Think Information. Think Security.
The state of endpoint risk is not improving according to the fourth annual report researched by the Ponemon Institute. IT professionals reported the flood of mobile devices entering their corporate networks, advanced persistent threats and third-party application vulnerabilities are their primary pain points moving into 2013. A few short years ago, these concerns barely made the list.

One of the top concerns cited was the proliferation of personally-owned mobile devices in the workplace such as smartphones and tablets. 80% of those surveyed said that laptops and other mobile data-bearing devices pose a significant security risk to their organization’s networks. Yet, with only 13% stating they use stricter security standards for personal over corporate-owned devices and 29% reporting no security strategy for employee-owned devices at all, there is a clear disconnect between awareness and action.

These figures are staggering when compared to the 2010 survey. At that time, only 9% of respondents said mobile devices were a rising threat. This year, 73% rank mobile as one of the greatest risks within the IT environment. This year’s study also found that IT professionals view third-party applications as a major security threat. In fact, 67% of those surveyed reported they viewed third-party applications as a significant risk – second to mobile security risk.

In previous year’s surveys, the server environment, data centers and operating system vulnerabilities were cited as primary concerns. With the proliferation of mobile devices, along with the wide range of software and removable media commonly used in today’s enterprise environment, IT practitioners are increasingly worried about the attack vectors these third party tools could bring into the corporate network.

In addition to mobile security risk, the security concern that represents the biggest headache for 2013 is advanced persistent threats (APTs). Whereas worms and less harmful viruses were a concern in earlier reports, today’s IT teams consider APTs and hacktivism a real, global threat. 36% of those surveyed reported that they viewed advanced persistent threats as a “significant” threat to their environments while just 24% of respondents held this view last year. In addition, only 12% of those surveyed this year stated that current anti-virus/anti-malware technology is very effective in protecting their IT endpoints from today’s malware risk.
671 IT and IT security practitioners were surveyed in this year’s study. Of those, 77% were employed in organizations with a headcount of more than 1,000 and 66% were in a supervisory role or higher. These professionals spanned key industries including financial services, the public sector and healthcare.

Cross-posted from: Help Net Security

Leave a Reply.