A recent Ponemon Institute survey of more than 550 IT and IT security practitioners found that 63 percent of respondents can’t monitor endpoint devices when they leave the corporate network, even though 55 percent of vulnerable endpoints contain sensitive data.
The survey, sponsored by Absolute, also found that 56 percent of companies don’t have a cohesive compliance strategy, and 70 percent say they have a “below average” ability to minimize endpoint failure damages. Just 28 percent of respondents leverage automated analysis and inspection to determine compliance.
“It’s clear that enterprises face real visibility and control challenges when it comes to protecting the data on corporate endpoints, ensuring compliance and keeping up with threats,” Ponemon Institute chairman and founder Dr. Larry Ponemon said in a statement.
Despite $3.4 million spent annually on detection and containment of insecure endpoints alone, 53 percent of respondents said the number of malware-infected endpoints has increased in the past 12 months.
Forty-eight percent of respondents are dissatisfied with their endpoint security solution, and 21 percent don’t have one.
A Surge in Attacks
And the threats continue to grow. According to Risk Based Security’s Q1 2017 Data Breach QuickView Report, the first quarter of 2017 saw more than 1,200 data breaches and over 3.4 billion records exposed.
“The trends that drove the extraordinary activity in 2016 are continuing unabated in 2017,” Risk Based Security executive vice president Inga Goddijn said in a statement. “We have seen the return of widespread phishing for W-2 details, large datasets continue to be offered for sale, and misconfigured databases remain a thorny problem for IT administrators.”
A separate ISACA survey of 633 cyber security professionals found that 53 percent of respondents reported an increase in cyber attacks in 2016, and 80 percent believe it’s likely their company will experience a cyber attack in the coming year.
While 62 percent of respondents experienced ransomware attacks in 2016, just 53 percent have a formal process in place to address it. Sixteen percent of respondents don’t have an incident response plan.
Just 31 percent of respondents said they routinely test their security controls, and 13 percent never test them.
Need for Training
“There is a significant and concerning gap between the threats an organization faces and its readiness to address those threats in a timely or effective manner,” ISACA board chair Christos Dimitriadis said in a statement. “Cyber security professionals face huge demands to secure organizational infrastructure, and teams need to be properly trained, resourced and prepared.”
Although 65 percent of organizations now employ a CISO, up from 50 percent in 2016, almost half of all respondents don’t feel confident in their cyber security team’s ability to address anything beyond simple security issues — and one in four respondents have a training budget of less than $1,000 per cyber security team member.
And while 61 percent of respondents said their organizations planned to increase their budgets in 2016, that dropped to 50 percent of respondents in the most recent survey.
“The rise of CISOs in organizations demonstrates a growing leadership commitment to securing the enterprise, which is an encouraging sign,” Dimitriadis said. “But that’s not a cure-all. With the number of malicious attacks increasing, organizations can’t afford a resource slowdown. Yet with so many respondents showing a lack of confidence in their teams’ ability to address complex issues, we know there is more that must be done to address the urgent cyber security challenges faced by all enterprises.”