technology that combines the power of artificial intelligence with industry expertise to help customers predict and remove security threats across all devices including mobile. Syxsense is the first Unified Security and Endpoint Management platform that centralizes the three key elements of endpoint security management (vulnerabilities, patch and compliance) and layers on a powerful workflow automation tool called Syxsense Cortex,™ all through a single cloud-based platform, enabling greater efficiency and collaboration between teams. The always-on technology performs in real-time so businesses can operate free of disruption from security breaches that cripple productivity and expose them to financial risk and reputational harm. For more information, visit www.syxsense.com

 

 

About the Tech Ascension Awards 

The Tech Ascension Awards elevate companies that possess cutting-edge, innovative technology that solve critical challenges in their respective markets. Tech Ascension winners rise above the crowded consumer and enterprise technology industries and receive validation from an independent organization. Applicants are judged based on technology innovation and uniqueness, market research (analyst reports, media coverage, customer case studies), hard performance stats, and competitive differentiators. The awards recognize leaders in cybersecurity, DevOps, big data and consumer technology. For information about the Tech Ascension Awards, please visit www.techascensionawards.com.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
4 Big Trends in Mobile Device Management

Four Big Trends In Mobile Device Management

By BlogNo Comments

Four Big Trends In Mobile Device Management

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Mobility has progressed, in recent years, to the point where some enterprise users hardly ever need to use a laptop or desktop. Many CEOs, for example, only use their phone. Any desktop duties are typically referred to an executive assistant or secretary. Sales jobs, too, can often be accomplished to a greater degree via smartphone.

Certainly, there are many other jobs where this isn’t the case. But regardless of the title, mobile devices are taking up more and more of the enterprise workload. Mobile Device Management (MDM) technology has advanced to provide the processes and tools the mobile workforce needs to stay productive and secure. Further, MDM provides IT with the ability to more easily provision mobile devices, manage them, inventory them, and protect assets and data.

Here are four of the top trends in MDM:

BYOD

Bring Your Own Device (BYOD) was an inevitable consequence of the COVID-19 pandemic. With everyone ordering home almost overnight, IT had no alternative other than to allow employees to use the laptops, desktops, tablets, and smartphones they had at home or used for personal tasks. A few of the lucky organizations (or the ones with deeper pockets) had already provided all employees with a dedicated work laptop, tablet and/or smartphone. By doing that, IT could arrange role-based access to enterprise data and email, and provide services such as a secure VPN, GPS tracking, password-protected applications, and access to a host of enterprise security applications. Beyond that, mobile chaos became the norm. BYOD continues to predominate in many organizations.

This has made MDM a more important field than ever. IT policies may have been relaxed with regard to BYOD. But in tandem, IT has had to up its game in managing mobile devices. MDM has stepped into the breach. Organizations use MDM to remotely enroll personal devices into the enterprise systems. This allows them to monitor behavior, enforce security policies, and facilitate productivity, and detect threats and breaches.

MDM Innovation

The flood of money into MDM tools has encouraged the vendor community to innovate.
MDM solutions are becoming more sophisticated. Machine learning and AI are being incorporated to enable data and systems to be subjected to analysis. MDM systems are appearing that are able to assign or enroll devices with pre-programmed data profiles, VPN access, software, access privileges, and much more. IT now has the ability to track its dispersed workforce more easily, as well as monitor, troubleshoot, and decommission devices when the need arises. Some tools can even wipe device data in the event of theft, loss, or breach.

Virtual Reality

The marriage of MDM and various forms of virtual reality (VR) is opening new doors for field service, maintenance, and technically challenging occupations. For example, augmented reality (AR) tools are emerging that use special glasses, goggles, and headsets that allow field technicians and support personnel to compare physical equipment to digital specifications, job requests, and other information.
As the technician or field rep looks at the object, component, or system, a digital representation appears within their field of vision to verify it is the right valve to inspect, the correct place to weld, or the exact piece of equipment that needs to be removed. The best systems even allow a less experienced person to show a senior engineer (sitting far away) to see the job site so they can walk the other person through the task or answer questions.

