Majority firms see employees as biggest threat to endpoint systems

Majority of enterprises are attributing endpoint risks to employees’ behaviour, a latest Ponemon Institute survey claimed. An endpoint can include servers, desktops, laptops, smartphones, and even printers, ATMs and PoS devices. Based on a survey of 703 IT and IT security practitioners, Ponemon’s ‘ State of the Endpoint ’ study said that 78 percent respondents see negligent employees as the greatest source of endpoint risk. IT practitioners reported use of commercial cloud applications (73 percent), BYOD (68 percent) and employees who operate from home offices and offsite locations (63 percent) have significantly increased endpoint risk. “Sixty-eight percent of respondents said their IT department cannot keep up with employee demand for greater support and better mobile device connectivity.” [caption id=“attachment_1026155” align=“alignleft” width=“380”] Reuters[/caption] Only 33 percent of respondents agree that their approach to endpoint security takes into account the Internet of Things (IoT), which means that most companies represented in this study are not addressing the potential endpoint risk created by IoT, the report stated. Mobile endpoints have been the target of malware this year. Seventy-one percent of respondents said in the past 24 months managing endpoint risk has become very difficult. In fact, 75 percent of respondents believe their mobile endpoints have been the target of malware over the past 12 months. Eighty percent of respondents said web-borne malware attacks are seen frequently in their organisation’s IT networks followed by advanced persistent threats (APT)/targeted attacks (65 percent) and rootkits (65 percent). The biggest increase is in zero day attacks, APTs and spear phishing. Causing the most problems in managing endpoint risk are the following applications: Adobe (e.g. Acrobat, Flash Player, Reader) (62 percent of respondents), Oracle Java JRE (54 percent of respondents) and third-party cloud-based productivity apps (e.g. WinZip, VLC, VMware and VNC). Eighty percent of respondents said smartphones are a concern followed by vulnerabilities in third party applications (69 percent), mobile remote employees (42 percent) and the negligent insider risk. However, in recognition of the growing risk, endpoint security is becoming a more important priority. Sixty-eight percent said endpoint security is becoming a more important part of their organisation’s overall IT security strategy. Endpoint security is becoming a more important priority. Sixty-eight percent of respondents say endpoint security is becoming a more important part of their organization’s overall IT security strategy. Keeping endpoint security in mind, 45 percent of respondents said their organisation’s IT security budget will significantly increase (12 percent) or increase (33 percent). While companies are making endpoint security a higher priority, the report revealed that the IT security budget allocation is expected to change next year. Network security is expected to decline from 40 percent to 32 percent. Data security and application security are expected to receive more funding. Despite the fact that employee negligence is recognised as a serious threat, only 11 percent of the budget is allocated to dealing with malicious or negligence insiders or third parties. #Top 3 predictions for 2015 – Virtually all organisations will evolve toward a more “detect and respond” orientation from one that is focused on prevention. In addition, according to 70 percent of respondents, their organizations are using or plan to use within the next two years the use of “big data” to enhance endpoint and database security. – Threat intelligence increases in importance. Sixty-four percent of respondents said they have added or plan to add a threat intelligence component to their companies’ security stack. – The endpoint becomes a security sensor. In other words, where state or context data collected at the endpoint is used to determine if it has been or is being compromised.