Your SlideShare is downloading. ×
0

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Greatest IT Security Risks of 2013: Annual State of the Endpoint Report

425

Published on

What are IT pros most concerned about heading into 2013? The annual State of the Endpoint Report sponsored by Lumension and conducted by Ponemon Institute reveals APTs and mobile devices pose the …

What are IT pros most concerned about heading into 2013? The annual State of the Endpoint Report sponsored by Lumension and conducted by Ponemon Institute reveals APTs and mobile devices pose the biggest security threat to organizations in the coming year. Unfortunately, respondents also demonstrated a disconnect between their identified risk and planned security spend as well as a significant need for improved internal collaboration.

This presentation by Larry Ponemon of the Ponemon Institute and Paul Zimski of Lumension reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2013 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:

•IT perspective on today’s Top 3 risks;
•Disconnect between perceived risk and corresponding strategies to combat those threats;
•Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
425
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. 2013 State of the EndpointPresentation by Dr. Larry Ponemon December 5, 2012
  • 2. About Ponemon Institute• Ponemon Institute conducts independent research on cyber security, data protection and privacy issues.• Since our founding 11+ years ago our mission has remained constant, which is to enable organizations in both the private and public sectors to have a clearer understanding of the practices, enabling technologies and potential threats that will affect the security, reliability and integrity of information assets and IT systems.• Ponemon Institute research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise.• In addition to research, Ponemon Institute offers independent assessment and strategic advisory services on privacy and data protection issues. The Institute also conducts workshops and training programs.• The Institute is frequently engaged by leading companies to assess their privacy and data protection activities in accordance with generally accepted standards and practices on a global basis.• The Institute also performs customized benchmark studies to help organizations identify inherent risk areas and gaps that might otherwise trigger regulatory action.12/4/2012 Ponemon Institute: Private & Confidential Information 2
  • 3. Introduction• Since 2010, Ponemon Institute and Lumension have tracked endpoint risk in organizations, the resources to address the risk and the technologies deployed to manage threats.• This study reveals that the state of endpoint risk is not improving. One of the top concerns is the proliferation of personally owned mobile devices in the workplace such as smart phones and iPads.• Malware attacks are increasing and are having a significant impact on IT operating expenses. Advanced persistent threats and hactivism pose the biggest headache to IT security pros.12/4/2012 Ponemon Institute: Private & Confidential Information 3
  • 4. MethodsA random sampling frame of 17,744 IT and IT security practitioners located in all regionsof the United States were selected as participants to this survey. As shown below, 923respondents completed the survey. Screening removed 178 surveys and an additional 74surveys that failed reliability checks were removed. The final sample was 671 surveys(or a 3.8 percent response rate).Sample response FY 2012 FY 2011 FY 2010Total sampling frame 17,744 18,988 11,890Total returns 923 911 782Rejected surveys 74 80 65Screened surveys 178 143 153Final sample 671 688 564Response Rate 3.8% 3.6% 4.7%12/4/2012 Ponemon Institute: Private & Confidential Information 4
  • 5. Distribution of respondents according toprimary industry classification 2% 2% 2% 3% Financial Services 3% 20% Health & pharmaceuticals 3% Public Sector 4% Retailing Services 5% Technology & software Hospitality Industrial 5% 12% Education & research Energy 5% Consumer products Communications Entertainment & media 7% 10% Agriculture Defense 8% 9% Transportation12/4/2012 Ponemon Institute: Private & Confidential Information 5
