How To Protect Your Endpoints From Attack



Similar documents
2012 Endpoint Security Best Practices Survey

State of Security Survey GLOBAL FINDINGS

Federal Cyber Security Outlook for 2010

STATE OF THE DATA CENTER SURVEY GERMANY RESULTS

It s critical to be able to correlate threats pre-emptively and respond to them immediately.

2012 NORTON CYBERCRIME REPORT

The Impact of Cybercrime on Business

State of Mobility Survey. France Results

Design Your Security

Avoiding The Hidden Costs. of the Cloud

STATE OF THE DATA CENTER SURVEY GLOBAL RESULTS

How To Get A Cloud Service For A Small Business

Global Corporate IT Security Risks: 2013

DESIGN YOUR SECURITY. We build tailored, converged security for you. Technology. Strategy. People. The synergetic collaboration.

Avoiding The Hidden Costs

Building a Business Case:

SYMANTEC 2010 SMB INFORMATION PROTECTION SURVEY. Symantec 2010 SMB Information Protection Survey. Global Data

The Advanced Cyber Attack Landscape

EMC GLOBAL DATA PROTECTION INDEX GLOBAL KEY RESULTS & FINDINGS

How To Prevent Cybercrime

Perceptions About Network Security Survey of IT & IT security practitioners in the U.S.

United Kingdom Internet Security Threat Profile

EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR ITALY

PCI Data Security Standards (DSS)

EMC GLOBAL DATA PROTECTION INDEX KEY FINDINGS & RESULTS FOR SINGAPORE

Best Practices for a BYOD World

2012 Bit9 Cyber Security Research Report

2008 Disaster Recovery Research Overview and Key Findings Report

Global IT Security Risks

Data Sheet: Endpoint Security Symantec Protection Suite Enterprise Edition Trusted protection for endpoints and messaging environments

GWI Commerce Summary Q2 2014

STATE OF GLOBAL E-COMMERCE REPORT (Preview) February 2013

Exploring the Landscape of Philippine Cybersecurity

A Nielsen Report Global Trust in Advertising and Brand Messages. April 2012

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Security for Financial Services: Addressing the Perception Gaps in a Dynamic Landscape

First Half Review BREACH LEVEL INDEX. Findings from the POWERED BY

INFORMATION PROTECTED

Taking a Comprehensive Approach to Cloud Security

ES ET DE LA VIE PRIVÉE E 29 th INTERNATIONAL CONFERENCE OF DATA PROTECTION AND PRIVACY COMMISSIONERS

ADC Survey GLOBAL FINDINGS

CERTIFICATE MANAGEMENT SURVEY

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

Guide Antivirus. You wouldn t leave the door to your premises open at night. So why risk doing the same with your network?

Employer Perspectives on Social Networking: Global Key Findings

For additional information and evaluation copies of Trend Micro products and services, visit our website at

Endpoint Security More secure. Less complex. Less costs... More control.

Workplace of the Future: a global market research report

Protection for Mac and Linux computers: genuine need or nice to have?

SonicWALL Aventail SSL VPNs Working Together With SonicWALL End Point Security Solutions for Granular End Point Control

Reducing the cost and complexity of endpoint management

Foreign Taxes Paid and Foreign Source Income INTECH Global Income Managed Volatility Fund

MEDIA RELEASE. IOSCO reports on business continuity plans for trading venues and intermediaries

Endpoint Security Management

FACT SHEET Global Direct Selling

Digital vs Traditional Media Consumption

Malware isn t The only Threat on Your Endpoints

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Threat Trend Report Second Quarter 2007

Internet threats: steps to security for your small business

IBM Global Small and Medium Business. Keep Your IT Infrastructure and Assets Secure

Business Attitudes Toward Cybersecurity 2014

Cyber Security. John Leek Chief Strategist

We d Like That on Our Laptops, Notebooks, Tablets and Smartphones, Please

McAfee Total Protection Reduce the Complexity of Managing Security

Global IT Security Risks: 2012

Endpoint Security and the Case For Automated Sandboxing

Cybersecurity Report on Small Business: Study Shows Gap between Needs and Actions

BUSINESS SURVEYS 2015

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Websense Data Security Solutions

Next-Generation Firewalls: Critical to SMB Network Security

How To Protect Your Organization From Insider Threats

All-in-one coverage for your business

Enterprise Encryption Trends Survey GLOBAL RESULTS

Global Economic Briefing: Global Inflation

Proactive. Professional. IT Support and Remote Network Monitoring.

