Nearly half of all the devices that US companies depend on are vulnerable to bad actors, according to a new report.
Virtually every US company needs a remote network of devices of laptops, smartphones, and tablets in order to function. But a large portion of those devices can't be monitored in any way by IT teams or are simply running outdated operating systems — two major risks that leave them open to attacks.
Remote work is a modern solution to keeping a company competitive while offering employees the flexibility they need to avoid burnout. Still, the cybersecurity issues surrounding internet-connected tech are far from solved.
Companies Don't Have Enough Distribution Points
The study, released today from Adaptiva and the Ponemon Institute, surveyed over 600 IT companies and security experts to gain an understanding of the average US enterprise's approach to online security. It's not great news.
The biggest point of concern was what the report calls “unprecedented distribution point sprawl” – more remote devices (or endpoint devices) means that companies need more distribution devices to update and monitor the remote ones. But they don't have enough, as the report explains:
“Roughly 23,000 distribution points are now needed to manage an average of 135,000 devices. That’s one distribution point for every six endpoints – and is the biggest threat to endpoint security for 34% of survey respondents.”
This sprawl has gotten worse and worse, more than half of respondents say, for the past two years. That's about how long companies have been leaning into remote work, spurred initially by the Covid-19 pandemic and continuing afterwards in part due to employee preference.
What's the Solution?
One third of respondents say they have been effective at reducing this issue, so the chances of reversing this problem aren't a lost cause.
Expect plenty of IT organizations to prioritize fixing distribution sprawl across the next few years, most likely by adding more robust distribution points.
They'll have to move quick, as the security implications are already clear, according to the new survey: Over half of the organizations reported having weathered five or more attacks on average across all endpoints in the past year. It's a costly problem: On average, each attack cost around $360,000 for a total loss of $1.8 million per year.
Staying Safe with Remote Work
Some companies are pushing for a return to in-person work, but the data shows they'd be wiser to listen to their employees' needs.
A recent study by economists Jose Maria Barrero, Nicholas Bloom, Steven J. Davis, Brent H. Meyer, and Emil Mihaylov gathered responses from 500 US companies and determined that employees will accept lower pay in order to work remotely. So, any companies that offers remote work can alleviate their wage growth issues while keeping employees happy. And with fewer cars commuting, it's even better for the environment.
The only catch is that businesses will need to invest in growing their distribution points while keeping their security iron clad. Penny pinching now, these studies indicate, could keep that average loss of $1.8 million each year going strong, or even increasing.
We'd recommend finding a high-quality remote desktop software, issuing trustworthy antivirus solutions to all business devices, and shelling out for a company password manager tool to keep employees from falling for a phishing scam.
Still, with the revelation from a recent Tech.co-exclusive report that over 70% of small businesses have failed to prioritize cybersecurity, we'll need to see a sweeping change before these device vulnerabilities are meaningfully addressed.