More and more security leaders are being faced with an interesting challenge: satisfying the growing need of employees to have every new device under the sun at their disposal while maintaining robust organizational security.
Today’s workers spend at least some of their work time using personal devices, with many opting to use personally acquired AI applications for work. That means IT and security teams have to account for more devices and more applications across maintenance, management, security, and compliance. And with AI applications proliferating at the endpoint, organizations are entering a new era of complexity and unknowns.
The shift is a growing concern as the threat landscape continues to grow more severe as adversaries tap into the multiplying power of AI. According to Darktrace, 74% of organizations say AI-powered threats are a major challenge, and 90% expect these threats to significantly impact them over the next 1-2 years.
So, how can security teams balance employee expectations with operational security —without slowing down innovation? It starts with having a solid, secure foundation in place.
Satisfying a growing employee base
Qualtrics found that employees are 230% more engaged and 85% more likely to stay in a job longer than three years if they have the right technology at their disposal to do the job well. Offering flexibility in devices and applications is critical to attracting and retaining top talent. But more choice at the endpoint also means more risk, and more potential for exploitation. Each device becomes a possible entry point for both technical vulnerabilities and human ones, too.
Phishing is now the No. 1 initial attack vector for breaches, responsible for 41% of all successful incidents. The most effective defense? Proactive, ongoing education. Empowering employees to recognize and report suspicious activity reduces the risk of compromise. It’s no longer a question of if an endpoint will be targeted — it’s when and how prepared your organization is to respond.
Rubber meeting road: Fortifying your endpoints
One of the most foundational aspects of endpoint security is patching and it’s critical to patch often. The average organization takes 60 to 150 days to patch vulnerabilities. That’s an incredibly long time for bad actors to find their way into your devices, move laterally through datacenters, and potentially infect your software supply chain.
Now, thanks to advances in AI, capabilities like AI-enabled patch sentiment analysis can help make the patching process easier—enabling InfoSec teams to make more informed decisions and act quickly. Another way organizations should be thinking about bolstering their endpoint estate is with endpoint detection and response (EDR) tools that can quickly detect deviations from typical endpoint behavior and remediate risk. Organizations like CrowdStrike and SentinelOne do this exceptionally well.
CIOs or CISOs should also be thinking about configuration management. Are your firewalls enabled? Are you allowing unfiltered access across websites? What kind of new applications are you allowing your employees to install, and what are you allowing employees to touch or manipulate on their devices?
As more IT leaders look to balance enabling innovation and productivity gains with organizational security, these are the kinds of questions they should be asking. At the end of the day, innovation is only as strong as your underlying security. The best way to keep your employees happy, enabling them to take advantage of the latest “shiny new toys” while keeping your organization secure, is by equipping them with the right education, foundation, and resources needed to do so.