Use Bring-Your-Own-Device Programs Securely

Websense Web Security Solutions

10 Smart Ideas for. Keeping Data Safe. From Hackers

Performance 2015: Global Stock Markets

How are we keeping Hackers away from our UCD networks and computer systems?

Capabilities for Cybersecurity Resilience

CHECKLIST: ONLINE SECURITY STRATEGY KEY CONSIDERATIONS MELBOURNE IT ENTERPRISE SERVICES

McAfee Endpoint Protection for SMB. You grow your business. We keep it secure.

CA Host-Based Intrusion Prevention System r8.1

Network Security and the Small Business

Are organizations completely ready to stop cyberattacks?

Spyware: Securing gateway and endpoint against data theft

Better secure IT equipment and systems

Top five strategies for combating modern threats Is anti-virus dead?

Performance 2013: Global Stock Markets

Small and Midsize Business Protection Guide

White Paper. Five Steps to Firewall Planning and Design

Building a Web Security Ecosystem to Combat Emerging Internet Threats

Advanced Cyber Threats in State and Local Government

opinion piece Eight Simple Steps to Effective Software Asset Management

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

The Protection Mission a constant endeavor

Securing the endpoint and your data

Transcription:

2012 Endpoint Security Best Practices Survey GLOBAL RESULTS

CONTENTS Executive Summary... 4 Methodology... 6 Finding 1: Top tier organizations fare better against attacks... 8 Finding 2: Top tier organizations employ the latest in endpoint protection practices...10 Finding 3: Attacks against endpoints are costly...14 Symantec Recommendations...16 Endpoint Security Best Practices Survey 3

Executive Summary The threat landscape is evolving as cybercriminals become more sophisticated, stealthy and insidious with their attacks. The sheer volume of attacks is staggering: in 2010 alone, Symantec blocked 3.1 billion attacks. Approximately 144,000 malicious files are detected each day which translates to a rate of more than 4.3 million each month. The traditional endpoint security tool antivirus software is no longer effective on a stand-alone basis. Of those 3.1 billion blocked attacks, roughly half were stopped by intrusion prevention technologies inside the organizations endpoint security software proving that while signature-based antivirus plays a critical role in preventing threats, it s no longer an exclusive role. Second, IT departments are dealing with a change in the number of endpoints as employees are bringing an increasing number of devices into the workplace. Once restricted to PCs on the desk and servers in the data center, the term now covers laptops, smartphones, tablets, virtual servers and virtual desktops. Symantec commissioned the 2012 Endpoint Security Best Practices Survey to see how IT is coping with endpoint security. The findings show a wide variance between how the best and worst organizations handle endpoint security in terms of practices. Ultimately, those organizations employing best practices are enjoying dramatically better outcomes. 4 Endpoint Security Best Practices Survey

Endpoint Security Best Practices Survey 5

METHODOLOGY Symantec Commissioned Applied Research to field the Endpoint Security Survey in October of 2011. They contacted a total of 1,425 IT professionals in 32 countries. Of those, one-third were C-level employees or business owners, one-third were management focused on strategic issues, and the remaining third were management focused on tactical and operational issues. The poll has a reliability of 95% confidence with +/- 2.6% margin of error. 6 Endpoint Security Best Practices Survey

North America Latin America United States... 125 Canada... 125 Brazil...58 Mexico...37 NOLA...25 SOLA...25 EMEA France...50 Germany...50 Italy...50 Netherlands...50 Poland...50 Russia...50 United Kingdom...50 APJ China... 150 Indonesia... 100 Australia...75 Hong Kong...75 Japan...75 Taiwan...75 India...50 Singapore...50 Thailand...50 Endpoint Security Best Practices Survey 7

