Pressure to improve business productivity and a lack of collaboration with different business divisions is leaving also enterprise IT departments open to increased security risks, according to a new report.
The annual ‘State of Endpoint’ study, carried out by the Poneman Institute for endpoint management and security specialist Lumension, found that the number of companies that felt their IT networks were not more secure than a year ago has increased over the past two years to just under two thirds.
The research indicated that ‘inadequate collaboration and lacking resources for security create a perfect storm for hackers to capitalise on’.
Despite malware attacks continuing to increase in frequency and sophistication, IT departments were not collaborating with security to formulate centralized plans for the enterprise network, it said.
“Probably most surprising this year is the fact that malware attacks continue to increase for the third-consecutive year, yet IT’s concern in this areas is decreasing and they aren’t spending their budgets on basic malware prevention strategies, nor are they collaborating with security to formulate centralized plans for the enterprise network,” said Larry Ponemon, chairman and founder at the Poneman institute.
State of IT Endpoint Risk Key Findings:
- Malware continues to be a threat and operational cost driver for IT, but their ability to reduce it is being challenged as the focus shifts to enabling business productivity with less cost.
- 31% of respondents noted a major uptick in the frequency of malware incidents over last year with 43% estimating that they deal with more than 50 malware attempts on a monthly basis. This equates to nearly two intrusions per day.
- 23% of organizations expressed that zero-day attacks are there biggest headache with targeted attacks coming in a close second at 22%.
- In comparing the 2010 survey results to current findings, the top five areas for the greatest rise of potential IT security risk within IT environments, include:
- Third-party applications were ranked number one in terms of “most concerning” risk, yet only 23% of respondents consider patch and remediation as a “top five” risk mitigation strategy.
- Concern for securing mobile devices and platforms saw a huge jump from nine% in 2010 to 48% in 2011.
- Concern over negligent insider risk has been consistent over the past three years with 43% of organizations polled seeing this as the greatest risk moving into 2012.
- New worries over cloud computing infrastructure risk also jumped from 18% in 2010 to 43% in 2011, and while most anticipate their use of cloud will increase, 41% of those surveyed said they do not have a security strategy in place for assets stored in the cloud.
- More than 72% of respondents reported their organizations will see an increase in the use of social media applications in 2012.
- Continued downward pressure on IT security investment and organizational security prioritization continues to elude. Further evidence shows:
- Overall security budgets remain as one of most concerning items for 2012 (32%) and 40% of respondents said collaboration between security and IT is poor and/or non-existent.
- 25% respondents said their budgets would increase in 2012, yet respondents showcased concern over insufficient collaboration with business operations (16%) and the lack of an organizational wide security strategy (13%).
- 48% of respondents said collaboration between IT operations and IT security could be improved.
- As the use of Mac products become increasingly common in the workplace, mistrust in their invulnerability to malware grows – 85% say they are very concerned or increasingly concerned.
- Given the impact of new risks associated with remote workers, social media, mobile platforms and cloud computing, organizations are now looking to implement a more robust mix of effective solutions to tackle these mounting endpoint risks. According to those polled, the top five technologies that IT plans to increase usage over the next 12 months are:
- Application control/whitelisting (56%)
- Application control firewall/gateway (55%)
- Integrated endpoint security suite (46%)
- Mobile device management (45%)
- Security Event and Incident management (SIEM) (38%)