Endpoint Security IT Asset Management

4 Recent Data Breaches that Originated on the Endpoint

August 26, 2019

As data breaches become more frequent, organizations must focus on securing endpoints to prevent vulnerabilities and mitigate the risks of costly breaches.

It’s projected that worldwide end-user spending on information security will reach $212 billion in 2025, an increase of 15.1% from 2024, according to Gartner’s latest forecast. This growth highlights the continued urgency of investing in cybersecurity, as organizations allocate more resources to safeguarding their digital assets. Despite these investments, however, data breaches originating from endpoints continue to rise in both frequency and severity.

As businesses focus on scaling their security infrastructure to keep pace with rising threats, endpoint resilience has become more critical than ever. Organizations must ensure that their security tools are not only in place but also continuously optimized to withstand evolving attacks, particularly those targeting endpoint vulnerabilities.

A study by Ponemon found that two-thirds of companies were compromised by attacks that originated on their endpoints in 2018. These attacks can be devastating to an organization in terms of fines, reputational damage, lawsuits, and irreparable damage to customer trust. Separately, the 2019 Cost of a Data Breach study, also from Ponemon, found:

  • $3.92 million: Average cost of a data breach
  • 25,575 records: Average size of a data breach
  • $150: Average cost per lost or stolen record
  • 279 days: Average time to identify and contain a breach

When IT security spending is increasing, why are endpoint attacks still so common? A new primary research study by Absolute discovered that a lot of security spending is done in vain since the efficacy of endpoint security tools diminishes significantly over time — unless those tools are deliberately controlled to improve endpoint resilience.  Endpoint security is endpoint resilience. The spend levels indicate that there is no scarcity of tools and controls to help make these things safe. The problem is that those things are not naturally resilient. On the contrary they are fragile. The door is ajar and the compromise happens not because there are no guards, but because the guards got into a turf battle with one another, got wounded or killed, and then the main goal of keep-the-real-enemy-away was lost. They fight, they conflict, they collide, and where there is friction there is decay. This zero-sum competition reveals how lacking in resilience they are—they can’t stay there.

Avoidable Data Breaches

Results from Forrester’s latest security survey found that 15 percent of breaches are still caused by lost or missing devices. With one laptop stolen every 53 seconds, it is wise to ensure you have measures in place to prevent putting your data at risk. Let’s look at four recent breaches that originated on the endpoint to examine what you could do now to avoid a similar fate.

  1. Eir: Stolen laptop had been decrypted by a faulty security update the previous working day.
  2. Raley's: Stolen laptop. Company could not confirm that encryption was in place.
  3. Health Plan: Stolen laptop. Company could not confirm that encryption was in place.
  4. Government of Canada: Stolen laptop was a new device. The encryption process either failed or was missed.

Irish telecom company, Eir leaks data of 37,000 customers

In August 2018, the data of 37,000 customers of Ireland’s largest telecom provider, Eir, was compromised when an unencrypted device was stolen from outside an office building. The laptop contained personally identifiable information (PII) including names, email addresses, phone numbers, and Eir account numbers. The laptop had been decrypted by a faulty security update the previous working day. Because of the nature of the breach, the company was forced to report the incident to the police as well as the Data Protection Commissioner. Under new European GDPR rules, companies face higher fines and punitive action for losing or misusing customer information.

Stolen laptop exposes data of 10,000 Raley’s customers

In September 2018, Raley’s experienced a data breach affecting 10,000 pharmacy customers. The data on the laptop included patients’ first and last names, gender, date of birth, medical conditions, healthcare plans, and identification numbers, prescription drug records, and Raley’s Pharmacy visit dates and locations. Raley’s could not confirm whether the data had been accessed or misused, nor could they confirm if encryption was in place. The company responded quickly to notify authorities, the press, and the people affected and has since put encryption in place added encryption to all laptops.

Stolen laptop compromises Houston’s Health Plan

In February 2018, a laptop stolen from an employee's car may have contained PHI records of the city’s staff, including names, addresses, dates of birth, social security numbers, and medical information. The organization couldn't tell if data was accessed or if encryption was in place, so they had no choice but to treat the incident as a data breach. It took 21 days for the City to notify police. Generally speaking, any delay in notifying authorities about a breach is not looked on favorably by the regulators who reward quick, decisive action.

Stolen laptop exposes health data of 80 percent of NWT residents

In May 2018, a laptop was stolen from a locked vehicle in Ottawa, Ontario containing protected health information (PHI) of 33,661 residents of Canada’s Northwest Territories. The data included names of patients’ names, their birth dates, home communities, healthcare numbers, and, in some cases, medical conditions. The stolen laptop was a new device so the encryption process either failed or was missed. Officials waited over a month before disclosing the breach publicly, and the department now faces stricter rules around remote workers and removing devices from the confines of the physical office location. These examples show how easy an unnecessary breach can occur. There is a common thread across all of these cases — a lack of endpoint visibility and an inability to prove that:

  • All security technology was in place and functioning at the time the device went missing
  • No data was accessed post incident
  • The device was remotely disabled and all personal data was deleted

If you don’t have visibility into your devices, you must presume that the data on that device was breached and follow the relevant breach notification processes in your industry or region.

Back to Basics on Endpoint Security

According to the 2019 Endpoint Security Trends report, when it comes to endpoint security, less may, in fact, be more. This is reflected in wider industry trends as IT and security and risk professionals focus on streamlining and simplifying when it comes to securing their organizations’ data. We need to get back to the basics of cybersecurity and hone in on the three ingredients for ensuring data protection at scale — people, process, and technology.

To learn more about the inevitable decay of endpoint security tools and what to do about it, read the full 2019 Endpoint Security Trends Report.

Closing Thoughts

Endpoint security remains one of the most critical aspects of a comprehensive cybersecurity strategy, especially as organizations continue to operate in a hybrid and remote world. With endpoint attacks on the rise, it is essential to adopt a resilience-focused approach to cybersecurity. Cyber resilience ensures that even in the event of a breach, your organization can recover quickly without significant financial or reputational damage.

For organizations to stay ahead of the curve, a focus on robust endpoint protection, visibility, and constant monitoring is vital. As outlined by WatchGuard's findings on endpoint data breaches, over 60% of corporate endpoints have been targeted by cybercriminals, underlining the importance of addressing security gaps proactively.

With the increasing prevalence of cyberattacks, especially in the age of remote work, organizations must ensure their endpoint security tools are resilient and capable of recovering from disruptions. It’s crucial to stay informed about the latest trends and challenges in the industry, which is why Cybersecurity Dive's analysis of the surge in Infosec spending offers key insights into how businesses are investing in the future of security.

Embracing a cybersecurity strategy that prioritizes resilience is not only about preventing attacks, but also about ensuring your organization can adapt and recover when faced with inevitable breaches. By strengthening your endpoint security resilience, you can safeguard your business against the risks of data breaches and continue to operate with confidence, no matter the challenges ahead.

Find Out More

Ensure your organization is always protected with resilient cybersecurity solutions. Discover how our approach can secure your endpoints effectively.

Stay Connected

Want to stay connected? You’ve got options. Explore our resource library, follow us on LinkedIn, or book a demo to see our solutions in action.

About Absolute

Simply put: we’re undeletable. Embedded in more than 600 million devices, our cyber resilience platform delivers endpoint-to-network access security coverage, ensures automated security compliance, and enables operational continuity. Nearly 21,000 global customers rely on Absolute to protect critical assets and keep security applications running smoothly. Building lasting cyber resilience is our promise — are you ready?

Endpoint Security IT Asset Management

Share this article

Financial Services