IT Knows Endpoint Security a Problem; Little Being Done

Tackle Insider Threat by Creating a Culture of Security Awareness

A couple of recent studies show that companies continue to struggle with endpoint security. This has to be a serious concern as more employees are connecting to the corporate network through multiple devices.

Let’s look at these different studies. First, last week, MeriTalk and Palo Alto Networks released the Endpoint Epidemic report, which looks at endpoint security within federal government. Government agencies are failing badly when it comes to endpoint security: 44 percent of endpoints are either unknown or unprotected, and little is being done by up to half of the agencies to do anything about it, as SC Magazine pointed out:

Just over half of federal IT managers (54 percent) responded that their current policies and standards are very effective, practical or enforceable. Further, less than half said their agency’s endpoint security policies and standards are very well integrated into their overall IT security strategy. And, half said their agency isn’t taking key steps to validate users and apps.

Today, a Promisec survey revealed that the situation isn’t any better in the private sector – and is actually getting worse. The survey found that only 32 percent of security professionals admitted to having advanced endpoint security in place, which is lower than last year’s 39 percent. Remember how I recently wrote about security professionals being disconnected from security realities? This survey highlights that disconnect clearly, as The Street discussed:

an increasing number of respondents (73% this year vs 58% last year) consider endpoints to be “most vulnerable” to a cyber-attack. Although more respondents recognize that endpoints are vulnerable to a cyber-attack, fewer companies today said they have endpoint protection in place compared with last year.

Finally, eWeek reported on a study from Alertsec that found SMBs are worried about endpoint security and recognizing that the standard security practices within a company aren’t carried over to those endpoint devices. For example:

More than two-thirds of executives (68 percent) believe auto-saved passwords are not secure and nearly half (48 percent) of executives believe never logging out of user profiles decreases security. Third on their list of top security is the need to have four to six digital passcodes (45 percent).

No doubt that endpoint security is complex and complicated. It isn’t just the prevalence of BYOD in the workplace, but also the changing dynamics of the devices that are being connected to the network, like smart watches and fitness trackers and other devices that have sketchy, if any, built-in security measures. At the same time, these surveys bring up a question I can’t answer: Why aren’t security leaders and IT pros doing more to address the concerns surrounding endpoint security?

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba