Seventy-one percent of those polled in the fifth annual State of the Endpoint study conducted by the Ponemon Institute said that endpoint issues have become more difficult to stop or mitigate in the last two years. And three-quarters (75%) see mobile devices as the source of the greatest rise in IT security risks for 2014, up from just 9% in 2010.
And yet, almost half (46%) of respondents said they do not manage employee-owned mobile devices.
“We’ve seen the threat landscape fundamentally change over the last five years,” said Larry Ponemon, founder of the Institute. “Trending data shows increasing concern, year over year, over the explosion of mobile devices on the network. It’s now IT’s greatest risk. And unfortunately, 46% of our respondents report no efforts are in place to secure them.”
Targeted attacks, or advanced persistent threats (APTs), are also increasingly concerning for survey respondents. This year, 39% reported APTs as one of their most concerning risks, up 55% from 2009. While 40% report they were a victim of a targeted attack in the last year, another 25% say they aren’t sure if they have been, revealing many organizations don’t have security mechanisms in place to detect such an attack. For those that have experienced such an attack, spear phishing emails sent to employees were identified as the number one attack entry point.
Respondents also report the volume of malware continues to be an escalating problem. The survey found that 41% say they experience more than 50 malware attacks a month, up 15% from those who reported that amount three years ago. And malware attacks are costly, with 50% saying their operating expenses are increasing and 67% saying malware attacks significantly contributed to that rising expense.
“As the endpoint environment evolves, so must IT security strategy,” said C. Edward Brice, senior vice president of worldwide marketing at study sponsor Lumension, in a statement. “Rubber-stamping the security portfolio of years past shouldn’t be an option given how fluid an organizations’ data has become. Security technologies should be reviewed for this emerging threat landscape. User education is also critical.”
Concerningly, despite rising costs, IT budgets have not increased for the majority. While 65% report they prioritize endpoint security, IT budgets do not reflect this shift. Just 29% say their budgets have increased in the past 24 months.