b-2012 endpt sec best practices survey results wp.en-us

8/13/2019 B-2012 Endpt Sec Best Practices Survey Results WP.en-us

1/17

2012 Endpoint Security Best Practices Survey

GLOBAL RESULTS


2/17


3/17Endpoint Security Best Practices Survey

CONTENTSExecutive Summary ....................................................................................................................................4

Methodology ................................................................................................................................................6

Finding 1: Top tier organizations fare better against attacks ..............................................................8

Finding 2: Top tier organizations employ the latest in endpoint protection practices .................10

Finding 3: Attacks against endpoints are costly ..................................................................................14

Symantec Recommendations ..................................................................................................................16


4/174 | Endpoint Security Best Practices Survey

Executive Summary

The threat landscape is evolving as cybercriminals become more sophisticated, stealthy

and insidious with their attacks. The sheer volume of attacks is staggering: in 2010 alone,

Symantec blocked 3.1 billion attacks. Approximately 144,000 malicious files are detected

each day which translates to a rate of more than 4.3 million each month.

The traditional endpoint security tool antivirus software is no longer effective on

a stand-alone basis. Of those 3.1 billion blocked attacks, roughly half were stopped by

intrusion prevention technologies inside the organizations endpoint security software

proving that while signature-based antivirus plays a critical role in preventing threats, its

no longer an exclusive role.

Second, IT departments are dealing with a change in the number of endpoints as

employees are bringing an increasing number of devices into the workplace. Once

restricted to PCs on the desk and servers in the data center, the term now covers laptops,

smartphones, tablets, virtual servers and virtual desktops.

Symantec commissioned the 2012 Endpoint Security Best Practices Survey to see how IT

is coping with endpoint security. The findings show a wide variance between how the best

and worst organizations handle endpoint security in terms of practices. Ultimately, those

organizations employing best practices are enjoying dramatically better outcomes.



METHODOLOGYSymantec Commissioned Applied Research to field the Endpoint Security Survey in

October of 2011. They contacted a total of 1,425 IT professionals in 32 countries. Of those,

one-third were C-level employees or business owners, one-third were management focused

on strategic issues, and the remaining third were management focused on tactical and

operational issues.

The poll has a reliability of 95% confidence with +/- 2.6% margin of error.



APJChina ................................ 150

Indonesia.......................... 100

Australia..............................75

Hong Kong...........................75

Japan...................................75

Taiwan.................................75

India ....................................50

Singapore ............................50

Thailand ..............................50

EMEAFrance..................................50

Germany..............................50

Italy .....................................50

Netherlands.........................50

Poland .................................50

Russia..................................50

United Kingdom ..................50

Latin AmericaBrazil ...................................58

Mexico .................................37

NOLA ...................................25

SOLA....................................25

North AmericaUnited States ................... 125

Canada ............................. 125


8/178 | Endpoint Security Best Practices Survey| Endpoint Security Best Practices Survey

FINDING 1Top tier organizations fare better against attacks

The organizations that had deployed more comprehensive security technologies and practices were

better prepared and better able to thwart attacks and reduce the amount of money and time spent

doing so. The top tier companies were two-and-a-half times less likely to experience a large number

of cyber attacks, and 3-and-a-half times less likely to experience downtime.

Top tier companies only experienced 21 percent of the downtime of the lower tier businesses a

total of 588 hours compared to 2,765 hours.



29

48

241

270

0 50 100 150 200 250 300

Widespread downtime

Downtime of a specific server

Downtime of a specific desktop or notebook

Downtime of a specific smartphone or tablet

Please estimate how much downtime (in hours) you experiencedin the past 12 months, worldwide, that caused the following

types of downtime:(Means shown)

41%34% 32%

40% 37%43%

36%41% 42%

42%41%

39%

11% 16% 17%9% 15% 10%

9% 7% 7% 7% 5% 6%2% 2% 2% 2% 2% 3%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Mobile devices Laptops/notebooks Physical desktops Virtual desktops Physical servers Virtual servers

For each of the following devices, characterize the quantityofcyberattacks against your organization over thepast 12 months:

1 - We saw no cyberattacks 2 - We saw just a few cyberattacks

3 - We saw cyberattacks on a regular basis 4 - We saw a large number of cyberattacks

5 - We saw an extremely large number of cyberattacks

30

48

89

122

0 20 40 60 80 100 120 140

Widespread downtime

Downtime of a specific server

Downtime of a specific desktop or notebook

Downtime of a specific smartphone or tablet

Please estimate how many separate incidents you experienced inthe past 12 months, worldwide, that caused the following types

of downtime:(Means shown)

*Top Tier Results


10/17

FINDING 2Top tier organizations employ the latest in endpoint protection technologies and

practices

We asked survey respondents what precautions they were taking to protect their

endpoints. Based on the safeguards, policies and procedures they employed, we were

able to divide businesses into three tiers of preparation, and compared the organizations

that were in the top tier with those in the bottom tier to see what distinguishes them

from each other.

