The frequency and severity of malware attacks has increased "dramatically" since 2011, according to an April 19 State of the Endpoint Report from the Ponemon Institute, sponsored by CounterTack, a company that provides endpoint detection and response technology for enterprises.
Of the 694 US IT security practitioners surveyed, 56% reported that malware attacks in recent years have become "stealthier and more difficult to detect."
While 43% of respondents told researchers that they had a strategy in place to deal with destructive malware in 2015, only 38% reported the same a year later.
As for the incidences they're facing, 71% reported zero day attacks, while 68% told of DDoS attacks. A majority of respondents – 60% -- believe it's becoming harder to fight back.
On that point 80% -- up from 68% in 2015 -- reported that they believed their mobile endpoints had been the targets of malware over the last year. Endpoints may be defined as laptops, desktops, smartphones, printers, POS machines, or ATMs.
What's an even bigger problem than outsiders hacking into networks? According to eight out of ten of those surveyed, the answer is the company's employees.
Up 3% from last year, 81% reported that biggest threat to their endpoint security is "negligent or careless employees" who don't follow security policies. That is followed by 61% -- down 4 percentage points from last year -- who pointed to the rising number of mobile devices being used by each employee.
"Not only are employees the biggest risk, but it's very difficult for the IT organization to enforce policy on those employees. Even when you get consensus from the executive team and management … IT is having a hard time," CounterTack CTO Michael Davis told InformationWeek.
Consider, Davis offered, even just mobile device and laptops:
You've got how many different types of laptops, how many versions of Windows, how many applications for those devices, how many phone types, etc. …? IT has to struggle with all of that variation, while also trying to enforce a standard set of security [protocols]. And then on top of that they have to deal with the end users. … So it's very difficult to enforce anything, even from a purely technology perspective.
Based on its findings, Ponemon found that enterprises are addressing these challenges by making endpoint security a greater priority -- 61% reported it's becoming a bigger part of their overall IT security strategy. Increasingly they're working on this priority by focusing on securing data rather than devices.
This year, 60% of respondents, versus 55% last year, believe that data, rather than devices, is their focus. At the same time, the number of respondents who reported that they worked on both dropped from 30% to 27% this year.
Based on its findings, the research firm also offered three predictions for the year:
- A shift in focus away from prevention and toward a "detect and respond" approach
- The addition of a "threat intelligence" component to the security stack
- The use of endpoints as security sensors
Clarifying the last point, the report added, "In other words, where state or context data collected at the endpoint is used to determine if it has been or is being compromised." More than 50% of respondents reported to researchers that this is something they're currently doing or planning to introduce.