BYOD, APTs and Applications Top Endpoint Security Concerns

Anthony Freed
By | December 04, 2012

Posted in: Network Security Trends

As the information technology landscape changes with the advent of new products and services being adopted by organizations, so do the threat vectors that demand the most attention. According to a new study commissioned by Lumension and conducted by the the Poneman Institute, the mass deployment of mobility solutions for employees along with the escalation of advanced persistent threats (APT) and unresolved vulnerabilities in third-party applications have emerged as the top three threats to endpoint security moving in to 2013.

“Once again, we found the changing security terrain is preventing the state of endpoint security from improving,” said Dr. Larry Ponemon in a press release.

The fourth annual State of the Endpoint Risk study surveyed 671 information technology professionals and security practitioners, the majority of which were in management positions from organizations with more than 1000 employees, and represented multiple industry verticals including financial services, the public sector and healthcare.

Of greatest concern was the proliferation of employee-owned devices being used in the workplace, a trend commonly referred to as BYOD (Bring Your Own Device). The survey found that 80% of respondents indicated that mobile devices data with sensitive and proprietary data posed one of the greatest risks to their organization’s network security. Given this level of concern, it is surprising that only 13% of respondents said their company implements stricter security standards for personal devices than those issued by the enterprise, and fully 29% reported that their organization had no specific strategy for securing employee-owned devices whatsoever.

Where previous studies in the series found that servers, data centers and operating system vulnerabilities dominated the network security focus, this year's findings indicate that 67% of IT and security professionals are now more concerned about third-party application vulnerabilities, second only to mobile security issues.

The study reveals that although the threats identified are changing, the ability for IT departments to shift mitigation strategies is stymied either by a lack of resources or by an inability to communicate the evolution of the threatscape to senior management.

“Clearly, IT is concerned but ill-equipped to deal with these issues. This may be due to lack of budget or lack of confidence in the tools they have at their disposal. We need to ensure that these issues are being raised to the C-suite, so that IT can secure the tools and funds they need to deal with this ever-growing challenge," said Lumension CEO Pat Clawson in the press release.

The risk posed by APTs was also found to be of increasing concern for the survey respondents, with 36% ranking the tactics as being a "significant" threat, up from 24% who cited APTs as a grave concern in the 2011 study.

“With the rise of hacktivism and advanced persistent threats, along with the sheer number of malware incidents we are seeing today, IT simply cannot keep up with the bad guys. Add to this fact that end-users are furthering the complexity of the IT environment by bringing in mobile devices and downloading third-party applications - causing risk to exponentially proliferate. IT simply must take further action before the risk is beyond their control,” Poneman said of the findings.

The study reinforces the notion that enterprise security needs to remain nimble and versatile to effectively address emerging and persistent threats to data security.

You May Also Be Interested In: