Torsten George, Absolute Software: schools are now the top target for ransomware attackers
As the global pandemic continues to transform the workplace, companies need to reevaluate their policies and procedures in order to accommodate the coming changes. As they struggle to adapt to the hybrid workplace model, Endpoint Resilience becomes critical for any organization looking to optimise their transition to remote work.
As company devices become increasingly (and sometimes unevenly) distributed across the hybrid workforce, organizations can no longer solely rely on network and perimeter-based security controls to protect their data. At the point when critical controls go offline, it becomes nearly impossible to protect and manage vulnerable workplace devices and the data they store.
Torsten George, vice president of product marketing at Absolute Software, shares how Endpoint Resilience can help organizations combine physical and digital device security in the face of a pandemic.
According to your website, Absolute is a bit different now from what it was back when you started in 1993. Tell us more about the evolution of the company.
Absolute started more than two decades ago as an IT asset management company that could locate and retrieve lost or stolen laptops. We are the only endpoint security provider in the world that is rooted in the hardware of laptops and PCs from more than 28 leading manufacturers, allowing us to provide an unbreakable digital tether between an endpoint device and the organization that distributed it.
Our unique firmware-embedded position — and patented Absolute Persistence technology — enables our customers to always know where their endpoints are, maintain visibility and control of those devices remotely, as well as take action to lock, wipe, or reclaim them when needed.
At Absolute, we have talked extensively about the decades of increased spend that have resulted in many layers of security on users’ devices. As providers across the cybersecurity industry have introduced more security layers, we have also seen increased complexity, and that complexity contributes to risk. When critical controls go offline, devices are no longer able to be protected and managed. The device, the data, and the user become vulnerable.
Because Absolute is sitting in the hardware, we can make sure that critical controls are working effectively to secure devices and applications. And we can give them the ability to heal themselves if they fall down or stop working, ultimately protecting the people and data. We call this Endpoint Resilience, a concept and critical capability that Absolute has pioneered since 2019. And in the work and learn-from-anywhere era, the value of Endpoint Resilience has become undeniable.
You put a lot of emphasis on self-healing endpoints. Could you tell us more about this concept?
Self-healing as a concept really ruminates in two important dimensions: the device and its applications. The ability to self-heal is a central component of Endpoint Resilience. Devices equipped with Endpoint Resilience capabilities are able to ensure connectivity, visibility, and control, and can recover automatically from any state to a secure operational state without user intervention.
With Absolute, organizations are able to ensure the highest level of Endpoint Resilience by pinpointing when applications are in decay, impeded, disabled, or uninstalled. And they can autonomously self-heal their mission-critical apps by automatically repairing or reinstalling them without user intervention. This ensures they stay healthy, installed, and delivering their intended value.
Ultimately, they can enable more than 40 leading endpoint security and productivity tools to autonomously self-heal, or recover automatically without user intervention.
It seems like education security is an important concept for Absolute, and your recent K-12 report covers just that. What were the key findings?
This year’s report revealed the significant management and security challenges faced by K-12 education IT teams with the rise in digital learning and widespread adoption of 1:1 device programs.
Throughout 2020 and 2021, school districts expanded their device fleets by hundreds or thousands, in many cases introducing new operating systems or aging machines to the mix. The scramble to stand up 1:1 programs meant that standard procedures were sometimes overlooked, with the resulting lack of visibility placing new management and security challenges on already-taxed IT teams.
Digital learning was embraced, with devices used more frequently — and from more locations — than ever before. In a recent report of Absolute customers, it was found that year-over-year movement of devices increased by 48%, contributing to a 45% increase in devices reported as missing or stolen in spring 2021 versus spring 2020. Thus, new requirements were introduced to monitor adoption, justify expenditures, and ensure the safety of students online.
The new ‘learn-from-anywhere’ dynamic underscores the critical need for complete visibility and control over all student and staff devices, especially when off the school network. Embedded in the firmware of over half a billion Windows devices and extendable to Chrome OS and macOS, Absolute enables education IT teams with a permanent connection to all devices and delivers continuous visibility, control, and intelligence across devices, data, and applications.
With much of the schoolwork digitized, what are the main security risks, and what is the worst that can happen when a device is compromised?
The disruption caused by digital learning – and the flurry of new technologies needed to support it – has certainly left schools increasingly vulnerable to security risks and potential attacks. New applications, delays in patching, and failing security controls added complexity and vulnerabilities to environments where security had often been an afterthought. This has opened up new potential attack vectors for cybercriminals and placed student and school safety at risk.
Schools are now the top target for ransomware attackers, according to the FBI, with 57 percent of all reported ransomware attacks in August and September 2020 targeting K-12 institutions.
And should these vulnerabilities be exploited, the risk is significant. The endpoint is the new network edge, and the primary attack surface is literally in the hands of children. Almost one-third of education devices studied in our annual report contained sensitive data — nearly half of which was social security data, and 39% of which was protected health information.
Although long underfunded and under-resourced, cybersecurity in education must now step to the forefront. Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working at all times.
Did you run into any challenges during the pandemic? Were there any new threats you had to adapt your services to?