MDM Meets Security

MDM has always had some interest in security. It was unavoidable. To manage mobile devices effectively means providing certain safeguards – if only alerting others in the enterprise to a potential situation. MDM is now heading one step further. It is merging more tightly with security applications. Syxsense, for example, provides MDM within a suite that includes integrated patch management, vulnerability scanning, security threat remediation, and IT management. This greatly enhances security while keeping mobile devices safe from malware and other cyber threats. IT can use the Syxsense Enterprise platform to spot anomalous behavior, detect strange activity at ports, at exfiltration attempts, and more.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Unified Endpoint Management

Unified Endpoint Management Enters the Mainstream

By BlogNo Comments

Unified Endpoint Management Enters the Mainstream

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Once upon a time, there was anti-virus. Then anti-spam, adware, malware protection, ransomware protection, mobile device protection, and on and on. As new threats appeared, the vendor community came out with a fix.

According to Gartner, the big trend these days is to bring all, or many, of these tools together in one integrated package. Known as Unified Endpoint Management (UEM), Gartner analyst Dan Wilson says UEM is entering the mainstream. It has achieved a market penetration of between 20% and 50%, depending on the vertical and the size of the organization.

“Unified endpoint management (UEM) tools provide agent-based and agentless management of computers and mobile devices through an employee-centric view of endpoint devices running Windows, Google Android and Chrome OS, Apple macOS, iPadOS, and iOS,” said Wilson. “UEM tools apply for data protection, device configuration and usage policies using telemetry from identities, apps, connectivity and devices. They also integrate with identity, security and remote access tools to support zero trust.”

In essence, UEM consolidates a disparate collection of tools to bring greater simplicity to endpoint management. It streamlines a great many manually intensive tasks and processes across multiple devices, platforms, and operating systems. And the field continues to evolve. Beyond unified management of a few tools, it is heading more closely towards complete integration of identity, security and remote access services while beginning to a role in support for zero-trust security initiatives. Further, analytics, machine learning, and Artificial Intelligence (AI) are also gradually being incorporated to further the goals of end-to-end automation of scanning, deployment of agents, software, updates, and patches, and remediation of threats and other issues. This not only reduces IT overhead, it helps to improve the overall employee experience while greatly improving the organizational security profile.

Gartner listed some of the advantages:
• Location-agnostic endpoint management and patching.
• Enabling the anywhere workforce.
• Reduced total cost of ownership (TCO) of managing endpoint devices.
• Simplification of device management and support processes.
• Reduced security risk through support for more device types and OSs
• Enhances policy management.
• Integration with identity, security, and remote access tools.

“IT looks to simplify and streamline endpoint deployment, management and patching to enable provisioning of new devices for remote employees, improve device performance and reliability as well as visibility across the endpoint estate, and reduce security risk,” said Wilson.

Market Evolution
There are signs, though, that the market is evolving yet again. Two distinct branches are appearing.

• UEM tools focused on endpoint management and bringing together a diverse range of tools.
• Unified Endpoint Security to unify multiple security tools under one umbrella.

Syxsense Enterprise takes things a stage further. It unified UEM and UES to create the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints. This represents the future of threat prevention as it brings everything needed for endpoint management and protection onto one console. Breaches can be detected and remediated within a single solution. The Syxsense platform can scan for all vulnerabilities on any device, block communication from an infected device to the internet, isolate endpoints, and kill malicious processes before they spread. It can automatically prioritize and deploy OS and third-party patches to all major operating systems, as well as Windows 10 feature updates. IT and security teams can use Syxsense Enterprise to collaborate on the detection and closing of attack vectors. It offers management, control, and security for any and all desktops, laptops, servers, virtual machines, and mobile devices.
For more information, visit …

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal

By BlogNo Comments

Flaws, Bugs, Zero Days, and Breaches: Welcome to the New Normal

Business Email Compromise (BEC) breaches are turning into the go-to strategy for cybercriminals. What actions should you take?

Endless bad news typically results in people becoming inured to it. The recent media 24-7 death counts on COVID-19 caused many people to switch off. It was just too much. Rating plummeted at CNN and other networks.

