Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest VulnerabilityMajority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability
The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.
January 14, 2015
As enterprises grow mature in their IT security practices, more of them are attributing endpoint risks to user behavior, rather than fixating on the vulnerabilities attackers ultimately use to break into systems, a new Ponemon Institute survey shows. Querying 703 IT and IT security practitioners, the State of the Endpoint study shows that 78% consider negligent or careless employees who do not follow security policies as the biggest threat to endpoint systems.
"Rather than looking to fix a particular device vulnerability with a single, silver bullet technology, this new study shows IT attributes risk to people," says Chris Merritt, director of solutions marketing for Lumension, which funded the survey. "Cybercriminals launch their attacks, and it's the job of IT and, quite frankly, every user to defend against them. This is a welcome culture shift, but unfortunately, it doesn't necessarily make things any easier."
In fact, 71% of respondents reported that managing endpoint risk has grown more difficult over the last two years. Though they reported user behavior as the biggest obstacle to managing endpoints effectively, the task is not being made any easier by the proliferation of devices connected to consumer cloud applications. Approximately 68% cite the significant increase in the number of personal devices connected to the network as a top endpoint security concern, and 66% point to the use of commercial cloud applications in the workplace as a big problem.
Meanwhile, attacks continue to accelerate. Nearly 70% of respondents said malware at the endpoint increased in severity last year. Approximately 80% of organizations reported web-borne malware as the most frequent attack vector, and the biggest increases in attacks came by way of zero-day attacks, APTs, and spearphishing. The applications most likely to be used by attackers were Adobe applications, applications using Java, and third-party cloud productivity apps.
The combination of user risks, proliferation of devices and apps, and increased attacks has 68% of organizations reporting that endpoint security is becoming a more important component of their overall IT security strategy.
"IT continues to battle malware at the endpoint," said Dr. Larry Ponemon, chairman of the Ponemon Institute. "While it is positive news that companies are making the security of endpoints a higher priority, to win the war they need to recognize the criticality of minimizing employee negligence and investing in technologies that improve the ability to detect malicious attacks."
Those investments will continue to grow at many organizations, with 45% of respondents reporting that they'll get more money to spend on security in 2015. As they figure out how to spend it, 95% of organizations report that they're moving away from prevention-oriented strategy and toward a detect-and-respond approach. They'll do that by employing big data and threat intelligence to analyze threats better in real-time.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
Passwords Are Passe: Next Gen Authentication Addresses Today's Threats
How to Deploy Zero Trust for Remote Workforce Security
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Gone Phishing: How to Defend Against Persistent Phishing Attempts Targeting Your Organization
Building Immunity: The 2021 Healthcare and Pharmaceutical Industry Cyber Threat Landscape Report
Build a Case for a Password Manager