Over the past year and a half, organizations around the world experienced a series of events that brought a tremendous amount of focus on how to secure remote devices. Overnight, our customers quickly mobilized their employees and sent them home to work remotely. With that shift, IT and security teams went from separately managing security and compliance for remote workers to becoming an IT and security standard to follow for the modern enterprise. And as a result, we’ve seen strong demand for Endpoint Resilience.
The world of work will continue to evolve long after the global health pandemic has been beaten, and successful organizations will navigate the change with insight, agility, and resilience.
This is where Absolute comes in. The need for a permanent device connection, and the ability to monitor and remediate devices remotely, has never been clearer. By providing a trusted, secure connection to devices and data, and the ability to heal critical security controls and ensure they are working as intended, we are providing the tools and the confidence that our customers need to re-imagine and rebuild the way they operate.
With work from home becoming the new norm, organizations rush to secure their workloads using VPNs or cloud services while device management and protection get overlooked. Why do you think that is the case?
An estimated 16 million US employees were sent home and instructed to work remotely, while governments around the world implemented widespread school closures impacting over 90 percent of the world’s student population. We saw a largely reactive response from many organizations as they were forced to quickly and haphazardly send devices home with employees and students.
This result placed IT and security teams under immediate and immense, pressure to quickly stand up work-from-home or learn-from-home environments. They have been stretched to the limit trying to combat misconfigured VPN applications and ensure continued connectivity, or overcome OS migration and fragmentation issues to keep devices healthy without physical access to those devices. But it’s these cracks in security policies — delays in patching and controls that stop working effectively — that exponentially increase risk exposure and create opportunities for malicious attackers. This isn’t just a hypothetical, either — a recent Ponemon Institute survey revealed that 68 percent of organizations suffered a successful endpoint attack within the last 12 months.
As the world continues to migrate to work and learn-from-anywhere environments, it has become abundantly clear that we can no longer rely solely on network- or appliance-based security applications. It is no longer an option for enterprise and education organizations to deprioritize the risks associated with endpoint devices. Enabling employees to connect and remain productive no matter where they are, while also keeping company devices, applications, and data protected, is a critical capability defining the future of work.
Besides providing security solutions, you also offer recovery services when a physical device is stolen or lost. Can you walk us through this process?
When a device is stolen or missing, Absolute enables organizations to combine the power of our firmware-embedded Persistence technology, which maintains a self-healing connection to devices to track them at all times, even off the corporate network or in the hands of an unauthorized user, with an in-house expert team to conduct the investigation. Our Investigations team has a combined total of nearly 115 years of experience in locating our customers’ missing and stolen devices, and most came to Absolute after full careers with various local, state, and federal law enforcement agencies.
In addition to recovering the missing or stolen asset, Absolute Investigators are also typically able to establish links from a device user back to your location, and conclusively determine that the user of the device was a current or former employee, contractor, student, visitor, etc.
Finding out about the root cause of an incident allows the organization to address vulnerabilities that threaten sensitive data, such as personally identifiable information (PII) or electronically protected health information (ePHI), as well as physical assets, and prevent similar incidents in the future.
We also offer Device Reclamation-as-a-Service, which enables schools to outsource year-end device collection to the Absolute team. Our specialists track, geolocate, and secure devices, as well as contact users, to get the devices back. Using multiple communication attempts to parents and students using various channels — combined with the ability to remotely manage, lock, and track a device with Absolute — our team manages the entire process to minimize device loss and IT frustration.
What can a regular person do as soon as they notice their device is missing? Are there any measures that can make the subsequent recovery process smoother?
Without Absolute in the picture, regular computer users would be left with relying on traditional tracking technology (e.g., Tile or the new Apple AirTag), which can be easily bypassed by malicious threat actors. To minimize their risk exposure, all that they could do in this situation is to change their passwords across all their accounts to avoid that a threat actor compromises their credentials by simply having access to the missing endpoint.
Your chance of recovery and risk reduction increases dramatically when dealing with an Absolute-enabled device. In this case, the user can report the missing device to the IT team, and they can immediately leverage the geolocation capabilities, allowing them to pinpoint the device’s location. They can immediately freeze lost or stolen devices and if needed, remotely and selectively wipe data from at-risk endpoints.
In this context, it might be important to know that Absolute not only serves commercial and public sector entities but also provides Absolute Home & Office for small businesses and consumers.
Share with us, what’s next for Absolute?
Organizations are realizing that the world can change on a dime, and the foundation of their endpoint management strategy needs to be flexible and able to respond without compromising either the security posture or the user experience.
With 90 percent of businesses preparing for some, if not all, employees to work remotely, a new ‘work from anywhere era’ has emerged. One that re-imagines endpoint access and network security to require resilience and intelligence that delivers secure user access based on a Zero Trust model.
To meet these evolving needs, we recently acquired a company called NetMotion — allowing us to bring together the power of self-healing devices and applications with a resilient network connection to deliver the next generation of Endpoint Resilience. Adding network access capabilities is a natural evolution and promises to meet the changing needs of our customers. We’re raising the bar on security by providing a platform that delivers unmatched visibility to the remote work experience, supported by a broader portfolio of data and analytics and expanded self-healing capabilities during a time of hypermobility.