Have you thought about where your data is at greatest risk? If you haven’t, you should, because where that risk lies may surprise you.
Bromium, a global enterprise security company, asked Black Hat attendees about the state of security, querying them about security trends, the security of Windows 10, and where to find the source of the worst security risks. The answer to that last question wasn’t the network or the cloud. Fifty-five percent of the 100 respondents said endpoints are the security risk they are most concerned about (compared to 27 percent who cited insider threats and 9 percent for both the cloud and the network).
What makes endpoints such a security risk? According to the survey, “humans are just one element that makes the endpoint the source of the greatest security risk. Another major factor is vulnerable software.”https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
Speaking of vulnerable software, respondents overwhelmingly said they would be more than happy to be rid of Flash, and that by doing so, their endpoints would be a lot more secure. It’s no wonder; Flash is riddled with vulnerabilities. As stated in the report:
Flash vulnerabilities have become so problematic that Mozilla temporarily blocked Flash from Firefox, YouTube has switched to HTML5 and Facebook has called for the end of Flash.
In fact, just last week it was announced that a Flash vulnerability led to a malvertising campaign that affected Yahoo users. So it isn’t too surprising that Adobe patched more than 30 vulnerabilities this week and more than 30 in July, including, eWeek pointed out, “two zero-day flaws days after that [July] update was released to deal with issues identified in the recent Hacking Team breach.”
The survey also revealed something that is often discussed as a serious security issue: security patches aren’t being applied in a timely manner, which creates an unnecessary risk at the endpoint. Only 10 percent of those surveyed said they apply patches on the day they are released, while half of the respondents say they apply the patch in the first week. Nearly a quarter, however, said it takes a month or more to apply a patch. Patching can be time consuming, but it is also one of the easiest and most crucial security functions. Yet, it is routinely put on the back burner. No wonder the endpoints are at risk!
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba