As a Rule, we Avoid Fear, Uncertainty, and Doubt in our Marketing
Cybersecurity is complex and confusing enough, so we prefer to focus on the facts without relying on scare tactics—yes, even on Halloween.
That said, we also feel it’s important for people to understand their risks and what they’re up against. That way, you’re informed, you can protect your digital assets, and you’re able to address data breaches quickly—because, like GI Joe says, “Knowing is half the battle.”
Here are 7 important takeaways from the 2018 Ponemon Institute’s “State of Endpoint Security Risk” Report:
- Endpoint-focused attacks are increasing.
Over 60% of respondents in the 2018 State of Endpoint Security Risk survey indicated that over the past 12 months, the frequency of attacks has increased. An increase in successful endpoint security attacks is concerning because this means organizations must be better prepared to prevent endpoint attacks and organizations must also be prepared to respond to the threats that are evading their cybersecurity defenses. What’s more, according to respondents, an average of 52% of all attacks cannot be realistically stopped. If preventing attacks isn’t possible, mitigating the damage of a data breach is—if you’re proactively hunting for attacks already in progress.
- The average cost of a data breach has increased from $5 million to $7.1 million.
Recovery costs, notification costs, and losses to IT infrastructure, productivity, and data/information has increased by over 40%. This $7.1 million data breach costs, factors out to an average of $440 per impacted endpoint. If we look specifically at SMBs and mid-sized companies, the average cost per impacted endpoint increases to $763.
- Over 60% of survey respondents claim their organizations were compromised in 2018.
In fact, 64% of respondents claim their organizations were successfully attacked this year—up from 54% in the 2017 endpoint security survey.
- Zero-day attacks—or attacks via an unknown application exploit or software vulnerability—are 4x more likely to be the culprit.
Just over 75% of the respondents who claim their organizations were compromised in 2018, attribute the attack to unknown zero-day attacks and/or new threats. By contrast, only 19% of respondents claimed their organizations were compromised by a known, or existing attack.
- Antivirus tools missed an average of 57% of attacks.
As malware, attack types, and attackers evolve, we’re seeing that AV (even “next-gen” antivirus) software are missing the majority of attacks. Based on respondent estimates, only 43% of attacks are blocked by antivirus tools/software. Endpoint security survey respondents blamed a high rate of false positives and alert fatigue as the issues preventing them from getting the most out of their antivirus software. In other words, antivirus may be flagging too much and too many attacks, while inadequately protecting your company from unknown threats and malware.
- Organizations are vulnerable. In fact, it takes 102 days (on average) to patch/repair endpoints.
It’s difficult to keep endpoints and systems operational through effective patching—for organizations of all sizes. Over 40% of survey respondents have employed a process to deploy and manage patches to their endpoints, but these patches take longer to roll out, due to concerns with the impact on business continuity and system performance. Vulnerabilities can exist within applications, operating systems, and firmware, so it’s important to take proactive steps to continuously scan your network and nodes for vulnerabilities using a tool like Infocyte HUNT.
- Organizations are frustrated by the lack of adequate protection and implementation challenges offered with EDR tools.
EDR, or Endpoint Detection and Response tools, are designed to detect and “block” the early signs of an attack. Unfortunately, with the rise in zero-day exploits and new/advanced malware, organizations are finding that EDR and preventative technologies are not as effective as they thought. Moreover, 47% of respondents that have EDR tools deployed within their organization needed over 90 days to implement. Plus, less than half of the functionality of EDR tools (46%) are actively employed and used.
In conclusion, your endpoint security infrastructure should include defensive technologies, but preventative cybersecurity tools alone are not enough.
It’s just as important to employ proactive or “offensive” cybersecurity tools and techniques, such as threat hunting and regular compromise assessments, to ensure your organization is better protected from advanced malware and malicious threats.
Contact us to request a free compromise assessment and learn how Infocyte HUNT helps organizations fill the gap left by their defensive endpoint security tools.
Click here to download the full 2018 “State of Endpoint Security Risk” report from Barkly’s website.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »