How To Protect Your Endpoints From Attack

Transcription

1 2012 Endpoint Security Best Practices Survey GLOBAL RESULTS

2

3 CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Top tier organizations fare better against attacks... 8 Finding 2: Top tier organizations employ the latest in endpoint protection practices...10 Finding 3: Attacks against endpoints are costly...14 Symantec Recommendations...16 Endpoint Security Best Practices Survey 3

4 Executive Summary The threat landscape is evolving as cybercriminals become more sophisticated, stealthy and insidious with their attacks. The sheer volume of attacks is staggering: in 2010 alone, Symantec blocked 3.1 billion attacks. Approximately 144,000 malicious files are detected each day which translates to a rate of more than 4.3 million each month. The traditional endpoint security tool antivirus software is no longer effective on a stand-alone basis. Of those 3.1 billion blocked attacks, roughly half were stopped by intrusion prevention technologies inside the organizations endpoint security software proving that while signature-based antivirus plays a critical role in preventing threats, it s no longer an exclusive role. Second, IT departments are dealing with a change in the number of endpoints as employees are bringing an increasing number of devices into the workplace. Once restricted to PCs on the desk and servers in the data center, the term now covers laptops, smartphones, tablets, virtual servers and virtual desktops. Symantec commissioned the 2012 Endpoint Security Best Practices Survey to see how IT is coping with endpoint security. The findings show a wide variance between how the best and worst organizations handle endpoint security in terms of practices. Ultimately, those organizations employing best practices are enjoying dramatically better outcomes. 4 Endpoint Security Best Practices Survey

5 Endpoint Security Best Practices Survey 5

6 METHODOLOGY Symantec Commissioned Applied Research to field the Endpoint Security Survey in October of They contacted a total of 1,425 IT professionals in 32 countries. Of those, one-third were C-level employees or business owners, one-third were management focused on strategic issues, and the remaining third were management focused on tactical and operational issues. The poll has a reliability of 95% confidence with +/- 2.6% margin of error. 6 Endpoint Security Best Practices Survey

7 North America Latin America United States Canada Brazil...58 Mexico...37 NOLA...25 SOLA...25 EMEA France...50 Germany...50 Italy...50 Netherlands...50 Poland...50 Russia...50 United Kingdom...50 APJ China Indonesia Australia...75 Hong Kong...75 Japan...75 Taiwan...75 India...50 Singapore...50 Thailand...50 Endpoint Security Best Practices Survey 7

8 FINDING 1 Top tier organizations fare better against attacks The organizations that had deployed more comprehensive security technologies and practices were better prepared and better able to thwart attacks and reduce the amount of money and time spent doing so. The top tier companies were two-and-a-half times less likely to experience a large number of cyber attacks, and 3-and-a-half times less likely to experience downtime. Top tier companies only experienced 21 percent of the downtime of the lower tier businesses a total of 588 hours compared to 2,765 hours. 8 Endpoint Security Best Best Practices Survey

9 For each of the following devices, characterize the quantity of cyberattacks against your organization over the past 12 months: 100% 90% 80% 1 - We saw no cyberattacks 2 - We saw just a few cyberattacks 3 - We saw cyberattacks on a regular basis 4 - We saw a large number of cyberattacks 5 - We saw an extremely large number of cyberattacks 2% 2% 2% 2% 2% 3% 9% 7% 7% 7% 5% 6% 11% 16% 17% 9% 15% 10% 70% 60% 50% 36% 41% 42% 42% 41% 39% 40% 30% 20% 10% 41% 34% 32% 40% 37% 43% 0% Mobile devices Laptops/notebooks Physical desktops Virtual desktops Physical servers Virtual servers Please estimate how many separate incidents you experienced in the past 12 months, worldwide, that caused the following types of downtime: (Means shown) Downtime of a specific smartphone or tablet 122 Downtime of a specific desktop or notebook 89 Downtime of a specific server 48 Widespread downtime Please estimate how much downtime (in hours) you experienced in the past 12 months, worldwide, that caused the following types of downtime: (Means shown) Downtime of a specific smartphone or tablet 270 Downtime of a specific desktop or notebook 241 Downtime of a specific server 48 Widespread downtime 29 *Top Tier Results Endpoint Security Best Practices Survey 9

10 FINDING 2 Top tier organizations employ the latest in endpoint protection technologies and practices We asked survey respondents what precautions they were taking to protect their endpoints. Based on the safeguards, policies and procedures they employed, we were able to divide businesses into three tiers of preparation, and compared the organizations that were in the top tier with those in the bottom tier to see what distinguishes them from each other. Among these top performers, nearly 100 percent indicated they keep their endpoints, including virtual and physical servers, virtual and physical desktops, laptops/netbooks and mobile devices somewhat or completely updated with current operating system and application updates through the entire organization. These companies have not only deployed virus and spyware protection across nearly all of their virtual and physical endpoints, they have also deployed firewall protection, intrusion prevention systems, and tools to prevent unauthorized copying of data to and from peripheral devices such as USB drives. Nearly all of these top tier companies also indicated that a wide range of endpoint security safeguards and technologies, including encryption, access control, data loss prevention and reputation-based security are somewhat-to-extremely necessary. Finally, 99 percent of these top performers provide some form of employee security training, with 82 percent doing so at least once a year. 10 Endpoint Security Best Practices Survey

