• Share
  • Email
  • Embed
  • Like
  • Private Content
Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk
 

Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk

on

  • 379 views

Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening? ...

Organizations around the world are losing intellectual property and customer data to cyber criminals at mind-boggling rates. How is this happening?

For 5 consecutive years, the annual State of the Endpoint Report, conducted by Ponemon Institute, has surveyed IT practitioners involved in securing endpoints. This year’s report reveals endpoint security risk is more difficult to minimize than ever before. What are IT pros most concerned about heading into 2014? From the proliferation of mobile devices, third party applications, and targeted attacks/APTs, endpoint security risk for 2014 is becoming more of a challenge to manage.

Larry Ponemon of the Ponemon Institute reveals statistics on growing insecurity, IT’s perceived areas of greatest risk for 2014 as well as tactical suggestions for how to improve your endpoint security. Specifically, you will learn:

•IT perspective on the changing threat landscape and today’s Top 5 risks;
•Disconnect between perceived risk and corresponding strategies to combat those threats;
•Tips and tricks on how to best communicate today’s threats and subsequent needed responses up the management chain

Statistics

Views

Total Views
379
Views on SlideShare
379
Embed Views
0

Actions

Likes
1
Downloads
23
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk Presentation Transcript

    • 2014 State of Endpoint Risk Sponsored by Lumension Corporation Presentation by Dr. Larry Ponemon January 8, 2014
    • Today’s Agenda • Introduction • 2014 State of the Endpoint Survey o Key Findings o o • 1/8/14 Additional Findings Methods Q&A Ponemon Institute© presentation 1
    • Today’s Presenters Ed Brice SVP, Worldwide Marketing Lumension 2 Dr. Larry Ponemon Chairman & President Ponemon Institute
    • Ponemon Institute LLC The Institute is dedicated to advancing responsible information management practices that positively affect privacy, data protection and information security in business and government. The Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations. Ponemon Institute is a full member of CASRO (Council of American Survey Research organizations). Dr. Ponemon serves as CASRO’s chairman of Government & Public Affairs Committee of the Board. The Institute has assembled more than 65+ leading multinational corporations called the RIM Council, which focuses the development and execution of ethical principles for the collection and use of personal data about people and households. The majority of active participants are privacy or information security leaders. 1/8/14 Ponemon Institute: Private and Confidential 3
    • About this research The purpose of this study is to understand how organizations are dealing with the IT endpoint risk. The study reveals that endpoint security risk is more difficult to manage than ever due to the growing number of employees and other insiders using multiple mobile devices in the workplace. Another challenge organizations face is the increase in personal devices connected to the network and the growing popularity of public cloud services. 1/8/14 Ponemon Institute© presentation 4
    • Key findings • • • • 1/8/14 Endpoint security risk is more difficult than ever to manage. Seventy-one percent of respondents say the security threats created by vulnerabilities to the endpoint have become more difficult to stop or mitigate. In the IT environment, mobility and third party applications are the greatest security risks. Seventy-five percent of respondents say mobile devices such as smart phones represent the greatest risk of potential IT security risk within the IT environment. The frequency of malware incidents increases. Forty-four percent of respondents report a major increase in the number of malware incidents targeting their endpoints. Mobile endpoints are vulnerable to malware attacks. Sixty-eight percent of respondents say their mobile endpoints have been the target of malware in the last 12 months. Ponemon Institute© presentation 5
    • More key findings • • • 1/8/14 APTs are attacking endpoints. Forty percent of respondents say their endpoints have been the entry point for an APT/targeted attack in the past 12 months. Most organizations make endpoint security a priority but budgets lag behind. In the past 24 months, more respondents say endpoint security is a priority in their organization’s overall IT security strategy (65 percent of respondents). However, only 29 percent of respondents say spending will either significantly increase or increase for endpoint security. Malware incidents are straining IT security budgets. Fifty percent of respondents say their organization’s IT operating expenses are increasing. Sixty-seven percent say malware incidents contribute a very significant or significant increase in these expenses. Ponemon Institute© presentation 6
    • Key Findings
    • What are the biggest threats to endpoint security? Two responses permitted More multiple mobile devices in the workplace 60% More personal devices connected to the network 51% More insecure mobile devices in the workplace 33% Malware infections are more difficult to detect 32% More offsite employees using insecure WiFi 16% Employees believe productivity is more important than the security of devices 8% 0% 1/8/14 10% 20% Ponemon Institute© presentation 30% 40% 50% 60% 70% 8
    • Greatest IT security risks Mobile devices such as smart phones 75% Across 3rd party applications 66% Mobile/remote employees 45% Our PC desktop/laptop 43% Negligent insider risk 40% 0% 1/8/14 10% 20% 30% Ponemon Institute© presentation 40% 50% 60% 70% 80% 9
    • IT security risks of greatest concern to the organization Three choices permitted 55% Increased use of mobile platforms 47% 44% Use of cloud computing 28% 39% 36% APTs 35% 31% Sophistication of cyber attackers 28% 30% Growing volume of malware 25% Insufficient budget 30% Lack of integration between endpoint operations and security technologies 6% 18% 0% FY 2013 1/8/14 10% 20% 30% 40% 50% 60% FY 2012 Ponemon Institute© presentation 10
    • Applications with the greatest IT risk Top five choices 60% Adobe 55% 50% Google Docs 55% 37% Microsoft OS/applications 44% 33% General 3rd party applications outside of Microsoft 40% 30% Apple/Mac OS 30% 0% FY 2013 1/8/14 10% 20% 30% 40% 50% 60% 70% FY 2012 Ponemon Institute© presentation 11
    • The most frequent types of malware incidents More than one response permitted 80% General malware 86% 74% 79% Web-borne malware attacks 67% 65% Rootkits 59% 54% APTs / Targeted attacks 49% Botnet attacks 55% 48% Spear phishing * 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% This response was not an option in FY 2012 FY 2013 1/8/14 FY 2012 Ponemon Institute© presentation 12
    • What are the most important MDM features? Three choices permitted 73% Virus and malware detection or prevention 65% 70% 70% Provisioning and access policy management 52% Asset tracking 43% 38% Encryption and other data loss technologies 44% 35% 39% Anti-theft features 32% Remote wipe capability Other 38% 0% 1% 0% 10% FY 2013 1/8/14 20% 30% 40% 50% 60% 70% 80% FY 2012 Ponemon Institute© presentation 13
    • Steps to make BYOD more secure More than one response permitted Voluntary installation of endpoint protection agent 54% Mandatory enrollment in company MDM solution through technological means 35% Mandatory endpoint protection agent on laptops through technological means 32% Voluntary enrollment in MDM solution 29% Prohibiting exchange activesync through technologic means 29% Active discovery of BYOD devices on the network and in exchange/email server logs 25% 0% 1/8/14 10% Ponemon Institute© presentation 20% 30% 40% 50% 60% 14
    • How did the organization learn about the APT attack? Anomalous exfiltration traffic on the network 53% Endpoint security technology alerted us to a possible breach 24% Notified by law enforcement 21% Other 2% 0% 1/8/14 10% Ponemon Institute© presentation 20% 30% 40% 50% 60% 15
    • How did the APT attack start? More than one response permitted Spear phishing emails sent to employees 45% Web-based click jacking 34% Fraudulently signed code/ digital certificates 33% Memory based attack 21% SQL injection code 12% USB key delivery 9% Unsure 25% Other 2% 0% 1/8/14 5% 10% 15% 20% Ponemon Institute© presentation 25% 30% 35% 40% 45% 50% 16
    • Will the budget for endpoint security change? 60% 55% 50% 40% 30% 24% 20% 12% 10% 5% 4% 0% Significantly increased 1/8/14 Increased Stayed the same Ponemon Institute© presentation Decreased Significantly decreased 17
    • Do malware incidents increase IT security expenses? 50% 44% 45% 43% 40% 35% 30% 25% 28% 23% 23% 21% 20% 15% 10% 10% 8% 5% 0% Very significant Significant FY 2013 1/8/14 Some significance None FY 2012 Ponemon Institute© presentation 18
    • What technologies will organizations buy? More than one response permitted 40% Application control 50% 33% DLP (content filtering) 48% 33% Mobile device management 34% 26% Device control 33% 20% Big data analytics 37% 0% 10% 20% Today's use rate 1/8/14 30% 40% 50% 60% Use will increase Ponemon Institute© presentation 19
    • Software agents & software management user interfaces for endpoint risk management 40% 38% 38% 35% 30% 25% 25% 23% 20% 18% 16% 15% 14% 14% 9% 10% 5% 5% 0% 1 to 2 3 to 5 6 to 10 More than 10 Cannot determine Number of software agents installed on each endpoint Number of user interfacesused to manage endpoint operations 1/8/14 Ponemon Institute© presentation 20
    • Methods
    • Sample response Freq Total sampling frame Pct% 19,001 100.0% Total returns 894 4.7% Rejected and screened surveys 218 1.1% Final sample 676 3.6% 1/8/14 Ponemon Institute© presentation 22
    • Organizational level that best describes your current position 8% 2% 1% 2% Senior Executive 18% Vice President Director Manager 25% Supervisor Technician Staff 25% Contractor 19% 1/8/14 Ponemon Institute© presentation 23
    • Primary Person you or your IT security leader reports 4% 2% 2% 2% Chief Information Officer 12% Chief Information Security Officer Chief Risk Officer Compliance Officer 53% Chief Financial Officer Chief Security Officer 25% 1/8/14 Other Ponemon Institute© presentation 24
    • What industry best describes your organization’s primary industry focus? 3% 2% 3% 3% Financial Services 21% 3% Health & pharmaceuticals Public Sector 4% Services 4% Retailing Technology & software Energy 5% 12% Consumer products Entertainment & media Hospitality 8% Education & research Transportation 12% 9% Communications Other 11% 1/8/14 Ponemon Institute© presentation 25
    • Organization’s worldwide headcount 3% 8% 20% < 500 people 15% 500 to 1,000 people 1,001 to 5,000 people 5,001 to 25,000 people 25,001 to 75,000 people 20% > 75,000 people 34% 1/8/14 Ponemon Institute© presentation 26
    • Caveats There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys. Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument. Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a holdout period. Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response. 1/8/14 Ponemon Institute© presentation 27
    • Questions? Ponemon Institute Toll Free: 800.887.3118 Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA research@ponemon.org Ponemon Institute© presentation Page 28
    • More Information • 5 Years of Endpoint Risk https://www.lumension.com/2014 » » » » 2014 State of Endpoint Risk Report What Keeps IT Up All Night Video 5 Years of Endpoint Risk Infographic Greatest IT Security Risks of 2014 Webcast On-Demand • Lumension® Endpoint Management and Security Suite » Online Demo Video: https://www.lumension.com/endpointmanagement-security-suite/demo.aspx » Free Trial (virtual or download): https://www.lumension.com/endpointmanagement-security-suite/free-trial.aspx » Get a Quote (and more) https://www.lumension.com/get-a-quote.aspx 29