New report highlights need for layered endpoint security strategy
55% of IT and security professionals have either zero or low visibility of employee behavior, application access and software downloads as they struggle to secure the endpoint.
The "Cyber Strategies for Endpoint Defense 2014" study, carried out by the Ponemon Institute and privilege management firm Avecto, surveyed more than 500 IT security practitioners in the US.
On top of low visibility, the study also revealed the excessive power users are given over IT infrastructures. An average of 31% of staff reportedly have administrator privileges, opening companies up to insider threats and serious damage from malware and targeted attacks.
Users are also calling the shots when it comes to security, with 42% of respondents revealing that the number of staff with admin privileges has increased from last year due to growing demand from employees and 50% giving admin rights because they are unable to control application use.
Almost a quarter of respondents cannot determine the number of IT users with admin privileges, despite 34% of total security time being spent on managing user profiles.
The results depict IT departments without adequate power and control over their users, with over 80% admitting they find it difficult to secure the endpoint and just 5% claiming to be prepared to deal with targeted cyber-attacks.
Paul Kenyon, co-founder and EVP of Avecto said: "The lack of visibility that IT security professionals have in terms of user behavior and admin rights, combined with more sophisticated attack vectors, is making securing and managing the endpoint a growing challenge. As a result, this is opening up a huge variety of internal and external vulnerabilities.
"As businesses move to Windows 7/8 in the wake of XP support expiration, they are finding new challenges in the way they have previously managed endpoint security. It is now more important than ever that organizations invest in the security measures they need to protect themselves."
The wide-ranging study looked at a number of endpoint security threats, and revealed that preventing APTs is the greatest concern, yet 52% of organizations do not have the correct technology in place to prevent targeted cyber-attacks.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute said: "While preventing targeted attacks is considered a high priority, only 5% of respondents said their organization is fully prepared to deal with them. Organizations must deploy a layered approach to endpoint security or they will risk opening their systems up to vulnerability from multiple threat sources. The new age of cyber-attacks requires modern defenses and companies must act quickly."