11 The policies and practices of the top performers contrast sharply with our findings among those organizations who ranked in the bottom tier of results and who experience more successful cyber attacks and heavier losses. These poor performers have not deployed the technologies necessary to thwart today s sophisticated threats, and do not adequately train employees on security best practices. When asked whether they keep their endpoint devices current with operating system and application updates across their virtual and physical servers and devices, less than half indicated their endpoints are somewhat-to-completely updated. Only 20 percent of their physical endpoints: desktops, laptops/notebooks and mobile devices, have virus and spyware protection, and only 10 percent of their virtual servers and desktops have those technologies deployed. The percentages are similarly low for physical and virtual endpoints with firewall protection, intrusion prevention systems and tools to prevent unauthorized copying of data to and from peripheral devices such as USB drives. Roughly half consider technologies such as encryption, access control, data loss prevention and reputation-based security as somewhat or extremely necessary, and only 66 percent train employees at least once a year. Endpoint Security Best Practices Survey 11

12 For each of the following endpoints, for what percentage of these endpoints has virus and spyware protection been deployed throughout your organization? (Means shown) Virtual servers 87% Physical servers 90% Virtual desktops 86% Physical desktops 90% Laptops/notebooks 90% Mobile devices 79% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% For your entire organization, what percentage of these endpoints has firewall protection? (Means shown) Virtual servers 93% Physical servers 94% Virtual desktops 91% Physical desktops 94% Laptops/notebooks 93% Mobile devices 83% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% *Top Tier Results 12 Endpoint Security Best Practices Survey

13 For your entire organization, what percentage of these endpoints has intrusion prevention systems installed throughout the organization? (Means shown) Virtual servers 90% Physical servers 92% Virtual desktops 88% Physical desktops 91% Laptops/notebooks 91% Mobile devices 78% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% For your entire organization, what percentage of these endpoints has security tools that prevent unauthorized copying of data to and from peripheral devices such as USB drives? (Means shown) Virtual servers 85% Physical servers 87% Virtual desktops 83% Physical desktops 84% Laptops/notebooks 83% Mobile devices 73% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% *Top Tier Results Endpoint Security Best Practices Survey 13

14 FINDING 3 Attacks against endpoints are costly The first thing we asked about in the survey was the cost incurred in dealing with a variety of endpoint-focused cyber attacks. We defined cyber attacks as an attack (from inside or outside the organization) on the computer network, website, physical devices such as desktops and mobile devices, as well as virtual servers and desktops. Examples could be viruses, spam, denial of service attacks, theft of information, fraud, vandalism and so forth. We then asked the respondents to indicate the costs they experienced as a result of cyber attacks to their endpoints. Combining the frequency of attack (what percentage of respondents experience each type of attack) with the magnitude (the average cost for each type of attack) we were able to determine that the typical organization incurred $470,000 in losses due to endpoint cyber attacks in the past 12 months. The most common consequences of attacks were forced dedication of IT manpower to remediate affected endpoints; the loss of organization, customer or employee data; and damage to the organization s brand and reputation. 14 Endpoint Security Best Practices Survey

15 Please indicate which costs your organization experienced as a result of cyberattacks to your endpoints in the past 12 months: Reduced stock price 3% Lost revenue 30% Lost productivity 53% Loss of organization, customer or employee data 24% Damaged brand reputation 24% Costs to comply with regulations after an attack 18% Labor costs to recover endpoints to a working state 31% 0% 10% 20% 30% 40% 50% 60% For each endpoint, please assign a total value, in monetary terms, of each of these losses in the past 12 months: (Means shown) Reduced stock price $123,504 Lost revenue $558,618 Lost productivity $174,309 Loss of organization, customer or employee data $106,910 Damaged brand reputation $480,831 Costs to comply with regulations after an attack $366,301 Labor cost to recover endpoints to working state $159,149 $0 $100,000 $200,000 $300,000 $400,000 $500,000 $600,000 *Top Tier Results Endpoint Security Best Practices Survey 15

16 Symantec Recommendations There is no silver bullet or single solution that will prevent all attacks, and companies should not rely solely on endpoint security technology for protection. To reduce the risk of a successful cyber attack, here are some steps any organization can take: Assess the risk. It s vital that organizations identify and classify confidential information. Organizations must know where sensitive information resides, who has access to it, and how it is entering or leaving your organization. In addition, organizations should continually assess their network and endpoints to identify possible vulnerabilities. Minimize the risk. Organizations must implement a multi-layer protection strategy to minimize the risk of exploited endpoints. In addition to traditional antivirus, firewall, and host intrusion protection technology, organizations should deploy the latest innovations in endpoint security, such as reputationbased security and real-time behavioral monitoring. These newer technologies provide additional efficacy in the battle to thwart many of new cyber-attacks. Finally, organizations must patch applications and systems regularly. Education is crucial. Train employees on the risks and what they need to do for safe computing and then hold them accountable. Eighty-two percent of top tier companies provide security training to their employees at least annually compared to 66 percent of bottom tier. Be Prepared. It s important to prepare for the inevitable by creating a full incident response plan. It s also vital to occasionally practice implementing the plan. When the time comes to put the plan into action, it will help you by improving your response time and will ensure a more complete response. 16 Endpoint Security Best Practices Survey

17 Endpoint Security Best Practices Survey 17