Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Organizations Struggle to Protect Growing Number of Endpoints

A recent study conducted by Dimensional Research has revealed that most organizations don’t have a security strategy in place to protect the growing number of endpoints on their networks.

A recent study conducted by Dimensional Research has revealed that most organizations don’t have a security strategy in place to protect the growing number of endpoints on their networks.

According to the study, just 33% of the survey’s respondents admitted that such a security strategy was in place, while the rest either said they were in the process of building such a strategy (51%), or that they didn’t have plans on the matter (16%). The stats are worrying, because the compromise of critical endpoints could have dire fiscal or operational consequences for an organization.

Traditionally, devices with which users could interact, such as desktops, tablets or phones, have been considered endpoints, but employee-owned devices, virtual machines, point-of-sale terminals, Internet of Things (IoT) devices and servers have been recently added to the list as well. The number of critical endpoints on enterprise networks has been growing fast despite security risks, with over 200 billion connected devices forecast by 2020.

According to the study, conducted on behalf of Tripwire, organizations also lack insight on whether the devices connected to their networks receive security updates in a timely fashion. When asked if they were confident that these devices were kept up to date, only 40% of respondents said they were.

When asked whether they were concerned about the security of IoT (Internet of Things) devices connecting to their organization’s network, only 21% of respondents said it was their top concern. 57% said they were concerned but didn’t see it as a top threat, 10% said they weren’t concerned, while 12% said they prohibit IoT devices on the corporate network.

Massive distributed denial of service (DDoS) attacks carried out against Brian Krebs’ blog and hosting provider OVH have brought to the spotlight once again weaknesses in IoT devices. Many of them are secured with easy-to-guess, hardcoded default credentials and also have vulnerable services enabled by default, which exposes them to botnets such as Mirai or other types of IoT malware.

Advertisement. Scroll to continue reading.

Despite that, most organizations (57%) perform a comprehensive inventory of all hardware and software based assets on their network (including IoT devices) either once a year (31%) or without following a strict schedule (26%). Only 15% said they were performing the inventory continuously, others perform the check weekly (1%), monthly (5%), or quarterly (14%), but 7% never do it.

“Timely application of security updates is one of the most effective ways to reduce risk in any organization, but it remains a widespread challenge. As more diverse devices are deployed, the availability and management of these updates becomes more difficult. Organizations need to have a strategy now, before an incident occurs,” Tim Erlin, senior director of IT security and risk strategy for Tripwire, said.

Carried out in August to evaluate the challenges that organizations must address to optimize their cyber security and compliance programs, the survey received responses from more than 500 IT security professionals.

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

CISO Strategy

Varied viewpoints as related security concepts take on similar traits create substantial confusion among security teams trying to evaluate and purchase security technologies.

Endpoint Security

The Zero Day Dilemma

Endpoint Security

When establishing visibility and security controls across endpoints, security professionals need to understand that each endpoint bears some or all responsibility for its own...