Upload
lumension
View
454
Download
0
Tags:
Embed Size (px)
Citation preview
2013 State of the Endpoint
Presentation by Dr. Larry PonemonDecember 5, 2012
04/18/2023 Ponemon Institute: Private & Confidential Information 2
About Ponemon Institute
• Ponemon Institute conducts independent research on cyber security, data protection and privacy issues.
• Since our founding 11+ years ago our mission has remained constant, which is to enable organizations in both the private and public sectors to have a clearer understanding of the practices, enabling technologies and potential threats that will affect the security, reliability and integrity of information assets and IT systems.
• Ponemon Institute research informs organizations on how to improve upon their data protection initiatives and enhance their brand and reputation as a trusted enterprise.
• In addition to research, Ponemon Institute offers independent assessment and strategic advisory services on privacy and data protection issues. The Institute also conducts workshops and training programs.
• The Institute is frequently engaged by leading companies to assess their privacy and data protection activities in accordance with generally accepted standards and practices on a global basis.
• The Institute also performs customized benchmark studies to help organizations identify inherent risk areas and gaps that might otherwise trigger regulatory action.
04/18/2023 3
Introduction
• Since 2010, Ponemon Institute and Lumension have tracked endpoint risk in organizations, the resources to address the risk and the technologies deployed to manage threats.
• This study reveals that the state of endpoint risk is not improving. One of the top concerns is the proliferation of personally owned mobile devices in the workplace such as smart phones and iPads.
• Malware attacks are increasing and are having a significant impact on IT
operating expenses. Advanced persistent threats and hactivism pose the biggest headache to IT security pros.
Ponemon Institute: Private & Confidential Information
04/18/2023 Ponemon Institute: Private & Confidential Information 4
MethodsA random sampling frame of 17,744 IT and IT security practitioners located in all regions of the United States were selected as participants to this survey. As shown below, 923 respondents completed the survey. Screening removed 178 surveys and an additional 74 surveys that failed reliability checks were removed. The final sample was 671 surveys (or a 3.8 percent response rate).
Sample response FY 2012 FY 2011 FY 2010
Total sampling frame 17,744 18,988 11,890
Total returns 923 911 782
Rejected surveys 74 80 65
Screened surveys 178 143 153
Final sample 671 688 564
Response Rate 3.8% 3.6% 4.7%
04/18/2023 Ponemon Institute: Private & Confidential Information 5
Distribution of respondents according to primary industry classification
20%
12%
10%
9%8%
7%
5%
5%
5%
4%
3%
3%3%
2%2% 2%
Financial Services
Health & pharmaceuticals
Public Sector
Retailing
Services
Technology & software
Hospitality
Industrial
Education & research
Energy
Consumer products
Communications
Entertainment & media
Agriculture
Defense
Transportation
04/18/2023 Ponemon Institute: Private & Confidential Information 6
What organizational level best describes your current position?
19%
26%
19%
23%
7%
3% 3%
Director
Manager
Supervisor
Technician
Staff
Contractor
Other
04/18/2023 Ponemon Institute: Private & Confidential Information 7
The primary person you or the IT security leader reports to within the organization
54%
23%
9%
6%
4%3% 1%
Chief Information Officer
Chief Information Security Officer
Chief Risk Officer
Compliance Officer
Chief Security Officer
General Counsel
Chief Financial Officer
04/18/2023 Ponemon Institute: Private & Confidential Information 8
Worldwide headcount
7%
16%
21%
33%
19%
4%
Less than 500 people
500 to 1,000 people
1,001 to 5,000 people
5,001 to 25,000 people
25,001 to 75,000 people
More than 75,000 people
Results
The endpoint threat landscape
04/18/2023 Ponemon Institute: Private & Confidential Information 11
IT security risks considered to be on the rise Three choices permitted in 2010 and 5 choices permitted in 2011 and 2012
Removable media and/or media (CDs, DVDs)
Cloud computing infrastructure & providers
Negligent insider risk *
Our PC desktop/laptop
Mobile/remote employees
Across 3rd party applications
Mobile devices
0% 10% 20% 30% 40% 50% 60% 70% 80%
10%
18%
44%
44%
45%
9%
42%
43%
43%
41%
49%
56%
48%
39%
41%
44%
45%
53%
67%
73%
FY 2012 FY 2011 FY 2010
* This choice was not available for all fiscal years
04/18/2023 Ponemon Institute: Private & Confidential Information 12
IT security risks believed to be decreasing or staying the same Three choices permitted in 2010 and 5 choices permitted in 2011 and 2012
Our data centers
Within operating systems
Network infrastructure environment
Malicious insider risk *
Our server environment
Virtual computing environments
Lack of system connectivity/visibility *
Lack of organizational alignment *
0% 5% 10% 15% 20% 25% 30% 35% 40% 45%
14%
11%
11%
32%
20%
12%
10%
14%
16%
29%
28%
29%
39%
6%
8%
10%
15%
19%
19%
25%
36%
FY 2012 FY 2011 FY 2010
* This choice was not available for all fiscal years
04/18/2023 Ponemon Institute: Private & Confidential Information 13
Is your IT network more secure now than it was a year ago?
FY 2012 FY 2011 FY 20100%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
33% 34%36%
46%
41%
36%
21%
25%
28%
Yes No Unsure
04/18/2023 Ponemon Institute: Private & Confidential Information 14
IT security risks of most concern since 2010More than three choices permitted in 2010 and 3 choices permitted in 2011 and 2012
Intrusions and data loss within virtual envi-ronments
Advanced persistent threats
Increased use of mobile platforms *
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
13%
24%
23%
24%
36%
22%
36%
47%
FY 2012 FY 2011 FY 2010
* This choice was not available for all fiscal years
04/18/2023 Ponemon Institute: Private & Confidential Information 15
IT security risks that have declined or stayed the same More than three choices permitted in 2010 and 3 choices permitted in 2011 and 2012
Lack of an organizational wide security strategy *
Lack of integration between endpoint operations & security technologies
Insufficient collaboration among IT & business operations *
Inability to measure policy compliance *
Malicious insider risk
Increasingly sophisticated & targeted cyber attackers
Insufficient budget resources
Use of insecure cloud computing resources
Growing volume of malware
Negligent insider risk
0% 10% 20% 30% 40% 50% 60% 70%
13%
17%
16%
12%
11%
26%
32%
31%
29%
28%
12%
18%
13%
6%
12%
31%
30%
28%
30%
15%
20%
19%
40%
47%
49%
61%
50%
FY 2012 FY 2011 FY 2010*
* This choice was not available for all fiscal years
Mobility is an IT security headache
04/18/2023 Ponemon Institute: Private & Confidential Information 17
Mobile devices pose a significant security riskStrongly agree and agree response combined
FY 2012 FY 20110%
10%
20%
30%
40%
50%
60%
70%
80%
90%
80%
74%
04/18/2023 Ponemon Institute: Private & Confidential Information 18
Technologies expected to increase in the next 12 to 24 monthsSubstantial increase and increase response combined
Social media / Web 2.0 *
Security event and incident management *
Use of internal cloud computing infrastructure
Virtualized environments
Use of 3rd party cloud computing infrastructure
Mobile devices / smart phones
0% 10% 20% 30% 40% 50% 60% 70% 80%
72%
45%
35%
52%
56%
70%
0.53
0.61
0.63
0.75
FY 2012 FY 2011
This choice was not available for FY 2012
04/18/2023 Ponemon Institute: Private & Confidential Information 19
Important mobile device management featuresThree choices permitted
Other
Remote wipe capability
Anti-theft features
Asset tracking
Encryption and other data loss technologies
Virus and malware detection or prevention
Provisioning and access policy management
0% 10% 20% 30% 40% 50% 60% 70% 80%
3%
41%
42%
47%
49%
55%
62%
1%
38%
39%
43%
44%
65%
70%
FY 2012 FY 2011
04/18/2023 Ponemon Institute: Private & Confidential Information 20
Personal mobile device use in the workplace
None 1 to 25% 26 to 50% 51 to 75% More than 75% Cannot determine0%
5%
10%
15%
20%
25%
30%
35%
40%
2%
16%
28%29%
18%
7%
3%
23%
34%
20%
13%
7%
FY 2012 FY 2011
04/18/2023 Ponemon Institute: Private & Confidential Information 21
Security policy for employee owned devices
0%
10%
20%
30%
40%
50%
29%
19%
39%
13%
21% 21%
46%
12%
FY 2012 FY 2011
04/18/2023 Ponemon Institute: Private & Confidential Information 22
Most vulnerable third-party applicationsThree choices permitted
Other
Mozilla Firefox
WinZip
Oracle applications
VMware
Apple apps
Apple/Mac OS
General 3rd party apps outside of Microsoft
Microsoft OS/applications
Adobe
Google Docs
0% 10% 20% 30% 40% 50% 60% 70%
4%
2%
19%
10%
17%
14%
15%
58%
57%
54%
46%
1%
6%
16%
22%
20%
20%
24%
46%
49%
50%
47%
0%
3%
11%
15%
18%
28%
30%
40%
44%
55%
55%
FY 2012 FY 2011 FY 2010
The malware threat
04/18/2023 Ponemon Institute: Private & Confidential Information 24
Monthly malware attempts or incidents
Less than 5 5 to 10 11 to 25 26 to 50 More than 50 Not sure0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
2%
9%11%
23%
35%
20%
3%
9%
13%
32%
43%
6%
11%
21%
35%
27%
FY 2012 FY 2011 FY 2010
04/18/2023 Ponemon Institute: Private & Confidential Information 25
Changes in malware incidents over the past year
Yes, major increase Yes, but only slight increase
No, they stayed the same No, they have decreased Not sure0%
5%
10%
15%
20%
25%
30%
35%
40%
37%
18%
22%
8%
15%
31%
22%
25%
8%
14%
26%
21%
25%
9%
17%
FY 2012 FY 2011 FY 2010
04/18/2023 Ponemon Institute: Private & Confidential Information 26
Most frequent and annoying incidents More than one choice permitted
Other
Exploitexisting software vulnerability > 3 months
Exploit existing software vulnerability < 3 months
SQL injection
Zero day attacks
Hacktivism
Clickjacking
Spyware
Advanced persistent threats / Targeted attacks*
Botnet attacks
Rootkits
Web-borne malware attacks
General malware
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
0%
6%
5%
12%
13%
15%
7%
0%
25%
8%
4%
3%
2%
5%
26%
28%
29%
31%
41%
43%
45%
54%
55%
65%
79%
86%
Which incidents are you seeing frequently in your organization’s IT networks?Which one incident represents your biggest headache?
*Termed Targeted Attacks in the 2011 survey
04/18/2023 Ponemon Institute: Private & Confidential Information 27
IT operating costs increase due to malware
Very significant Significant Some significance None0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
21%
43%
28%
8%
22%
41%
29%
8%
14%
40%
32%
14%
FY 2012 FY 2011 FY 2010
Barriers to achieving optimal security
04/18/2023 Ponemon Institute: Private & Confidential Information 29
IT security budget changes from last year
Increase Stay the same Decrease Unsure0%
10%
20%
30%
40%
50%
60%
29%
48%
12% 11%
25%
56%
10% 9%
FY 2012 FY 2011
04/18/2023 Ponemon Institute: Private & Confidential Information 30
Collaboration between IT operations and IT security
Colla
bora
tion
is ex
celle
nt
Colla
bora
tion
is ad
equa
te, b
ut ca
n be
impr
oved
Colla
bora
tion
is po
or o
r non
-exis
tent
0%
10%
20%
30%
40%
50%
60%
13%
46%41%
12%
48%40%
FY 2012 FY 2011
04/18/2023 Ponemon Institute: Private & Confidential Information 31
Admin privileges allowed
No
Yes, to
par
t of th
e us
er e
nviro
nmen
t
Yes, to
the
entir
e us
er e
nviro
nmen
t0%
5%
10%
15%
20%
25%
30%
35%
40%
45%40% 41%
19%
04/18/2023 Ponemon Institute: Private & Confidential Information 32
Greatest challenges in meeting federal compliance regulationsTwo choices permitted
None of the above
Manual data collection
Inconsistent reporting
Explaining issues and requirements to management
Increasing audit burden
Lack of resources
0% 10% 20% 30% 40% 50% 60% 70% 80%
12%
9%
11%
15%
73%
75%
04/18/2023 Ponemon Institute: Private & Confidential Information 33
Impact of external compliance requirements on IT security functionTwo choices permitted
None of the above
Formal audits to ensure policy enforcement
Requirements to update or create new training procedures
Requirements to update or create new policies
Improved control procedures
Better understanding of organizational IT risk
More funding for purchasing security technologies
More personnel and funding for meeting compliance initiatives
0% 10% 20% 30% 40% 50% 60%
13%
9%
10%
12%
20%
24%
53%
56%
Current and future technologies
04/18/2023 Ponemon Institute: Private & Confidential Information 35
Technologies in use or to be invested in over the next 12 months More than one choice permitted
Applic
atio
n co
ntro
l fire
wall
Applic
atio
n co
ntro
l/whi
telis
ting
Endpo
int m
anag
emen
t and
secu
rity s
uite
SEIM
Mob
ile d
evice
man
agem
ent *
0%
10%
20%
30%
40%
50%
60%
45%38%
34%
42%
55% 55%49% 47%
Current use of technology Expected increase in use of technology
04/18/2023 Ponemon Institute: Private & Confidential Information 36
