Endpoints continue to be a main security concern, but protective measures for them continue to lag behind, a new survey said.
Fewer companies today (32 percent) said they have advanced endpoint security protections in place, which is down from 39 percent last year, even though an increasing number of respondents (73 percent this year vs. 58 percent last year) consider endpoints to be “most vulnerable” to a cyber-attack, said researchers at Promisec.
Although more respondents recognize that endpoints are vulnerable to a cyber-attack, fewer companies today said they have endpoint protection in place compared with last year. In addition, 67 percent of respondents said the number of endpoints is rising, down from 76 percent last year.
An increased number of respondents (74 percent) said traditional anti-virus defenses no longer address advanced targeted threats and only 26 percent believe they will play a vital role in the future. This compares to 58 percent and 19 percent respectively, in last year’s survey, which illustrates a continued trend away from traditional anti-virus defenses.
The survey found that 82 percent of IT professionals are either “highly” or “moderately” concerned about a potential security breach in the next year but only 31 percent said they are “well prepared” for a cyber attack. 73 percent of respondents consider endpoints, such as desktops, laptops and mobile devices, to be the “most vulnerable” part of the network. In spite of significant concern of a potential data breach and the value of endpoint security, most companies have inadequate defenses in place.
Only 31 percent of companies said they were able to complete Microsoft patch updates in less than a week even though these updates play key role eliminating known vulnerabilities. Moreover, 40 percent said it took up to a month (compared to 34 percent last year), 13 percent said it look over a month (compared with 19 percent last year), and 16 percent “never” achieved full rollout of updates, up slightly from 14% last year). In spite of these endpoint security challenges, only 25 percent have a dedicated endpoint security budget, down from 30 percent last year.
These findings indicate little change from last year, implying there is stronger reason to believe hackers would have susceptible environments with which to breach. Security awareness may be up, but actions remain unchanged.
Approximately half of respondents continue to agree there is a bigger need for SIEM and/or advanced threat detection and correlation systems to have deeper endpoint analytics. The respondents categorized it as ‘very important’ as endpoints are a common attack point and monitoring these points of entry are vital to identifying an attack and taking steps toward remediation.
A majority of VP and C-Level IT leaders surveyed indicated a heightened fear of a security breach in the coming year and acknowledged a rapidly shifting security landscape, which now includes endpoint security.
• 29 percent of VP and C-Level IT leaders surveyed said they have advanced endpoint protections in place, compared with 33 percent last year, but 82 percent indicated they have a need for deeper endpoint analytics to assist in threat detection, up from 75 percent last year. In spite of growing demand for endpoint security, fewer companies this year have endpoint security systems in place.
• Nearly 71 percent of VP and C-Level IT leaders put endpoints at the top of their most vulnerable list, virtually unchanged from last year.
• VP and C-Level IT Leaders (81 percent) said antivirus solutions are not part of their future for protecting against advanced threats, vs. 83 percent last year.
• 89 percent of VP and C-Level IT Leaders have a heightened fear of a breach over the next year, which indicates steady growth over 86 percent last year.
Companies struggle to keep pace with advanced targeted threats, with 70 percent of respondents saying they are “not confident” the security measures they have in place will protect against all scenarios, up significantly from 55 percent last year. This indicates growing fear of a security breach in a more complex and sophisticated threat environment.