  • 6. What organizational level best describesyour current position? 3% 3% 7% 19% Director Manager Supervisor Technician 23% Staff Contractor 26% Other 19%12/4/2012 Ponemon Institute: Private & Confidential Information 6
  • 7. The primary person you or the ITsecurity leader reports to within theorganization 3% 1% 4% 6% Chief Information Officer 9% Chief Information Security Officer Chief Risk Officer Compliance Officer 54% Chief Security Officer 23% General Counsel Chief Financial Officer12/4/2012 Ponemon Institute: Private & Confidential Information 7
  • 8. Worldwide headcount 4% 7% 19% 16% Less than 500 people 500 to 1,000 people 1,001 to 5,000 people 5,001 to 25,000 people 25,001 to 75,000 people 21% More than 75,000 people 33%12/4/2012 Ponemon Institute: Private & Confidential Information 8
  • 9. Results
  • 10. The endpoint threat landscape
  • 11. IT security risks considered to be on the riseThree choices permitted in 2010 and 5 choices permitted in 2011 and 2012 73% Mobile devices 48% 9% 67% Across 3rd party applications 56% 45% 53% Mobile/remote employees 49% 44% 45% Our PC desktop/laptop 41% 44% 44% Negligent insider risk * 43% 41% Cloud computing infrastructure & providers 43% 18% 39%Removable media and/or media (CDs, DVDs) 42% 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% * This choice was not available for all fiscal years FY 2012 FY 2011 FY 201012/4/2012 Ponemon Institute: Private & Confidential Information 11
  • 12. IT security risks believed to bedecreasing or staying the sameThree choices permitted in 2010 and 5 choices permitted in 2011and 2012 36% Lack of organizational alignment * 39% 25%Lack of system connectivity/visibility * 29% 19% Virtual computing environments 28% 20% 19% Our server environment 29% 32% 15% Malicious insider risk * 16% 10% Network infrastructure environment 14% 11% 8% Within operating systems 10% 11% 6% Our data centers 12% 14% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% * This choice was not available for all fiscal years FY 2012 FY 2011 FY 201012/4/2012 Ponemon Institute: Private & Confidential Information 12
  • 13. Is your IT network more secure nowthan it was a year ago?50% 46%45% 41%40% 36% 36%35% 33% 34%30% 28% 25%25% 21%20%15%10% 5% 0% FY 2012 FY 2011 FY 2010 Yes No Unsure12/4/2012 Ponemon Institute: Private & Confidential Information 13
  • 14. IT security risks of most concern since 2010More than three choices permitted in 2010 and 3 choices permitted in2011 and 2012 47% Increased use of mobile platforms * 36% 36% Advanced persistent threats 24% 24% 22% Intrusions and data loss within virtual 23% environments 13% 0% 10% 20% 30% 40% 50% * This choice was not available for all fiscal years FY 2012 FY 2011 FY 201012/4/2012 Ponemon Institute: Private & Confidential Information 14
  • 15. IT security risks that have declined orstayed the sameMore than three choices permitted in 2010 and 3 choicespermitted in 2011 and 2012 15% Negligent insider risk 28% 50% 30% Growing volume of malware 29% 61% 28% Use of insecure cloud computing resources 31% 49% 30% Insufficient budget resources 32% 47% 31% Increasingly sophisticated & targeted cyber attackers 26% 40% 12% Malicious insider risk 11% 19% 6% Inability to measure policy compliance * 12%Insufficient collaboration among IT & business operations 13% 16% * Lack of integration between endpoint operations & 18% 17% security technologies 20% 12% Lack of an organizational wide security strategy * 13% 0% 20% 40% 60% 80% * This choice was not available for all fiscal years FY 2012 FY 2011 FY 2010*12/4/2012 Ponemon Institute: Private & Confidential Information 15
  • 16. Mobility is an IT security headache
  • 17. Mobile devices pose a significant security riskStrongly agree and agree response combined90% 80%80% 74%70%60%50%40%30%20%10% 0% FY 2012 FY 201112/4/2012 Ponemon Institute: Private & Confidential Information 17
  • 18. Technologies expected to increase inthe next 12 to 24 monthsSubstantial increase and increase response combined 75% Mobile devices / smart phones 70% 63%Use of 3rd party cloud computing infrastructure 56% 61% Virtualized environments 52% 53% Use of internal cloud computing infrastructure 35% Security event and incident management * 45% Social media / Web 2.0 * 72% 0% 10% 20% 30% 40% 50% 60% 70% 80% This choice was not available for FY 2012 FY 2012 FY 201112/4/2012 Ponemon Institute: Private & Confidential Information 18
