Where are you most vulnerable to a cyber attack?
If you said your endpoints, like desktop computers and mobile phones, are most vulnerable to potential threats, you’d be agreeing with 74 percent of IT security professionals, according to a new survey from Promisec. The problem, however, is that only 39 percent believe they have good endpoint security, and this will only get worse as the number of endpoints that need to be secured continues to increase.
In addition, the vast majority of IT security professionals expect to deal with a breach within the coming year, but 55 percent said their company is only slightly prepared for a security incident. Perhaps the most shocking finding – at least to me – was the length of time it takes to apply patches and updates. For example, Microsoft’s Patch Tuesday happens on the second Tuesday of every month, often with critical updates. Yet only 32 percent said they are able to apply the patches in less than a week and a surprising 14 percent admitted they never get around to fully applying the patches. If they struggle with Microsoft’s patches, which you know are coming, you have to wonder how more periodic and unpredictable updates are handled.
It’s an interesting paradox, isn’t it? Security professionals know what’s coming and they know where the likely risk of a breach is, and yet, they remain (and admit that they are) under-prepared for what’s coming. It’s an issue that Promisec’s CEO Dan Ross raised in a statement about the survey results:
Our survey indicates that companies have begun to embrace endpoint security as a critical part of their total security portfolio, but have yet to adopt a robust endpoint monitoring and remediation infrastructure to address today’s most severe threats.
This problem is universal. A study of UK IT decision makers conducted by Bit9 and Carbon Black found that 64 percent of organizations expect to be the victim of a breach in the near future, but only a handful are confident about security of the endpoints.
How can we get endpoint security to a level where security professionals will feel more confident? Increasing the budget for security solutions is one way. Ross provided a few other tips in an IT Business Edge slideshow, for example, encouraging security staff to think more holistically about security practices:
The best defense against potential breaches and attacks is knowing the status of every point-of-entry for attackers. By taking a holistic approach to endpoint security, and implementing tools to visualize your whole network from a centralized point, you set your IT and security teams up to be ready in the possibility of an attack.
How are you approaching endpoint security?
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba