The shift to a more distributed work environment and an increase in digital transformation initiatives have motivated organizations to bolster their endpoint security defenses. However, end users continue to be a major source of worry for IT and security decision-makers, according to the latest Dark Reading survey.
Phishing, malware, and ransomware pose major threats to organizations, as do attacks involving credential theft. An overwhelming 93% of IT and security professionals in Dark Reading’s "2022 Endpoint Security Survey" cite the growing number of ransomware attacks as the reason behind increased investments in endpoint security. Similarly, 83% say the increase in attacks using end-user credentials spurred their endpoint investments.
End users pose one of the biggest threats to the organization, as 87% expect that if attackers wanted to steal the organization’s data, they would begin by targeting a single end user.
Concerns about the end user are not new. Verizon’s "2021 Data Breach Investigations Report" found that 85% of the breaches it investigated in 2020 involved end users in some way – such as stolen account credentials, incorrectly assigned privileges or elevated privileges, social engineering, and user error.
IT and security professionals are looking at how they manage authentication and end-user access privileges. A solid 85% of respondents express confidence in their organizations’ ability to manage end-user access privileges, and 79% say the same about authentication. There was a similar level of confidence in security awareness training, with 77% saying their organizations’ current approach was effective.
However, organizations are less confident about their ability to detect insider threats. Only 56% of the survey respondents are confident the security team would know immediately that an end user was trying to steal or exfiltrate corporate data.