Greatest It Security Risks of 2014: 5th Annual State of Endpoint Risk

Presentation by Dr. Larry Ponemon

January 8, 2014

2014 State of Endpoint RiskSponsored by Lumension Corporation

Today’s Agenda

1/8/14 Ponemon Institute© presentation 1

• Introduction

• 2014 State of the Endpoint Survey

o Key Findings

o Additional Findings

o Methods

• Q&A

Today’s Presenters

2

Ed BriceSVP, Worldwide Marketing

Lumension

Dr. Larry PonemonChairman & President

Ponemon Institute

Ponemon Institute LLC

� The Institute is dedicated to advancing responsible information management

practices that positively affect privacy, data protection and information security in

business and government.

� The Institute conducts independent research, educates leaders from the private

and public sectors and verifies the privacy and data protection practices of

organizations.

� Ponemon Institute is a full member of CASRO (Council of American Survey

Research organizations). Dr. Ponemon serves as CASRO’s chairman of

Government & Public Affairs Committee of the Board.

� The Institute has assembled more than 65+ leading multinational corporations

called the RIM Council, which focuses the development and execution of ethical

principles for the collection and use of personal data about people and

households.

� The majority of active participants are privacy or information security leaders.

1/8/14 3Ponemon Institute: Private and Confidential

About this research


The purpose of this study is to understand how organizations are dealing with the IT endpoint risk. The study reveals that endpoint security risk is more difficult to manage than ever due to the growing number of employees and other insiders using multiple mobile devices in the workplace. Another challenge organizations face is the increase in personal devices connected to the network and the growing popularity of public cloud services.

Key findings

• Endpoint security risk is more difficult than ever to manage.

Seventy-one percent of respondents say the security threats created

by vulnerabilities to the endpoint have become more difficult to stop

or mitigate.

• In the IT environment, mobility and third party applications are

the greatest security risks. Seventy-five percent of respondents

say mobile devices such as smart phones represent the greatest

risk of potential IT security risk within the IT environment.

• The frequency of malware incidents increases. Forty-four

percent of respondents report a major increase in the number of

malware incidents targeting their endpoints.

• Mobile endpoints are vulnerable to malware attacks. Sixty-eight

percent of respondents say their mobile endpoints have been the

target of malware in the last 12 months.


More key findings

• APTs are attacking endpoints. Forty percent of respondents say

their endpoints have been the entry point for an APT/targeted attack

in the past 12 months.

• Most organizations make endpoint security a priority but

budgets lag behind. In the past 24 months, more respondents say

endpoint security is a priority in their organization’s overall IT

security strategy (65 percent of respondents). However, only 29

percent of respondents say spending will either significantly

increase or increase for endpoint security.

• Malware incidents are straining IT security budgets. Fifty

percent of respondents say their organization’s IT operating

expenses are increasing. Sixty-seven percent say malware incidents

contribute a very significant or significant increase in these

expenses.


Key Findings

What are the biggest threats to endpoint security?Two responses permitted


8%

16%

32%

33%

51%

60%

0% 10% 20% 30% 40% 50% 60% 70%

Employees believe productivity is more important thanthe security of devices

More offsite employees using insecure WiFi

Malware infections are more difficult to detect

More insecure mobile devices in the workplace

More personal devices connected to the network

More multiple mobile devices in the workplace

Greatest IT security risks


40%

43%

45%

66%

75%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Negligent insider risk

Our PC desktop/laptop

Mobile/remote employees

Across 3rd party applications

Mobile devices such as smart phones

IT security risks of greatest concern to the organizationThree choices permitted


18%

30%

30%

31%

36%

28%

47%

6%

25%

28%

35%

39%

44%

55%

0% 10% 20% 30% 40% 50% 60%

Lack of integration between endpoint operations andsecurity technologies

Insufficient budget

Growing volume of malware

Sophistication of cyber attackers

APTs

Use of cloud computing

Increased use of mobile platforms

FY 2013 FY 2012

Applications with the greatest IT riskTop five choices


30%

40%

44%

55%

55%

30%

33%

37%

50%

60%

0% 10% 20% 30% 40% 50% 60% 70%

Apple/Mac OS

General 3rd party applications outside of Microsoft

Microsoft OS/applications

Google Docs

Adobe

FY 2013 FY 2012

The most frequent types of malware incidentsMore than one response permitted


55%

54%

65%

79%

86%

48%

49%

59%

67%

74%

80%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Spear phishing *

Botnet attacks

APTs / Targeted attacks

Rootkits

Web-borne malware attacks

General malware

This response was not an option in FY 2012

FY 2013 FY 2012

What are the most important MDM features?Three choices permitted


1%

38%

39%

44%

43%

70%

65%

0%

32%

35%

38%

52%

70%

73%

0% 10% 20% 30% 40% 50% 60% 70% 80%

Other

Remote wipe capability

Anti-theft features

Encryption and other data loss technologies

Asset tracking

Provisioning and access policy management

Virus and malware detection or prevention

FY 2013 FY 2012

Steps to make BYOD more secureMore than one response permitted


25%

29%

29%

32%

35%

54%

0% 10% 20% 30% 40% 50% 60%

Active discovery of BYOD devices on the network and inexchange/email server logs

Prohibiting exchange activesync through technologicmeans

Voluntary enrollment in MDM solution

Mandatory endpoint protection agent on laptops throughtechnological means

Mandatory enrollment in company MDM solution throughtechnological means

Voluntary installation of endpoint protection agent

How did the organization learn about the APT attack?


2%

21%

24%

53%

0% 10% 20% 30% 40% 50% 60%

Other

Notified by law enforcement

Endpoint security technology alerted us to a possiblebreach

Anomalous exfiltration traffic on the network

How did the APT attack start?More than one response permitted


2%

25%

9%

12%

21%

33%

34%

45%

0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%

Other

Unsure

USB key delivery

SQL injection code

Memory based attack

Fraudulently signed code/ digital certificates

Web-based click jacking

Spear phishing emails sent to employees

Will the budget for endpoint security change?


5%

24%

55%

12%

4%

0%

10%

20%

30%

40%

50%

60%

Significantlyincreased

Increased Stayed the same Decreased Significantlydecreased

Do malware incidents increase IT security expenses?


23%

44%

23%

10%

21%

43%

28%

8%

0%

5%

10%

15%

20%

25%

30%

35%

40%

45%

50%

Very significant Significant Some significance None

FY 2013 FY 2012

What technologies will organizations buy? More than one response permitted


37%

33%

34%

48%

50%

20%

26%

33%

33%

40%

0% 10% 20% 30% 40% 50% 60%

Big data analytics

Device control

Mobile device management

DLP (content filtering)

Application control

Today's use rate Use will increase

Software agents & software management user interfaces for endpoint risk management


16%

23%

38%

18%

5%

14%

25%

38%

14%

9%

0%

5%

10%

15%

20%

25%

30%

35%

40%

1 to 2 3 to 5 6 to 10 More than 10 Cannot determine

Number of software agents installed on each endpoint

Number of user interfacesused to manage endpoint operations

Methods

Sample response Freq Pct%

Total sampling frame 19,001 100.0%

Total returns 894 4.7%

Rejected and screened surveys 218 1.1%

Final sample 676 3.6%


Organizational level that best describes your current position


1% 2%

18%

25%

19%

25%

8%2%

Senior Executive

Vice President

Director

Manager

Supervisor

Technician

Staff

Contractor

Primary Person you or your IT security leader reports


53%

25%

12%

4%2% 2% 2%

Chief Information Officer

Chief Information Security Officer

Chief Risk Officer

Compliance Officer

Chief Financial Officer

Chief Security Officer

Other

What industry best describes your organization’s primary industry focus?


21%

12%

12%

11%

9%

8%

5%

4%

4%

3%

3%3%

2% 3%

Financial Services

Health & pharmaceuticals

Public Sector

Services

Retailing

Technology & software

Energy

Consumer products

Entertainment & media

Hospitality

Education & research

Transportation

Communications

Other

Organization’s worldwide headcount


8%

15%

20%

34%

20%

3%

< 500 people

500 to 1,000 people

1,001 to 5,000 people

5,001 to 25,000 people

25,001 to 75,000 people

> 75,000 people

Caveats


There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys.

Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument.

Sampling-frame bias: The accuracy is based on contact information and the degree to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a holdout period.

Self-reported results: The quality of survey research is based on the integrity of confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response.

Page 28

Questions?

Ponemon InstituteToll Free: 800.887.3118

Michigan HQ: 2308 US 31 N.

Traverse City, MI 49686 USA

[email protected]

Ponemon Institute© presentation

More Information

• Lumension® Endpoint Management

and Security Suite» Online Demo Video:

https://www.lumension.com/endpoint-

management-security-suite/demo.aspx

» Free Trial (virtual or download):https://www.lumension.com/endpoint-

management-security-suite/free-trial.aspx

» Get a Quote (and more)

https://www.lumension.com/get-a-quote.aspx

29

• 5 Years of Endpoint Risk

https://www.lumension.com/2014» 2014 State of Endpoint Risk Report

» What Keeps IT Up All Night Video

» 5 Years of Endpoint Risk Infographic

» Greatest IT Security Risks of 2014 Webcast

On-Demand