For the third consecutive year, IT reports growing caution in the overall security of their network, with 66 percent of respondents reporting their networks were not more secure than last year – a figure slightly more than 2010 (64 percent) and 2009 (59 percent). The State of the Endpoint indicates the primary circumstance impacting organizational security is evolving, exceedingly vulnerable endpoints, ineffective policies for both technology implementation and organizational prioritization of security and the inability to educate employees on security best practices.
While many organizations continue to invest in traditional technology solutions, more and more recognize they aren’t able to effectively reduce endpoint risk within today’s environment. Additionally, there is little alignment with other business areas and, as a result, organizations are wasting valuable time, money and resources while continuing to expose their IT environment to unnecessary risks.
State of IT Endpoint Risk Key Findings:
Malware continues to be a threat and operational cost driver for IT, but their ability to reduce it is being challenged as the focus shifts to enabling business productivity with less cost.
o According to respondents, on average, malware incidents have nearly doubled to 43 percent from 27 percent in 2010, with respondents commenting that they have seen significant increase in the frequency of Web-born malware attacks with more than 50 malware attempts occurring per month within their organizations. Despite the increase in malware incidents, the concern for malware by IT staff has decreased by 48 percent from 2010 to 2011.
o 31 percent of respondents noted a major uptick in the frequency of malware incidents over last year with 43 percent estimating that they deal with more than 50 malware attempts on a monthly basis. This equates to nearly two intrusions per day.
o 23 percent of organizations expressed that zero-day attacks are there biggest headache with targeted attacks coming in a close second at 22 percent.
In comparing the 2010 survey results to current findings, the top five areas for the greatest rise of potential IT security risk within IT environments, include:
o Third-party applications were ranked number one in terms of “most concerning” risk, yet only 23 percent of respondents consider patch and remediation as a “top five” risk mitigation strategy.
o Concern for securing mobile devices and platforms saw a huge jump from nine percent in 2010 to 48 percent in 2011.
o Concern over negligent insider risk has been consistent over the past three years with 43 percent of organizations polled seeing this as the greatest risk moving into 2012.
o New worries over cloud computing infrastructure risk also jumped from 18 percent in 2010 to 43 percent in 2011, and while most anticipate their use of cloud will increase, 41 percent of those surveyed said they do not have a security strategy in place for assets stored in the cloud.
o More than 72 percent of respondents reported their organizations will see an increase in the use of social media applications in 2012.
Continued downward pressure on IT security investment and organizational security prioritization continues to elude. Further evidence shows:
o Overall security budgets remain as one of most concerning items for 2012 (32 percent) and 40 percent of respondents said collaboration between security and IT is poor and/or non-existent.
o 25 percent respondents said their budgets would increase in 2012, yet respondents showcased concern over insufficient collaboration with business operations (16 percent) and the lack of an organizational wide security strategy (13 percent).
o 48 percent of respondents said collaboration between IT operations and IT security could be improved.
As the use of Mac products become increasingly common in the workplace, mistrust in their invulnerability to malware grows – 85 percent say they are very concerned or increasingly concerned.
Given the impact of new risks associated with remote workers, social media, mobile platforms and cloud computing, organizations are now looking to implement a more robust mix of effective solutions to tackle these mounting endpoint risks. According to those polled, the top five technologies that IT plans to increase usage over the next 12 months are:
o Application control/whitelisting (56 percent)
o Application control firewall/gateway (55 percent)
o Integrated endpoint security suite (46 percent)
o Mobile device management (45 percent)
o Security Event and Incident management (SIEM) (38 percent)
C. Edward Brice, Senior Vice President, worldwide marketing, Lumension
“This years’ State of the Endpoint Survey reveals a large disconnect between the perceived risks and corresponding strategies to combat today’s evolving endpoint environment. Also evident is the need for a fundamental mind shift across the enterprise to ensure prioritization is given to organizational security. Clearly IT is concerned about this but it is evident they struggle with actionable next steps.”
Larry Ponemon, Chairman and Founder, The Ponemon Institute
“The State of the Endpoint survey uncovered some interesting truths to how organizations are faring in the battle to protect their endpoints. Probably most surprising this year is the fact that malware attacks continue to increase for the third-consecutive year, yet IT’s concern in this areas is decreasing and they aren’t spending their budgets on basic malware prevention strategies, nor are they collaborating with security to formulate centralized plans for the enterprise network. Most of their concern this year seems to reside on the new technologies entering the workplace, such as mobile devices, cloud computing and virtualization.”
Patrick J. Clawson, Chairman & CEO, Lumension
“Organizations continue to lose the battle when it comes to staying ahead of today’s threat landscape, as the study results confirmed for us. This is further compounded by a lack of collaboration among IT operations and IT security leaders to support information sharing, as well as ineffective anti-malware technologies currently being used to protect today’s IT endpoint risks. As we look to 2012, we are encouraging our customers and the larger security industry to further educate end-users to help in the fight against malware to improve the pain points associated with employees using mobile platforms, social media and cloud computing applications in the enterprise.”
The State of the Endpoint was derived from a survey of 688 IT and IT security practitioners within the U.S. spanning key industries including financial services, public sector and healthcare, all of whom have active responsibility for their data security and compliance efforts.
State of the Endpoint Infographic and Whitepaper
Visit the Optimal Security blog for more insight into key survey findings
About Lumension Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Virginia, Texas, Utah, Florida, Ireland, Luxembourg, the United Kingdom, Australia, and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.