MANCHESTER, United Kingdom & BOSTON--(BUSINESS WIRE)--55 % of IT and security professionals have either zero or low visibility of employee behavior, application access and software downloads as they struggle to secure the endpoint.
On top of low visibility, the study also revealed the excessive power users are given over IT infrastructures. An average of 31% of staff reportedly have administrator privileges, opening companies up to insider threats and serious damage from malware and targeted attacks.
Users are also calling the shots when it comes to security, with 42% of respondents revealing that the number of staff with admin privileges has increased from last year due to growing demand from employees and 50 % giving admin rights because they are unable to control application use.
Almost a quarter of respondents cannot determine the number of IT users with admin privileges, despite 34 % of total security time being spent on managing user profiles.
The results depict IT departments without adequate power and control over their users, with over 80 % admitting they find it difficult to secure the endpoint and just 5% claiming to be prepared to deal with targeted cyber-attacks.
“As businesses move to Windows 7/8 in the wake of XP support expiration, they are finding new challenges in the way they have previously managed endpoint security. It is now more important than ever that organizations invest in the security measures they need to protect themselves.”
The wide-ranging study looked at a number of endpoint security threats, and revealed that preventing APTs is the greatest concern, yet 52 % of organizations do not have the correct technology in place to prevent targeted cyber-attacks.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute said: "While preventing targeted attacks is considered a high priority, only 5% of respondents said their organization is fully prepared to deal with them. Organizations must deploy a layered approach to endpoint security or they will risk opening their systems up to vulnerability from multiple threat sources. The new age of cyber-attacks requires modern defenses and companies must act quickly."
Notes to editors
Other notable findings include:
- Mitigating Advanced Persistent Threats is the most important step in mitigating specific cyber-attacks, with 77% rating it as high priority
- Respondents spend almost half (48 %) of their total dedicated security time to securing the endpoint
- Organizations are finding it harder to manage user profiles in Windows 7/8, with 71% rating the management of user profiles as very difficult versus 58% of non-Windows 7/8 users
- Though 92% of organizations say that up-to-date antivirus software is in use today, only 34% rate it as very effective in preventing cyber intrusions. Similarly, other effective controls for preventing cyber intrusion, including web content filtering and application whitelisting, have lower adoption rates.
The final survey sample consisted of 559 responses from IT and IT security practitioners in the United States with a familiarity with their company’s security strategy or approach to defending the endpoint. Further methodology information can be found in the report.
Avecto is a leader in Windows privilege management, helping organizations to deploy secure and compliant desktops and servers. The company has been named second fastest growing technology company in the UK and 10th fastest growing software company in the EU, Middle East and Africa, according to the 2013 Deloitte Fast 50 and Fast 500 EMEA lists. With its award winning Privilege Guard technology, organizations can now empower all Windows based desktop and server users with the privileges they require to perform their roles, without compromising the integrity and security of their systems. Companies of all sizes rely on Avecto to reduce operating expenses and strengthen security across their Windows based environments, reducing operating costs and improving system security. http://www.avecto.com
About Ponemon Institute
Ponemon Institute is dedicated to independent research and education that advances responsible information and privacy management practices within business and government. Our mission is to conduct high quality, empirical studies on critical issues affecting the management and security of sensitive information about people and organizations.