Endpoint

6/13/2017
01:04 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Businesses Spend 1,156 Hours Per Week on Endpoint Security

Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.

Insecure endpoints are an expensive risk and difficult to address. Businesses spend millions of dollars, and hundreds of hours, on detecting and containing endpoint alerts but can't come close to catching them all.

A new study entitled "The Cost of Insecure Endpoints," commissioned by Absolute and conducted by the Ponemon Institute, polled 556 IT and IT security practitioners responsible for detecting, evaluating, and/or containing insecure endpoints within their organizations.

The businesses in this study manage an average of approximately 27,364 endpoints, nearly half (55%) of which contain sensitive or confidential information. These endpoints generate nearly 615 alerts in a typical week, nearly 60% of which involve malware infections.

An average of 1,156 hours is spent each week on detecting and containing insecure endpoints. Less than half (45%) of the 615 alerts are considered reliable, and only 115 are actually investigated.

"That's a lot of time for your security staff to be analyzing whether an alert is reliable or not," says Richard Henderson, global security strategist for Absolute. "You need a big team to investigate that many unique alerts per week."

Organizations spend an average of $3.4 million in resources to figure out the amount of hours spent each week on detection and containment of insecure endpoints. They can spend up to $6 million each year on the time it takes to find and lock insecure endpoints, hours wasted on erroneous alerts, and unplanned downtime and business interruption for employees.

Many alerts can be investigated in five to 10 minutes; the problem, he says, is this time quickly adds up and many alerts go unaddressed. The average cost of each failed endpoint is $612.45.

The struggle to properly secure endpoints is leaving businesses vulnerable to threats like ransomware, which has "changed the landscape" for endpoint security in the last couple of years, he explains.

"Ransomware is not going to go away any time soon because companies continue to pay," he says. The problem would not be as severe if data was properly secured, employees practiced good data hygiene, and patches were implemented upon release.

Most people neglect to patch their systems, researchers found. Three-quarters of respondents said the most commonly found security gap on their endpoint is out-of-date or unpatched software.

"You might as well just leave the bank vault open and leave the money for the robber," Henderson says of unpatched systems.

Endpoint security will continue to be a problem as new employees bring their own devices into the workplace. Businesses will look to automation to offset the cost and challenges of finding and hiring security talent.

"The future is going to be semi-automated or fully automated for most security technologies," Henderson notes. Organizations will need to farm out traffic monitoring across endpoints, and trust their systems to assess what's important and weed out unnecessary info. Researchers found only 40% of businesses use automated tools to evaluate threats.

The problem is, most security teams don't have the budget to afford new automated systems, either. More than half (51%) say cost stops them from buying these tools; 44% cite complexity as an issue and 30% claim lack of confidence in the products.

Henderson acknowledges the high cost of tech can be a burden in security. It's tough to justify the price of expensive tools when a sign of their effectiveness is a lack of alerts or other activity.

"Security teams don't get whatever they need," he says, debunking a popular misconception among business workers. "Companies have finite budgets, and they need to scrape for every inch or every cent they get in infosec."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
No SOPA
50%
50%
No SOPA,
User Rank: Ninja
6/13/2017 | 5:49:44 PM
Business Model for InfoSec Contract Firms
These stats are a good example of how the business model for contract firms handling only endpoint security has great potential to be successful in the long term.  Looking at the current ecosystem of the industry, with high-end automation tools often intimidating smaller business, contracting out to firms who do custom coding or leverage free and open source (FOSS) security solutions may make sense from an economic standpoint.  I'm not sure how many of these organizations who are hurting are actually already using firms like this, but I suspect most were trying to use their own in-house IT talent to chase down the holes.  There are lots of excellent tactical security teams out there who do more than just investigate specific exploits but also strategize ways to best leverage smaller automation tools mixed with "intuition" based on years and variety of experience to aid these same businesses achieve higher levels of security without wasting their own IT resources.
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-3906
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 contains hardcoded credentials in the WCF service on port 9003. An authenticated remote attacker can use these credentials to access the badge system database and modify its contents.
CVE-2019-3907
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).
CVE-2019-3908
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 stores backup files as encrypted zip files. The password to the zip is hard-coded and unchangeable. An attacker with access to these backups can decrypt them and obtain sensitive data.
CVE-2019-3909
PUBLISHED: 2019-01-18
Premisys Identicard version 3.1.190 database uses default credentials. Users are unable to change the credentials without vendor intervention.
CVE-2019-3910
PUBLISHED: 2019-01-18
Crestron AM-100 before firmware version 1.6.0.2 contains an authentication bypass in the web interface's return.cgi script. Unauthenticated remote users can use the bypass to access some administrator functionality such as configuring update sources and rebooting the device.