7 Takeaways From The 2018 ‘State of Endpoint Security Risk’ Report
As a rule, we avoid FUD—fear, uncertainty, and doubt—in our marketing. Cybersecurity is complex and confusing enough, so we prefer to focus on the facts without relying on scare tactics—yes, even on Halloween.
That said, we also feel it’s important for people to understand their risks and what they’re up against. That way, you’re informed, you can protect your digital assets, and you’re able to address data breaches quickly—because, like GI Joe says, “Knowing is half the battle.”
Here are 7 important takeaways from the 2018 Ponemon Institute’s “State of Endpoint Security Risk” Report:
- Endpoint-focused attacks are increasing.
Over 60% of respondents in the 2018 State of Endpoint Security Risk survey indicated that over the past 12 months, the frequency of attacks has increased. An increase in successful endpoint security attacks is concerning because this means organizations must be better prepared to prevent endpoint attacks and organizations must also be prepared to respond to the threats that are evading their cybersecurity defenses. What’s more, according to respondents, an average of 52% of all attacks cannot be realistically stopped. If preventing attacks isn’t possible, mitigating the damage of a data breach is—if you’re proactively hunting for attacks already in progress.
- The average cost of a data breach has increased from $5 million to $7.1 million.
Recovery costs, notification costs, and losses to IT infrastructure, productivity, and data/information has increased by over 40%. This $7.1 million data breach costs, factors out to an average of $440 per impacted endpoint. If we look specifically at SMBs and mid-sized companies, the average cost per impacted endpoint increases to $763.
- Over 60% of survey respondents claim their organizations were compromised in 2018.
In fact, 64% of respondents claim their organizations were successfully attacked this year—up from 54% in the 2017 endpoint security survey.
- Zero-day attacks—or attacks via an unknown application exploit or software vulnerability—are 4x more likely to be the culprit.
Just over 75% of the respondents who claim their organizations were compromised in 2018, attribute the attack to unknown zero-day attacks and/or new threats. By contrast, only 19% of respondents claimed their organizations were compromised by a known, or existing attack.
- Antivirus tools missed an average of 57% of attacks.
As malware, attack types, and attackers evolve, we’re seeing that AV (even “next-gen” antivirus) software are missing the majority of attacks. Based on respondent estimates, only 43% of attacks are blocked by antivirus tools/software. Endpoint security survey respondents blamed a high rate of false positives and alert fatigue as the issues preventing them from getting the most out of their antivirus software. In other words, antivirus may be flagging too much and too many attacks, while inadequately protecting your company from unknown threats and malware.
- Organizations are vulnerable. In fact, it takes 102 days (on average) to patch/repair endpoints.
It’s difficult to keep endpoints and systems operational through effective patching—for organizations of all sizes. Over 40% of survey respondents have employed a process to deploy and manage patches to their endpoints, but these patches take longer to roll out, due to concerns with the impact on business continuity and system performance. Vulnerabilities can exist within applications, operating systems, and firmware, so it’s important to take proactive steps to continuously scan your network and nodes for vulnerabilities using a tool like Infocyte HUNT.
- Organizations are frustrated by the lack of adequate protection and implementation challenges offered with EDR tools.
EDR, or Endpoint Detection and Response tools, are designed to detect and “block” the early signs of an attack. Unfortunately, with the rise in zero-day exploits and new/advanced malware, organizations are finding that EDR and preventative technologies are not as effective as they thought. Moreover, 47% of respondents that have EDR tools deployed within their organization needed over 90 days to implement. Plus, less than half of the functionality of EDR tools (46%) are actively employed and used.
In conclusion, your endpoint security infrastructure should include defensive technologies, but preventative cybersecurity tools alone are not enough.
It’s just as important to employ proactive or “offensive” cybersecurity tools and techniques, such as threat hunting and regular compromise assessments, to ensure your organization is better protected from advanced malware and malicious threats.
Contact us to request information about compromise assessment and learn how Infocyte HUNT helps organizations fill the gap left by their defensive endpoint security tools.
Click here to download the full 2018 “State of Endpoint Security Risk” report from Barkly’s website.
Infocyte is an easy path to implement EDR or MDR for mid-size organizations. Learn more from Forrester's Now Tech Report here.
Interested in Sunburst and how to address compromises on your network?
Test out Infocyte's endpoint detection and response platform for free with our community edition: