Now in the third year of the pandemic, organizations have adapted to the new normal of distributed work, standardizing the equipment remote employees need to do their jobs. And as IT departments adjust to real-world breaches and new technologies, some software is declining in use, such as VPNs and stand-alone antivirus programs. Meanwhile, emphasis on multifactor authentication (MFA) and whitelisting is growing.
The results come from Dark Reading's "2022 Endpoint Security Survey," which polled 190 cybersecurity and IT professionals on how pandemic-related changes affect their endpoint security strategies.
In the above graphic, the darker blue bars represent results from the 2022 survey, while the lighter blue shows 2021 numbers. At first glance, antivirus software is clearly the security measure required by the most organizations, at 83%. However, that's down 6% from 2021's 89%, as the chart shows; the full report states that in 2020, it was 92%. It's not that IT departments aren't interested in protecting against viruses; however, the report attributes the decline to "a trend toward the growing integration of malware-detection functions in other technologies, such as endpoint detection and response (EDR) products, operating systems, and cloud technologies." The 8% jump in requiring EDR software, from 35% in 2021 to 43% in 2022, supports that interpretation.
After EDR, the next-highest rise in requirements is for MFA, which rose 7% from 51% in 2021 to 58% in 2022. That comes as Google and Microsoft began pushing MFA for their users, and it makes sense as an effective measure against account breaches such as those in the Kaseya hack.
Application whitelisting saw the steepest increase in required use, from 23% to 35%. Whitelisting can head off malware execution by not allowing unauthorized programs to run, although the technique can be sidestepped in some circumstances.
What used to be the gold standard in remote network access security, the VPN, fell from 72% requiring VPNs in 2021 to 67% in 2022. While the report makes no pronouncements about the reason for the 5% drop, cyberattackers often focus on gaining VPN access, including the notorious Colonial Pipeline breach.
For more, read the full report.