01:04 PM
Connect Directly

Businesses Spend 1,156 Hours Per Week on Endpoint Security

Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.

Insecure endpoints are an expensive risk and difficult to address. Businesses spend millions of dollars, and hundreds of hours, on detecting and containing endpoint alerts but can't come close to catching them all.

A new study entitled "The Cost of Insecure Endpoints," commissioned by Absolute and conducted by the Ponemon Institute, polled 556 IT and IT security practitioners responsible for detecting, evaluating, and/or containing insecure endpoints within their organizations.

The businesses in this study manage an average of approximately 27,364 endpoints, nearly half (55%) of which contain sensitive or confidential information. These endpoints generate nearly 615 alerts in a typical week, nearly 60% of which involve malware infections.

An average of 1,156 hours is spent each week on detecting and containing insecure endpoints. Less than half (45%) of the 615 alerts are considered reliable, and only 115 are actually investigated.

"That's a lot of time for your security staff to be analyzing whether an alert is reliable or not," says Richard Henderson, global security strategist for Absolute. "You need a big team to investigate that many unique alerts per week."

Organizations spend an average of $3.4 million in resources to figure out the amount of hours spent each week on detection and containment of insecure endpoints. They can spend up to $6 million each year on the time it takes to find and lock insecure endpoints, hours wasted on erroneous alerts, and unplanned downtime and business interruption for employees.

Many alerts can be investigated in five to 10 minutes; the problem, he says, is this time quickly adds up and many alerts go unaddressed. The average cost of each failed endpoint is $612.45.

The struggle to properly secure endpoints is leaving businesses vulnerable to threats like ransomware, which has "changed the landscape" for endpoint security in the last couple of years, he explains.

"Ransomware is not going to go away any time soon because companies continue to pay," he says. The problem would not be as severe if data was properly secured, employees practiced good data hygiene, and patches were implemented upon release.

Most people neglect to patch their systems, researchers found. Three-quarters of respondents said the most commonly found security gap on their endpoint is out-of-date or unpatched software.

"You might as well just leave the bank vault open and leave the money for the robber," Henderson says of unpatched systems.

Endpoint security will continue to be a problem as new employees bring their own devices into the workplace. Businesses will look to automation to offset the cost and challenges of finding and hiring security talent.

"The future is going to be semi-automated or fully automated for most security technologies," Henderson notes. Organizations will need to farm out traffic monitoring across endpoints, and trust their systems to assess what's important and weed out unnecessary info. Researchers found only 40% of businesses use automated tools to evaluate threats.

The problem is, most security teams don't have the budget to afford new automated systems, either. More than half (51%) say cost stops them from buying these tools; 44% cite complexity as an issue and 30% claim lack of confidence in the products.

Henderson acknowledges the high cost of tech can be a burden in security. It's tough to justify the price of expensive tools when a sign of their effectiveness is a lack of alerts or other activity.

"Security teams don't get whatever they need," he says, debunking a popular misconception among business workers. "Companies have finite budgets, and they need to scrape for every inch or every cent they get in infosec."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Christian Bryant
Christian Bryant,
User Rank: Ninja
6/13/2017 | 5:49:44 PM
Business Model for InfoSec Contract Firms
These stats are a good example of how the business model for contract firms handling only endpoint security has great potential to be successful in the long term.  Looking at the current ecosystem of the industry, with high-end automation tools often intimidating smaller business, contracting out to firms who do custom coding or leverage free and open source (FOSS) security solutions may make sense from an economic standpoint.  I'm not sure how many of these organizations who are hurting are actually already using firms like this, but I suspect most were trying to use their own in-house IT talent to chase down the holes.  There are lots of excellent tactical security teams out there who do more than just investigate specific exploits but also strategize ways to best leverage smaller automation tools mixed with "intuition" based on years and variety of experience to aid these same businesses achieve higher levels of security without wasting their own IT resources.
Disappearing Act: Dark Reading Caption Contest Winners
Marilyn Cohodas, Community Editor, Dark Reading,  3/12/2018
Microsoft Report Details Different Forms of Cryptominers
Kelly Sheridan, Staff Editor, Dark Reading,  3/13/2018
Who Does What in Cybersecurity at the C-Level
Steve Zurier, Freelance Writer,  3/16/2018
Register for Dark Reading Newsletters
White Papers
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.