Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

Best Practices Work – Gaps are Still Costly, Says Symantec Survey

An Endpoint Protection Best Practices survey from Symantec, which was conducted last October by Applied Research, shows that organizations following best practices for protecting endpoints are doing a better job protecting critical assets and information. However, when those protections fail, it’s still a costly situation. In short, Symantec is proving that nothing is truly secure.

An Endpoint Protection Best Practices survey from Symantec, which was conducted last October by Applied Research, shows that organizations following best practices for protecting endpoints are doing a better job protecting critical assets and information. However, when those protections fail, it’s still a costly situation. In short, Symantec is proving that nothing is truly secure.

Symantec Endpoint Security SurveyThe aim of the study, which surveyed 1,425 respondents in the IT sector, with a third of them being C-Level executives, was to see how IT is coping with endpoint security. As would be expected, the organizations that deployed more layers and stronger defenses were able to better thwart or survive attacks. Those in the top tier were 2.5 times less likely to experience a major cyberattack, and 3.5 times less likely to experience downtime.

Of the assets attacked, laptops/notebooks were hit 26% of the time, followed by desktops (25%) and physical servers (22%). After that, their virtual counterparts suffered less. Mobile devices, including smartphones and tablets, were targeted 22% of the time. Going further, those numbers translate some sort of downtime. There were 122 instances of downtime were triggered by a mobile device, 89 instances due to a desktop or laptop, 48 due to a server, and 30 instances of widespread downtime. Mobile devices and physical desktops or laptops suffered a combined 511 hours of downtime as a result of being targeted.

When it comes to protecting their assets, the respondents use various layers. These layers include DLP, IPS/IDS, anti-Malware, and Firewalls. In each case, virtual and physical assets were protected. On top of that, 99% of the organizations that took part in the research said that these protections were merged with awareness training for staff.

“The policies and practices of the top performers contrast sharply with our findings among those organizations who ranked in the bottom tier of results and who experience more successful cyber attacks and heavier losses. These poor performers have not deployed the technologies necessary to thwart today’s sophisticated threats, and do not adequately train employees on security best practices,” Symantec’s findings state.

The layered protections also include patch maintenance and management. Overall, the physical layer (servers, desktops, laptops) achieved a reported level of 90% when it came to anti-Malware protection, 93-94% for Firewall coverage, 91-92% for IDS/IPS coverage, and 83-87% for DLP coverage. Mobile devices remained in the mid-low 70% in the same areas, while virtual protections moved about some, hitting the mid-upper 80% to the low 90 percentile range.

Again, the protections are there, but the gaps in coverage are where the damage happens. According to Symantec, when an incident occurred, 53% of the respondents suffered lost productivity and labor costs associated with dedicated IT resources to resolve the issue, followed by revenue loss, lost of data, and damaged brand protection.

The costs themselves, when combined, equate to $558,000 in revenue losses, $480,831 in brand or reputation losses, $366,301 in losses due to compliance additions and fines, and $174,309 in productivity losses.

So things are not so bad it seems, but there is still plenty of work to do.

Advertisement. Scroll to continue reading.

“There is no silver bullet or single solution that will prevent all attacks, and companies should not rely solely on endpoint security technology for protection,” Symantec concluded.

Key areas of work include risk assessment and minimization. Knowing what needs to be protected, where it lives, and what steps are needed to accomplish these goals. It’s easy to recommend, and these processes have existed for a long time, but actually achieving these goals seems to be the hard part.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Artificial Intelligence

ChatGPT is increasingly integrated into cybersecurity products and services as the industry is testing its capabilities and limitations.

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.