Most effective tools for reducing IT risk Fiscal years 2012 and 2011 limited to 5 choices
Anti-virus & anti-malware
Application control/whitelisting
Application control firewall
Device control
Endpoint firewall
Endpoint management & security suites/platforms
Security event and incident management *
Vulnerability assessment *
Privilege management *
0% 10% 20% 30% 40% 50% 60% 70% 80%
57%
44%
52%
57%
59%
48%
70%
40%
37%
42%
44%
43%
41%
43%
55%
33%
36%
37%
37%
39%
40%
40%
45%
46%
FY 2012FY 2011FY 2010
* This choice not available for all fiscal years
04/18/2023 Ponemon Institute: Private & Confidential Information 37
Reasons for migrating to Windows 8Two choices permitted
Improvements in vendor support
Interoperability issues with other systems
Stability of the operating system
Improvements in speed and performance
Improvements in security
Efficiency and user productivity gains
0% 5% 10% 15% 20% 25% 30% 35% 40% 45% 50%
19%
31%
33%
37%
38%
43%
Cloud computing and endpoint security
04/18/2023 Ponemon Institute: Private & Confidential Information 39
The existence and enforcement of cloud security policies
Yes No Unsure0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
40%
36%
24%
41%
45%
14%
Does your organization have a centralized cloud security policy?Do you enforce employees’ use of private clouds?
04/18/2023 Ponemon Institute: Private & Confidential Information 40
Conclusion & Recommendations
• Create acceptable use policies for personally owned devices in the workplace.
• Conduct risk assessments and consider the use of an integrated endpoint
security suite that includes vulnerability assessment, device control, anti-virus and anti-malware.
• Establish governance practices for privileged users at the device level to define
acceptable use of mobile, BYOD and corporate-owned asset as well as limit the installation of third-party applications.
• Ensure that policies and procedures clearly state the importance of protecting sensitive and confidential information stored in the cloud.
• To better address the difficulties in managing the endpoint risk, collaboration
between IT operations and IT security should be improved to achieve a better allocation of resources and the creation of strategies to address risks associated with hacktivism, BYOD, third-party applications and cloud computing.
04/18/2023 Ponemon Institute: Private & Confidential Information 41
Caveats
• There are inherent limitations to survey research that need to be carefully considered before drawing inferences from findings. The following items are specific limitations that are germane to most web-based surveys.
• Non-response bias: The current findings are based on a sample of survey returns. We sent surveys to a representative sample of individuals, resulting in a large number of usable returned responses. Despite non-response tests, it is always possible that individuals who did not participate are substantially different in terms of underlying beliefs from those who completed the instrument.
• Sampling-frame bias: The accuracy is based on contact information and the degree
to which the list is representative of individuals who are IT or IT security practitioners. We also acknowledge that the results may be biased by external events such as media coverage. We also acknowledge bias caused by compensating subjects to complete this research within a holdout period.
• Self-reported results: The quality of survey research is based on the integrity of
confidential responses received from subjects. While certain checks and balances can be incorporated into the survey process, there is always the possibility that a subject did not provide a truthful response.
Questions?
Ponemon Institutewww.ponemon.orgTel: 231.938.9900
Toll Free: 800.887.3118Michigan HQ: 2308 US 31 N. Traverse City, MI 49686 USA