Connect with us

Hi, what are you looking for?


Risk Management

Today’s Cyber Defense Challenges: Complexity and a False Sense of Security

Industry standard frameworks and guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats.

There are quite a few industry standards (e.g., ISO/IEC 27001, PCI DSS 4.0) and government regulations (e.g., HIPAA, FISMA, CISA) that provide practical advice on what security controls to establish to minimize an organization’s risk exposure.

Unfortunately, these guidelines often lead organizations to believe that deploying more security solutions will result in greater protection against threats. However, the truth of the matter is very different. Gartner estimates that global spending on IT security and risk management solutions will exceed $189.7 billion annually in 2023, yet the breaches keep on coming (e.g., Constellation Software, NextGen Healthcare, San Bernardino County Sheriff’s Department). As it turns out, purchasing more security tools only adds to complexity in enterprise environments and creates a false sense of security that contributes to today’s cybersecurity challenges.

To add to the dilemma, the new work-from-anywhere model is putting a strain on IT and security teams. Employees shifting between corporate and off-corporate networks are creating visibility and control challenges, which are impacting those teams’ ability to diagnose and remediate end user issues and minimize cybersecurity risks. In addition, they have to deal with a broad mix of networks, hardware, business and security applications, operating system (OS) versions, and patches.

A Complex Environment

As an example, according to the 2023 Resilience Index (PDF) more than 80% of devices use the Microsoft® Windows® OS, with the large majority on Windows 10. At first glance, this might appear homogenous and easy to manage; however, the reality is that IT practitioners are struggling to keep their employees’ endpoints up to date with 14 different versions and more than 800 builds and patches present.

Adding to the complexity IT and security teams must deal with, is the number of installed applications on devices. According to the same report, there are 67 applications installed on the average enterprise device, with 10% of those devices having more than 100 applications installed.

The sheer number of applications installed on enterprise devices – as well as the variety of operating system versions and builds – make it difficult for IT and security teams to maintain those apps or patch them. This situation negatively impacts their ability to minimize exposure to known vulnerabilities. In turn, it’s not surprising that it takes on average 149 days for small companies, 151 days for medium and large enterprises, and 158 days for very large organizations to patch their endpoints’ operating systems.

Advertisement. Scroll to continue reading.

A False Sense of Security

To address a new challenge or threat, enterprises often purchase more solutions. Organizations are spending tens of billions of dollars annually on endpoint security alone. In turn, it’s not surprising that there are more than 11 security applications installed on the average work-issued laptop.

An enterprise’s security posture is only as strong as the security controls that support it. If left unchecked, every security control deployed on the endpoint represents a potential vulnerability if it is not running and able to perform its job. Common decay, unintentional deletion, or malicious actions all impact the integrity and efficacy of security applications and endpoint management tools.

And while IT and security practitioners agree that security tools like Endpoint Protection Platform (EPP), Endpoint Detection and Response (EDR), anti-virus, etc. are essential to defend against attacks, they lack visibility into the tools’ security efficacy. The 2023 Resilience Index data shows that 25 – 30% of devices had unhealthy security controls, emphasizing that it’s not about deploying security controls but instead making sure that they’re always functioning as intended.

In this context, we cannot forget about remote access applications, as they have become the lifeline to enterprises. Mobile workers require secure, but frictionless access to corporate resources that nowadays can reside anywhere. That’s why these technologies have become the intersection between endpoints and corporate networks. In turn, it is essential that the integrity of these tools is not tampered with. However, the data shows these critical tools are either not installed or are not at the required version level on more than 30% of devices, exposing organizations to unnecessary risk.

Making Security Work

That’s why cyber resilience matters, which according to MITRE “is the ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources.” The need for cyber resilience arises from the growing realization that traditional security measures are no longer enough to protect systems, data, and the network from compromise. The objective of cyber resilience is to ensure that an adverse cyber event, whether intentional or unintentional, does not negatively impact the confidentiality, integrity, and availability of an organization’s business operation.

Cyber resilience strategies encompass, but are not limited to the following best practices:

  • Maintain a trusted connection with endpoints to detect unsafe behaviors or conditions that could put sensitive data at risk. This includes having granular visibility and control over endpoint hardware, operating systems, applications, and data gathered on the device. This always-on connectivity can help with reimaging the operating system in case of a ransomware attack.
  • Monitor and repair misconfigurations (automatically when possible), as organizations cannot assume that the health of their IT controls or security will remain stable over time.
  • Monitor network connectivity status, security posture, and potential threat exposure to enforce acceptable use via dynamic Web filtering.
  • Enforce dynamic, contextual network access policies to grant access for people, devices, or applications. This entails analyzing device posture, application health, network connection security, as well as user activity to subsequently enforce pre-defined policies at the endpoint rather than via a centralized proxy.

Ultimately, it’s all about strengthening an organization’s compliance posture, assuring secure and reliable network access, and making sure that employees can confidently get to work, and keep working, no matter where risk finds them.

Written By

Torsten George is a cybersecurity evangelist at Absolute Software, which helps organizations establish resilient security controls on endpoints. He also serves as strategic advisory board member at vulnerability risk management software vendor, NopSec. He is an internationally recognized IT security expert, author, and speaker. Torsten has been part of the global IT security community for more than 27 years and regularly provides commentary and publishes articles on data breaches, insider threats, compliance frameworks, and IT security best practices. He is also the co-author of the Zero Trust Privilege For Dummies book. Torsten has held executive level positions with Centrify, RiskSense, RiskVision (acquired by Resolver, Inc.), ActivIdentity (acquired by HID® Global, an ASSA ABLOY™ Group brand), Digital Link, and Everdream Corporation (acquired by Dell).

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Risk Management

In this virtual summit, SecurityWeek brings together expert defenders to share best practices around reducing attack surfaces in modern computing.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.