SHARE

Survey: Just 33 Percent of Companies Have Endpoint Security Plan

Device sprawl makes it challenges for businesses to secure endpoints.

Written By

Oct 11, 2016

Only 33 percent of respondents have strategies in place for endpoint security, but 51 percent said they are in the process of creating a strategy, according to a recent study by Tripwire.

In addition, 60 percent of those surveyed said they aren’t confident the IoT devices connected to their networks are getting timely security updates.

“Timely application of security updates is one of the most effective ways to reduce risk in any organization, but it remains a widespread challenge,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire. “As more diverse devices are deployed, the availability and management of these updates becomes more difficult. Organizations need to have a strategy now, before an incident occurs.”

Endpoints are devices with which users interact, such as desktops, tablets or phones, and now include employee-owned devices, virtual machines, point-of-sale terminals, Internet of Things (IoT) devices and servers.

Tripwire’s findings were based on responses from 500 security professionals in their 2016 Security Challenge, which was conducted with the help of Dimensional Research.

The survey also found that 21 percent of those surveyed said IoT security was their top concern, while a surprising 12 percent said they have banned IoT devices from their networks.

Close to one-third (31 percent) of those surveyed said they conduct comprehensive inventories of the IoT devices on their networks just once each year.

“The proliferation of devices from BYOD, IoT, and the incidental use of personal devices in the enterprise is causing ‘device sprawl,’ so it’s no surprise enterprises aren’t keeping up,” said Dwayne Melancon, Tripwire’s vice president of products.

“The key to dealing with this risk is to remember that foundational controls still apply, regardless of scale – know what’s on your network, understand how it’s vulnerable, keep it patched, keep it securely configured, and monitor the heck out of it for suspicious activity,” Melancon said.