Only 33 percent of survey respondents have security strategies in place to protect the growing number of endpoints on their networks, a new report found.
In addition, 60 percent of respondents said they are not confident all of the devices connected to their networks receive security updates in a timely fashion, according to a new survey from Tripwire conducted by Dimensional Research in August that evaluated key challenges organizations must address in order to optimize their cyber security and compliance programs. Study respondents included over 500 IT security professionals.
“Timely application of security updates is one of the most effective ways to reduce risk in any organization, but it remains a widespread challenge,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire. “As more diverse devices are deployed, the availability and management of these updates becomes more difficult. Organizations need to have a strategy now, before an incident occurs.”
Critical endpoints are systems that, if compromised, could have significant fiscal or operational impact on an organization. Endpoints have traditionally been defined as devices with which users interact, such as desktops, tablets or phones; however, this definition has now been expanded to include additional items like employee-owned devices, virtual machines, point-of-sale terminals, Internet of Things (IoT) devices and servers. Despite presenting significant and unique security risks, critical endpoints are rapidly increasing on networks. Intel has projected there will be over 200 billion connected devices by 2020.
Additional findings include:
— 21 percent of the respondents consider the security of IoT devices connecting to their organization’s networks to be one of their top security concerns.
— 31 percent of the respondents said they conduct comprehensive inventories of hardware- and software-based assets, including IoT devices, on their networks only per year.
— 52 percent of the respondents said the projected growth rate of endpoints on their organization’s networks over the next 24 months would be less than 25 percent per year.
“The proliferation of devices from BYOD, IoT, and the incidental use of personal devices in the enterprise is causing ‘device sprawl,’ so it’s no surprise enterprises aren’t keeping up” said Dwayne Melancon, vice president of products. “The key to dealing with this risk is to remember that foundational controls still apply, regardless of scale – know what’s on your network, understand how it’s vulnerable, keep it patched, keep it securely configured, and monitor the heck out of it for suspicious activity.”