Ponemon Institute has just (Dec 2010) released a new State of Endpoint report (http://www.lumension.com/Media_Files/Documents/Marketing—Sales/Others/Ponemon—State-of-Endpoint-Risk.aspx). The study, sponsored by Lumension, reveals that a full 64 percent of the 570 respondents surveyed report that their networks are less secure than they were a year ago, or they aren’t sure. And 58 percent report that their security costs are increasing, with malware incidents being the main driver of the escalating costs.
A very interesting thing to note is the fact that most IT managers don’t have the traditional network, operating system and data center vulnerabilities at the top of their worry list. Respondents to the study say that they are more concerned about hard to detect cyber attacks and malware incidents as the bigger security threat. Most companies today allow some type of non-office work by employees, whether it is an employee working from home or using various types of mobile devices. Downloading outside applications is also very common among employees for various reasons.
– Here are some dramatic numbers that might bring home the importance of end point security in any organization:
– On average, each firm in the study has had at least one malware attack daily
– 96 percent have experience a virus or other network intrusion
– Almost every company (95 percent, anyway) has been a victim of theft, losing laptops and other devices that affect enterprise security
– Over 60 percent of the companies lost data through employee theft
– About 90 percent of the companies lost data because of employee negligence (poor backups, erasure of key data, etc.)
Companies use a wide array of strategies to counter security threats, including the use of intrusion detection systems, patch management, vulnerability assessments , application whitelisting and endpoint management and security suites, with the vast majority – 70 percent – trusting vulnerability assessment as , one of the key factors in reducing IT risk. Note, however, that only 51 percent of the companies actually perform a regular vulnerability assessment.