FINDING 1 Top tier organizations fare better against attacks The organizations that had deployed more comprehensive security technologies and practices were better prepared and better able to thwart attacks and reduce the amount of money and time spent doing so. The top tier companies were two-and-a-half times less likely to experience a large number of cyber attacks, and 3-and-a-half times less likely to experience downtime. Top tier companies only experienced 21 percent of the downtime of the lower tier businesses a total of 588 hours compared to 2,765 hours. 8 Endpoint Security Best Best Practices Survey

For each of the following devices, characterize the quantity of cyberattacks against your organization over the past 12 months: 100% 90% 80% 1 - We saw no cyberattacks 2 - We saw just a few cyberattacks 3 - We saw cyberattacks on a regular basis 4 - We saw a large number of cyberattacks 5 - We saw an extremely large number of cyberattacks 2% 2% 2% 2% 2% 3% 9% 7% 7% 7% 5% 6% 11% 16% 17% 9% 15% 10% 70% 60% 50% 36% 41% 42% 42% 41% 39% 40% 30% 20% 10% 41% 34% 32% 40% 37% 43% 0% Mobile devices Laptops/notebooks Physical desktops Virtual desktops Physical servers Virtual servers Please estimate how many separate incidents you experienced in the past 12 months, worldwide, that caused the following types of downtime: (Means shown) Downtime of a specific smartphone or tablet 122 Downtime of a specific desktop or notebook 89 Downtime of a specific server 48 Widespread downtime 30 0 20 40 60 80 100 120 140 Please estimate how much downtime (in hours) you experienced in the past 12 months, worldwide, that caused the following types of downtime: (Means shown) Downtime of a specific smartphone or tablet 270 Downtime of a specific desktop or notebook 241 Downtime of a specific server 48 Widespread downtime 29 *Top Tier Results 0 50 100 150 200 250 300 Endpoint Security Best Practices Survey 9

FINDING 2 Top tier organizations employ the latest in endpoint protection technologies and practices We asked survey respondents what precautions they were taking to protect their endpoints. Based on the safeguards, policies and procedures they employed, we were able to divide businesses into three tiers of preparation, and compared the organizations that were in the top tier with those in the bottom tier to see what distinguishes them from each other. Among these top performers, nearly 100 percent indicated they keep their endpoints, including virtual and physical servers, virtual and physical desktops, laptops/netbooks and mobile devices somewhat or completely updated with current operating system and application updates through the entire organization. These companies have not only deployed virus and spyware protection across nearly all of their virtual and physical endpoints, they have also deployed firewall protection, intrusion prevention systems, and tools to prevent unauthorized copying of data to and from peripheral devices such as USB drives. Nearly all of these top tier companies also indicated that a wide range of endpoint security safeguards and technologies, including encryption, access control, data loss prevention and reputation-based security are somewhat-to-extremely necessary. Finally, 99 percent of these top performers provide some form of employee security training, with 82 percent doing so at least once a year. 10 Endpoint Security Best Practices Survey

The policies and practices of the top performers contrast sharply with our findings among those organizations who ranked in the bottom tier of results and who experience more successful cyber attacks and heavier losses. These poor performers have not deployed the technologies necessary to thwart today s sophisticated threats, and do not adequately train employees on security best practices. When asked whether they keep their endpoint devices current with operating system and application updates across their virtual and physical servers and devices, less than half indicated their endpoints are somewhat-to-completely updated. Only 20 percent of their physical endpoints: desktops, laptops/notebooks and mobile devices, have virus and spyware protection, and only 10 percent of their virtual servers and desktops have those technologies deployed. The percentages are similarly low for physical and virtual endpoints with firewall protection, intrusion prevention systems and tools to prevent unauthorized copying of data to and from peripheral devices such as USB drives. Roughly half consider technologies such as encryption, access control, data loss prevention and reputation-based security as somewhat or extremely necessary, and only 66 percent train employees at least once a year. Endpoint Security Best Practices Survey 11