Among these top performers, nearly 100 percent indicated they keep their endpoints,

including virtual and physical servers, virtual and physical desktops, laptops/netbooks

and mobile devices somewhat or completely updated with current operating system and

application updates through the entire organization.

These companies have not only deployed virus and spyware protection across nearly

all of their virtual and physical endpoints, they have also deployed firewall protection,

intrusion prevention systems, and tools to prevent unauthorized copying of data to and

from peripheral devices such as USB drives. Nearly all of these top tier companies also

indicated that a wide range of endpoint security safeguards and technologies, including

encryption, access control, data loss prevention and reputation-based security are

somewhat-to-extremely necessary.

Finally, 99 percent of these top performers provide some form of employee security

training, with 82 percent doing so at least once a year.

10 | Endpoint Security Best Practices Survey


11/17Endpoint Security Best Practices Survey |

The policies and practices of the top performers contrast sharply with our findings among those

organizations who ranked in the bottom tier of results and who experience more successful

cyber attacks and heavier losses. These poor performers have not deployed the technologies

necessary to thwart todays sophisticated threats, and do not adequately train employees on

security best practices.

When asked whether they keep their endpoint devices current with operating system andapplication updates across their virtual and physical servers and devices, less than half

indicated their endpoints are somewhat-to-completely updated. Only 20 percent of their

physical endpoints: desktops, laptops/notebooks and mobile devices, have virus and spyware

protection, and only 10 percent of their virtual servers and desktops have those technologies

deployed. The percentages are similarly low for physical and virtual endpoints with firewall

protection, intrusion prevention systems and tools to prevent unauthorized copying of data to

and from peripheral devices such as USB drives.

Roughly half consider technologies such as encryption, access control, data loss prevention

and reputation-based security as somewhat or extremely necessary, and only 66 percent train

employees at least once a year.



79%

90%

90%

86%

90%

87%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Mobile devices

Laptops/notebooks

Physical desktops

Virtual desktops

Physical servers

Virtual servers

For each of the following endpoints, for what percentage of these

endpoints has virus and spyware protection been deployedthroughout your organization?

(Means shown)

83%

93%

94%

91%

94%

93%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Mobile devices

Laptops/notebooks

Physical desktops

Virtual desktops

Physical servers

Virtual servers

For your entire organization, what percentage of these endpointshas firewall protection?

(Means shown)

*Top Tier Results


13/17



FINDING 3Attacks against endpoints are costly

The first thing we asked about in the survey was the cost incurred in dealing with a variety

of endpoint-focused cyber attacks. We defined cyber attacks as an attack (from inside

or outside the organization) on the computer network, website, physical devices such as

desktops and mobile devices, as well as virtual servers and desktops. Examples could be

viruses, spam, denial of service attacks, theft of information, fraud, vandalism and so

forth. We then asked the respondents to indicate the costs they experienced as a result of

cyber attacks to their endpoints.

Combining the frequency of attack (what percentage of respondents experience each type

of attack) with the magnitude (the average cost for each type of attack) we were able to

determine that the typical organization incurred $470,000 in losses due to endpoint cyber

attacks in the past 12 months.

The most common consequences of attacks were forced dedication of IT manpower to

remediate affected endpoints; the loss of organization, customer or employee data; and

damage to the organizations brand and reputation.


15/17



Symantec RecommendationsThere is no silver bullet or single solution that will prevent all attacks, and companies

should not rely solely on endpoint security technology for protection. To reduce the risk of

a successful cyber attack, here are some steps any organization can take:

Assess the risk. Its vital that organizations identify and classify confidential

information. Organizations must know where sensitive information resides, who

has access to it, and how it is entering or leaving your organization. In addition,

organizations should continually assess their network and endpoints to identifypossible vulnerabilities.

Minimize the risk. Organizations must implement a multi-layer protection

strategy to minimize the risk of exploited endpoints. In addition to traditional

antivirus, firewall, and host intrusion protection technology, organizations

should deploy the latest innovations in endpoint security, such as reputation-

based security and real-time behavioral monitoring. These newer technologies

provide additional efficacy in the battle to thwart many of new cyber-attacks.

Finally, organizations must patch applications and systems regularly.

Education is crucial. Train employees on the risks and what they need to do

for safe computing and then hold them accountable. Eighty-two percent of top

tier companies provide security training to their employees at least annually

compared to 66 percent of bottom tier.

Be Prepared. Its important to prepare for the inevitable by creating a full

incident response plan. Its also vital to occasionally practice implementing

the plan. When the time comes to put the plan into action, it will help you by

improving your response time and will ensure a more complete response.


17/17

b-2012 endpt sec best practices survey results wp.en-us

Documents