Rise of Mobile Devices, Advanced Persistent Threats and Third-Party Applications are Top Pain Points In 2013, New Study Finds Fourth annual State of Endpoint Risk study conducted by the Ponemon Institute and commissioned by Lumension reports major concerns over increasing security risks
SCOTTSDALE, Ariz., Dec. 3, 2012 /PRNewswire/ -- The state of endpoint risk is not improving according to the fourth annual report researched by the Ponemon Institute and commissioned by Lumension® to track endpoint risk, organizational threat strategy and resource availability. In this year's State of the Endpoint Risk study, IT professionals reported the flood of mobile devices entering their corporate networks, advanced persistent threats and third-party application vulnerabilities are their primary pain points moving into 2013. A few short years ago, these concerns barely made the list.
One of the top concerns cited was the proliferation of personally-owned mobile devices in the workplace such as smartphones and tablets. 80 percent of those surveyed said that laptops and other mobile data-bearing devices pose a significant security risk to their organization's networks. Yet, with only 13 percent stating they use stricter security standards for personal over corporate-owned devices and 29 percent reporting no security strategy for employee-owned devices at all, there is a clear disconnect between awareness and action. These figures are staggering when compared to the 2010 survey. At that time, only nine percent of respondents said mobile devices were a rising threat. This year, 73 percent rank mobile as one of the greatest risks within the IT environment.
This year's State of the Endpoint study also found that IT professionals view third-party applications as a major security threat. In fact, 67 percent of those surveyed reported they viewed third-party applications as a significant risk – second to mobile security risk. In previous year's surveys, the server environment, data centers and operating system vulnerabilities were cited as primary concerns. With the proliferation of mobile devices, along with the wide range of software and removable media commonly used in today's enterprise environment, IT practitioners are increasingly worried about the attack vectors these third party tools could bring into the corporate network.
"It's frightening that since we began this survey four years ago, the threatscape has expanded significantly and yet IT's efforts in fighting malware and the tools they are using to do so remain consistently the same," said Pat Clawson, Chairman and CEO, Lumension. "Clearly, IT is concerned but ill-equipped to deal with these issues. This may be due to lack of budget or lack of confidence in the tools they have at their disposal. We need to ensure that these issues are being raised to the C-suite, so that IT can secure the tools and funds they need to deal with this ever-growing challenge."
In addition to mobile security risk, the security concern that represents the biggest headache for 2013 is advanced persistent threats (APTs). Whereas worms and less harmful viruses were a concern in earlier reports, today's IT teams consider APTs and hacktivism a real, global threat. 36 percent of those surveyed reported that they viewed advanced persistent threats as a "significant" threat to their environments while just 24 percent of respondents held this view last year. In addition, only 12 percent of those surveyed this year stated that current anti-virus/anti-malware technology is very effective in protecting their IT endpoints from today's malware risk.
"Once again, we found the changing security terrain is preventing the state of endpoint security from improving," said Dr. Larry Ponemon, Chairman and Founder, the Ponemon Institute. "With the rise of hacktivism and advanced persistent threats, along with the sheer number of malware incidents we are seeing today, IT simply cannot keep up with the bad guys. Add to this fact that end-users are furthering the complexity of the IT environment by bringing in mobile devices and downloading third-party applications - causing risk to exponentially proliferate. IT simply must take further action before the risk is beyond their control."
671 IT and IT security practitioners were surveyed in this year's study. Of those, 77 percent were employed in organizations with a headcount of more than 1,000 and 66 percent were in a supervisory role or higher. These professionals spanned key industries including financial services, the public sector and healthcare.
To discuss the State of the Endpoint report and likely implications, Dr. Larry Ponemon and Paul Zimski of Lumension will host a webcast on Dec. 5, 2012 at 9:00 a.m. MT. To register for the free event, visit http://www.lumension.com/Resources/Webinars/Greatest-IT-Security-Risks-of-2013.aspx?rpLeadSourceID=L3184
- State of the Endpoint Research Report and IT Anxiety Matrix Infographic
- Greatest IT Security Risks of 2013 Webcast
- Lumension on Twitter
Lumension Security, Inc., a global leader in endpoint management and security, develops, integrates and markets security software solutions that help businesses protect their vital information and manage critical risk across network and endpoint assets. Lumension enables more than 5,100 customers worldwide to achieve optimal security and IT success by delivering a proven and award-winning solution portfolio that includes Vulnerability Management, Endpoint Protection, Data Protection, Antivirus and Reporting and Compliance offerings. Lumension is known for providing world-class customer support and services 24x7, 365 days a year. Headquartered in Scottsdale, Arizona, Lumension has operations worldwide, including Texas, Florida, Ireland, Luxembourg, the United Kingdom, Australia and Singapore. Lumension: IT Secured. Success Optimized.™ More information can be found at www.lumension.com.
Lois Paul and Partners