For each of the following endpoints, for what percentage of these endpoints has virus and spyware protection been deployed throughout your organization? (Means shown) Virtual servers 87% Physical servers 90% Virtual desktops 86% Physical desktops 90% Laptops/notebooks 90% Mobile devices 79% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% For your entire organization, what percentage of these endpoints has firewall protection? (Means shown) Virtual servers 93% Physical servers 94% Virtual desktops 91% Physical desktops 94% Laptops/notebooks 93% Mobile devices 83% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% *Top Tier Results 12 Endpoint Security Best Practices Survey

For your entire organization, what percentage of these endpoints has intrusion prevention systems installed throughout the organization? (Means shown) Virtual servers 90% Physical servers 92% Virtual desktops 88% Physical desktops 91% Laptops/notebooks 91% Mobile devices 78% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% For your entire organization, what percentage of these endpoints has security tools that prevent unauthorized copying of data to and from peripheral devices such as USB drives? (Means shown) Virtual servers 85% Physical servers 87% Virtual desktops 83% Physical desktops 84% Laptops/notebooks 83% Mobile devices 73% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% *Top Tier Results Endpoint Security Best Practices Survey 13

FINDING 3 Attacks against endpoints are costly The first thing we asked about in the survey was the cost incurred in dealing with a variety of endpoint-focused cyber attacks. We defined cyber attacks as an attack (from inside or outside the organization) on the computer network, website, physical devices such as desktops and mobile devices, as well as virtual servers and desktops. Examples could be viruses, spam, denial of service attacks, theft of information, fraud, vandalism and so forth. We then asked the respondents to indicate the costs they experienced as a result of cyber attacks to their endpoints. Combining the frequency of attack (what percentage of respondents experience each type of attack) with the magnitude (the average cost for each type of attack) we were able to determine that the typical organization incurred $470,000 in losses due to endpoint cyber attacks in the past 12 months. The most common consequences of attacks were forced dedication of IT manpower to remediate affected endpoints; the loss of organization, customer or employee data; and damage to the organization s brand and reputation. 14 Endpoint Security Best Practices Survey

Please indicate which costs your organization experienced as a result of cyberattacks to your endpoints in the past 12 months: Reduced stock price 3% Lost revenue 30% Lost productivity 53% Loss of organization, customer or employee data 24% Damaged brand reputation 24% Costs to comply with regulations after an attack 18% Labor costs to recover endpoints to a working state 31% 0% 10% 20% 30% 40% 50% 60% For each endpoint, please assign a total value, in monetary terms, of each of these losses in the past 12 months: (Means shown) Reduced stock price $123,504 Lost revenue $558,618 Lost productivity $174,309 Loss of organization, customer or employee data $106,910 Damaged brand reputation $480,831 Costs to comply with regulations after an attack $366,301 Labor cost to recover endpoints to working state $159,149 $0 $100,000 $200,000 $300,000 $400,000 $500,000 $600,000 *Top Tier Results Endpoint Security Best Practices Survey 15

Symantec Recommendations There is no silver bullet or single solution that will prevent all attacks, and companies should not rely solely on endpoint security technology for protection. To reduce the risk of a successful cyber attack, here are some steps any organization can take: Assess the risk. It s vital that organizations identify and classify confidential information. Organizations must know where sensitive information resides, who has access to it, and how it is entering or leaving your organization. In addition, organizations should continually assess their network and endpoints to identify possible vulnerabilities. Minimize the risk. Organizations must implement a multi-layer protection strategy to minimize the risk of exploited endpoints. In addition to traditional antivirus, firewall, and host intrusion protection technology, organizations should deploy the latest innovations in endpoint security, such as reputationbased security and real-time behavioral monitoring. These newer technologies provide additional efficacy in the battle to thwart many of new cyber-attacks. Finally, organizations must patch applications and systems regularly. Education is crucial. Train employees on the risks and what they need to do for safe computing and then hold them accountable. Eighty-two percent of top tier companies provide security training to their employees at least annually compared to 66 percent of bottom tier. Be Prepared. It s important to prepare for the inevitable by creating a full incident response plan. It s also vital to occasionally practice implementing the plan. When the time comes to put the plan into action, it will help you by improving your response time and will ensure a more complete response. 16 Endpoint Security Best Practices Survey

Endpoint Security Best Practices Survey 17

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information