  • 19. Important mobile device managementfeaturesThree choices permitted 70%Provisioning and access policy management 62% 65% Virus and malware detection or prevention 55% 44% Encryption and other data loss technologies 49% 43% Asset tracking 47% 39% Anti-theft features 42% 38% Remote wipe capability 41% 1% Other 3% 0% 10% 20% 30% 40% 50% 60% 70% 80% FY 2012 FY 201112/4/2012 Ponemon Institute: Private & Confidential Information 19
  • 20. Personal mobile device use in theworkplace40%35% 34%30% 29% 28%25% 23% 20%20% 18% 16%15% 13%10% 7% 7% 5% 3% 2% 0% None 1 to 25% 26 to 50% 51 to 75% More than 75% Cannot determine FY 2012 FY 201112/4/2012 Ponemon Institute: Private & Confidential Information 20
  • 21. Security policy for employee owneddevices50% 46%45%40% 39%35%30% 29%25% 21% 21%20% 19%15% 13% 12%10% 5% 0% No No, but we plan to Yes, we secure them Yes, we use stricter similar to corporate devices standards than we do for corporate devices FY 2012 FY 201112/4/2012 Ponemon Institute: Private & Confidential Information 21
  • 22. Most vulnerable third-party applicationsThree choices permitted 55% Google Docs 47% 46% 55% Adobe 50% 54% 44% Microsoft OS/applications 49% 57% 40%General 3rd party apps outside of Microsoft 46% 58% 30% Apple/Mac OS 24% 15% 28% Apple apps 20% 14% 18% VMware 20% 17% 15% Oracle applications 22% 10% 11% WinZip 16% 19% 3% Mozilla Firefox 6% 2% 0% Other 1% 4% 0% 10% 20% 30% 40% 50% 60% 70% FY 2012 FY 2011 FY 201012/4/2012 Ponemon Institute: Private & Confidential Information 22
  • 23. The malware threat
  • 24. Monthly malware attempts or incidents50%45% 43%40% 35% 35%35% 32%30% 27%25% 23% 21% 20%20%15% 13% 11% 11%10% 9% 9% 6% 5% 2% 3% 0% Less than 5 5 to 10 11 to 25 26 to 50 More than 50 Not sure FY 2012 FY 2011 FY 201012/4/2012 Ponemon Institute: Private & Confidential Information 24
  • 25. Changes in malware incidents over thepast year40% 37%35% 31%30% 26% 25% 25%25% 22% 22% 21%20% 18% 17% 15%15% 14%10% 9% 8% 8% 5% 0% Yes, major increase Yes, but only slight increase No, they stayed the same No, they have decreased Not sure FY 2012 FY 2011 FY 201012/4/2012 Ponemon Institute: Private & Confidential Information 25
  • 26. Most frequent and annoying incidentsMore than one choice permitted General malware 86% 2% Web-borne malware attacks 79% 3% Rootkits 65% 4% Botnet attacks 55% 8% Advanced persistent threats / Targeted attacks* 54% 25% Spyware 45% 0% Clickjacking 43% 7% Hacktivism 41% 15% Zero day attacks 31% 13% SQL injection 29% 12%Exploit existing software vulnerability < 3 months 28% 5% Exploitexisting software vulnerability > 3 months 26% 6% Other 5% 0% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% *Termed Targeted Attacks in the 2011 survey Which incidents are you seeing frequently in your organization’s IT networks? Which one incident represents your biggest headache?12/4/2012 Ponemon Institute: Private & Confidential Information 26
  • 27. IT operating costs increase due to malware50%45% 43% 41% 40%40%35% 32%30% 28% 29%25% 21% 22%20%15% 14% 14%10% 8% 8% 5% 0% Very significant Significant Some significance None FY 2012 FY 2011 FY 201012/4/2012 Ponemon Institute: Private & Confidential Information 27
  • 28. Barriers to achieving optimal security
  • 29. IT security budget changes from last year60% 56%50% 48%40% 29%30% 25%20% 12% 11% 10% 9%10% 0% Increase Stay the same Decrease Unsure FY 2012 FY 201112/4/2012 Ponemon Institute: Private & Confidential Information 29
  • 30. Collaboration between IT operations and IT security60%50% 48% 46% 41% 40%40%30%20% 13% 12%10% 0% Collaboration is excellent Collaboration is adequate, but can Collaboration is poor or non-existent be improved FY 2012 FY 201112/4/2012 Ponemon Institute: Private & Confidential Information 30
  • 31. Admin privileges allowed45% 41% 40%40%35%30%25%20% 19%15%10% 5% 0% No Yes, to part of the user environment Yes, to the entire user environment12/4/2012 Ponemon Institute: Private & Confidential Information 31
  • 32. Greatest challenges in meeting federalcompliance regulationsTwo choices permitted Lack of resources 75% Increasing audit burden 73%Explaining issues and requirements to management 15% Inconsistent reporting 11% Manual data collection 9% None of the above 12% 0% 10% 20% 30% 40% 50% 60% 70% 80%12/4/2012 Ponemon Institute: Private & Confidential Information 32
  • 33. Impact of external compliancerequirements on IT security functionTwo choices permittedMore personnel and funding for meeting compliance 56% initiatives More funding for purchasing security technologies 53% Better understanding of organizational IT risk 24% Improved control procedures 20% Requirements to update or create new policies 12% Requirements to update or create new training 10% procedures Formal audits to ensure policy enforcement 9% None of the above 13% 0% 10% 20% 30% 40% 50% 60%12/4/2012 Ponemon Institute: Private & Confidential Information 33
  • 34. Current and future technologies
  • 35. Technologies in use or to be invested inover the next 12 monthsMore than one choice permitted60% 55% 55% 49%50% 47% 45% 42%40% 38% 34%30%20%10% 0% Application control firewall Application Endpoint management and SEIM control/whitelisting security suite Current use of technology Expected increase in use of technology12/4/2012 Ponemon Institute: Private & Confidential Information 35
  • 36. Most effective tools for reducing IT riskFiscal years 2012 and 2011 limited to 5 choices 46% Privilege management * 45% Vulnerability assessment * 55% 70% 40% Security event and incident management * 43% 40%Endpoint management & security suites/platforms 41% 48% 39% Endpoint firewall 43% FY 2012 59% 37% FY 2011 Device control 44% 57% FY 2010 37% Application control firewall 42% 52% 36% Application control/whitelisting 37% 44% 33% Anti-virus & anti-malware 40% 57% 0% 10% 20% 30% 40% 50% 60% 70% 80% * This choice not available for all fiscal years12/4/2012 Ponemon Institute: Private & Confidential Information 36
  • 37. Reasons for migrating to Windows 8Two choices permitted Efficiency and user productivity gains 43% Improvements in security 38%Improvements in speed and performance 37% Stability of the operating system 33%Interoperability issues with other systems 31% Improvements in vendor support 19% 0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%12/4/2012 Ponemon Institute: Private & Confidential Information 37
  • 38. Cloud computing and endpoint security
  • 39. The existence and enforcement of cloudsecurity policies50% 45%45% 40% 41%40% 36%35%30%25% 24%20%15% 14%10% 5% 0% Yes No Unsure Does your organization have a centralized cloud security policy? Do you enforce employees’ use of private clouds?12/4/2012 Ponemon Institute: Private & Confidential Information 39
  • 40. Conclusion & Recommendations• Create acceptable use policies for personally owned devices in the workplace.• Conduct risk assessments and consider the use of an integrated endpoint security suite that includes vulnerability assessment, device control, anti- virus and anti-malware.• Establish governance practices for privileged users at the device level to define acceptable use of mobile, BYOD and corporate-owned asset as well as limit the installation of third-party applications.• Ensure that policies and procedures clearly state the importance of protecting sensitive and confidential information stored in the cloud.• To better address the difficulties in managing the endpoint risk, collaboration between IT operations and IT security should be improved to achieve a better allocation of resources and the creation of strategies to address risks associated with hacktivism, BYOD, third-party applications and cloud computing.12/4/2012 Ponemon Institute: Private & Confidential Information 40
  • 41. Caveats• There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys.• Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument.• Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a holdout period.• Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response.12/4/2012 Ponemon Institute: Private & Confidential Information 41
  • 42. Questions? Ponemon Institute www.ponemon.org Tel: 231.938.9900 Toll Free: 800.887.3118Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA research@ponemon.org

×