Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:00 PM
Connect Directly

Majority Of Enterprises Finally Recognize Users As Endpoint's Weakest Vulnerability

The Ponemon State of the Endpoint report shows endpoint management continues to grow more difficult.

As enterprises grow mature in their IT security practices, more of them are attributing endpoint risks to user behavior, rather than fixating on the vulnerabilities attackers ultimately use to break into systems, a new Ponemon Institute survey shows. Querying 703 IT and IT security practitioners, the State of the Endpoint study shows that 78% consider negligent or careless employees who do not follow security policies as the biggest threat to endpoint systems.

"Rather than looking to fix a particular device vulnerability with a single, silver bullet technology, this new study shows IT attributes risk to people," says Chris Merritt, director of solutions marketing for Lumension, which funded the survey. "Cybercriminals launch their attacks, and it's the job of IT and, quite frankly, every user to defend against them. This is a welcome culture shift, but unfortunately, it doesn't necessarily make things any easier."

In fact, 71% of respondents reported that managing endpoint risk has grown more difficult over the last two years. Though they reported user behavior as the biggest obstacle to managing endpoints effectively, the task is not being made any easier by the proliferation of devices connected to consumer cloud applications. Approximately 68% cite the significant increase in the number of personal devices connected to the network as a top endpoint security concern, and 66% point to the use of commercial cloud applications in the workplace as a big problem.

Meanwhile, attacks continue to accelerate. Nearly 70% of respondents said malware at the endpoint increased in severity last year. Approximately 80% of organizations reported web-borne malware as the most frequent attack vector, and the biggest increases in attacks came by way of zero-day attacks, APTs, and spearphishing. The applications most likely to be used by attackers were Adobe applications, applications using Java, and third-party cloud productivity apps.

The combination of user risks, proliferation of devices and apps, and increased attacks has 68% of organizations reporting that endpoint security is becoming a more important component of their overall IT security strategy.

"IT continues to battle malware at the endpoint," said Dr. Larry Ponemon, chairman of the Ponemon Institute. "While it is positive news that companies are making the security of endpoints a higher priority, to win the war they need to recognize the criticality of minimizing employee negligence and investing in technologies that improve the ability to detect malicious attacks."

Those investments will continue to grow at many organizations, with 45% of respondents reporting that they'll get more money to spend on security in 2015. As they figure out how to spend it, 95% of organizations report that they're moving away from prevention-oriented strategy and toward a detect-and-respond approach. They'll do that by employing big data and threat intelligence to analyze threats better in real-time.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore...
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass ...
PUBLISHED: 2020-02-25
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
PUBLISHED: 2020-02-24
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's } parser function.
PUBLISHED: 2020-02-24
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that ...