In IT security, there is a danger of the same thing happening with reports of flaws, bugs, zero-day attacks, ransomware heists, and breaches. Hardly a day goes by without a new one. Some are more virulent than others. But all gain some kind of coverage. It quickly becomes too much. People tend to gloss over it and worse, get on with business as usual.

At Syxsense, therefore, as a public-spirited gesture, we will quickly summarize some of the recent carnage into one short report. Yes, it is important to know what is going on and where to be vigilant. But most importantly, it is vital to know that something can always be done about it. Those enterprises that are the least prepared are the ones that suffer the most in dangerous times like these.

Recent Flaws and Breaches
Here is an incomplete list of some recent news on security issues:

JFrog Security Research identified hundreds of malicious packages designed to steal personally identifiable information (PII) in a large-scale typo-squatting attack from Azure users. A similar supply chain attack targeting German industrial companies such as Bertelsmann, Bosch, Stihl, and DB Schenker uses the npm repository to take control over infected machines.

A C programming library for IoT products has been found to be vulnerable to Domain Name System (DNS) cache-poisoning attacks. The bug generates incremental transaction identifiers in DNS response and request network communications. Patches are being developed to resolve these issues.
Google issued a supply chain attack warning about open-source software. Despite being a proponent of open source, Google voiced its support for the Package Analysis Project of the Open Source Security Foundation (OpenSSF). The goal is to automate the detection of malware introduced into popular open source repositories such as npm for JavaScript and PyPl for Python.

Plug-ins and extensions for content management systems (CMSs) are being increasingly used to hijack websites. Sucuri’s 2021 Website Threat Research Report called attention to potential issues with WordPress, Joomla, and Drupal due to vulnerable plugins and extensions.

Hackers are getting more patient. One group stayed inside a network for 18 months before striking – quietly waiting for the right opportunity. The group is known as UNC3524 also installs backdoors so normal security tools can’t completely eliminate it. If IT finds the malware and removes it, the bad guys can reinstall it almost immediately.

Phishing success continues. One criminal set up a website to look like a U.S. Department of Defense site and diverted $23.5 million to his bank account that was supposed to go to a jet fuel supplier. And an owner of a nail salon in California tricked a public school district in Michigan into wiring its monthly health insurance payment of $2.8 million to his bank account. Meanwhile, LinkedIn has emerged as the new favorite of scammers, according to Check Point. Apparently, more than half of all phishing attacks in one month used LinkedIn. The goal is to obtain login credentials and take it from there. And of course, phishing campaigns now seek to capitalize on the latest Ukraine news to tempt people to click on a malicious link or attachment. Finally, Phishing-as-a-Service has emerged to make it easy for non-technical criminals to profit from phishing scams. One group provides phishing services aimed at Coinbase, Netflix, Amazon, and eBay users.

Ransomware claims more victims. NCC Group reported that ransomware attacks increased 53% from the previous month with Industrials (34%), Consumer Cyclicals (21%), and Technology (7%) being the most targeted areas. Examples: Coca-Cola suffered a server breach and a hacking group claims it stole 161 GB of data. The FBI warned that the agriculture sector is suffering ransomware attacks timed to coincide with spring planting or fall harvesting periods.

Industrial control systems (ICS) are a new target. An FBI investigation found that custom tools now exist that can gain access to ICS platforms and supervisory control and data acquisition (SCADA). This particularly applies to programmable logic controllers (PLCs) from Schneider Electric and OMRON Sysmac NEX, as well as Open Platform Communications Unified Architecture (OPC UA) servers. If undetected, hackers could gradually work their way up the food chain and potentially take over control of an energy facility/

A Java vulnerability known as CVE-2022-21449 allows an attacker to intercept communication and messages that should have been encrypted, such as SSL communication and authentication processes. Fixes are now available.

