As little as one-third of businesses have security strategies in place to protect the growing number of endpoints on their networks.
That’s according to new findings from Tripwire, whose 2016 Security Challenge Survey of over 500 IT security professionals also found 60% of respondents admitted to not being confident that all of their network-connected devices receive updates in a timely fashion.
“Timely application of security updates is one of the most effective ways to reduce risk in any organization, but it remains a widespread challenge,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire.
“As more diverse devices are deployed, the availability and management of these updates becomes more difficult. Organizations need to have a strategy now, before an incident occurs.”
Whilst endpoints used to be confined to traditional devices such as desktops, tablets or phones, they are now vastly expanded to include additional items like employee-owned devices, virtual machines, point-of-sale terminals, IoT devices and servers. This presents companies with significant and unique security risks as they struggle to maintain control.
“The proliferation of devices from BYOD, IoT, and the incidental use of personal devices in the enterprise is causing ‘device sprawl,’ so it’s no surprise enterprises aren’t keeping up” added Dwayne Melancon, Tripwire’s vice-president of products.
“The key to dealing with this risk is to remember that foundational controls still apply, regardless of scale – know what’s on your network, understand how it’s vulnerable, keep it patched, keep it securely configured, and monitor the heck out of it for suspicious activity.”