Enhance Your Security Now
Perhaps the worst news among all this is that the above summary represents a small fraction of ongoing hacks, breaches, and vulnerabilities. Now is the time to upgrade your security profile by implementing automated tools. Syxsense Enterprise is the world’s first Unified Security and Endpoint Management (USEM) solution, delivering real-time vulnerability monitoring and instant remediation for every single endpoint in your environment, as well as IT management across all endpoints.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
Mobility Linked to Surge in Cybercrime

Mobility Linked to Surge in Cybercrime

By BlogNo Comments

Mobility Linked to Surge in Cybercrime

An endpoint ecosystem study by Mobile Mentor found a direct correlation between the rise in mobility and a recent surge in cybercrime. How can IT teams better manage the trade-off between endpoint security and the employee experience?

An endpoint ecosystem study by Mobile Mentor found a direct correlation between the rise in mobility and a recent surge in cybercrime. With the pandemic forcing people to work remotely and to rely on devices beyond the traditional desktop, the study found that cybercrime has jumped overall by 500% since the start of the COVID-19 era. Smartphones, laptops, and tablets became the tools of choice of the work-from-home (WFH) brigade. And this led to a much greater security risk, particularly in highly regulated industries.

The report highlighted a big area of difficulty for IT: the trade-off between endpoint security and the employee experience (EX). At one extreme, things can be made so secure that almost no one can access systems or communicate to anyone else. At the other end of the scale, everything is so easy to access that criminals waltz in unannounced and undetected, steal valuable data, take over user identities, gain administrative privileges, and drain corporate bank accounts.

Researchers make the point that the explosion in mobility and WFH overstretched the capabilities of many IT departments. Security, in particular, fell badly behind in an increasingly distributed and autonomous workforce world. Not only are companies getting hacked in far greater numbers, but employee frustration has risen sharply. They are resigning in greater numbers than we have seen for decades. A talent crunch is emerging right at a time when more staff are badly needed across all functions. IT and security teams are threadbare in many cases. And good IT team members can’t be counted upon to stay loyal as headhunters are always looking to lure them elsewhere with higher pay.

Study Findings
The study discovered that relatively few employees are aware of security risks and corporate policies addressing these risks. 27% of employees only view security policies once per year or less. Similarly, 39% receive security awareness training less than once per year. Out of sight, out of mind appears to be the case. Instead of constant reminders, they get a quick dose of security training or policy awareness which is soon forgotten.

In any case, 41% believe security policies restrict the way they work. They just don’t accept that they shouldn’t use a USB drive or that they should be deprived of convenient online services. For example, 53% consider that they are more efficient using Dropbox and Gmail than their approved corporate tools.

Passwords came up as another major bone of contention. 31% of people use a password management tool. The other 69% select passwords that are easy to remember. There is a link here to EX. Most users have countless passwords, pins, logins and security safeguards they are supposed to remember. For work, most have dozens of passwords when you factor in HR, production tools, financial systems, payroll, benefits, corporate intranet, VPN, and email. And then there are personal accounts which often have to be accessed during work hours such as preferred hotel sites, airlines, personal banking, personal email, and more.

The policy may require 10-character passwords and that Xd! must be included – and must be changed every month. But when so many passwords and characters are in play and password managers aren’t trusted due to being a single point of failure, sloppiness is inevitable.

Bring Your Own Device (BYOD) reared its head as another area of big risk. The study found the use of BYOD has surged over the past two years. These days, 64% of people use personal devices for work. Unfortunately, less than a third of organizations have instituted a program to enhance BYOD security. On top of that, shadow IT has become an even bigger issue. IT has lost control of the use of the approval process for apps. As they often don’t control the devices, they don’t know what’s been put on them. Even when they do have some control, the accessibility of cloud and SaaS resources can make it hard to know if some department head or staffer has subscribed to online services. Some may be very secure. But many aren’t.

Bottom line: 72% of employees values their personal privacy over company security. In such a climate, security must rise to the challenge. It must be comprehensive, but it must also not inhibit the user from performing their duties. By automating security and delivering it over the cloud, Syxsense Enterprise provides real-time vulnerability monitoring and instant remediation for every single endpoint in an environment. This represents the future of threat prevention. Breaches can now be detected and remediated within one endpoint solution, Syxsense.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo