2012 Endpoint Security Best Practices Survey
GLOBAL RESULTS
��CONTENTS
Executive Summary..................................................................................................................................... 4 Methodology................................................................................................................................................. 6 Finding 1: Top tier organizations fare better against attacks ............................................................... 8 Finding 2: Top tier organizations employ the latest in endpoint protection practices ..................10 Finding 3: Attacks against endpoints are costly ...................................................................................14 Symantec Recommendations...................................................................................................................16
Endpoint Security Best Practices Survey | 3
�Executive Summary
The threat landscape is evolving as cybercriminals become more sophisticated, stealthy and insidious with their attacks. The sheer volume of attacks is staggering: in 2010 alone, Symantec blocked 3.1 billion attacks. Approximately 144,000 malicious files are detected each day which translates to a rate of more than 4.3 million each month. The traditional endpoint security tool antivirus software is no longer effective on a stand-alone basis. Of those 3.1 billion blocked attacks, roughly half were stopped by intrusion prevention technologies inside the organizations endpoint security software proving that while signature-based antivirus plays a critical role in preventing threats, its no longer an exclusive role. Second, IT departments are dealing with a change in the number of endpoints as employees are bringing an increasing number of devices into the workplace. Once restricted to PCs on the desk and servers in the data center, the term now covers laptops, smartphones, tablets, virtual servers and virtual desktops. Symantec commissioned the 2012 Endpoint Security Best Practices Survey to see how IT is coping with endpoint security. The findings show a wide variance between how the best and worst organizations handle endpoint security in terms of practices. Ultimately, those organizations employing best practices are enjoying dramatically better outcomes.
4 | Endpoint Security Best Practices Survey
�Endpoint Security Best Practices Survey | 5
�METHODOLOGY
Symantec Commissioned Applied Research to field the Endpoint Security Survey in October of 2011. They contacted a total of 1,425 IT professionals in 32 countries. Of those, one-third were C-level employees or business owners, one-third were management focused on strategic issues, and the remaining third were management focused on tactical and operational issues. The poll has a reliability of 95% confidence with +/- 2.6% margin of error.
6 | Endpoint Security Best Practices Survey
�North America
United States ................... 125 Canada ............................. 125
Latin America
Brazil ...................................58 Mexico .................................37 NOLA ...................................25 SOLA....................................25
EMEA
France..................................50 Germany..............................50 Italy .....................................50 Netherlands.........................50 Poland .................................50 Russia..................................50 United Kingdom ..................50
APJ
China ................................ 150 Indonesia.......................... 100 Australia ..............................75 Hong Kong...........................75 Japan...................................75 Taiwan .................................75 India ....................................50 Singapore ............................50 Thailand ..............................50
Endpoint Security Best Practices Survey | 7
�FINDING 1
Top tier organizations fare better against attacks The organizations that had deployed more comprehensive security technologies and practices were better prepared and better able to thwart attacks and reduce the amount of money and time spent doing so. The top tier companies were two-and-a-half times less likely to experience a large number of cyber attacks, and 3-and-a-half times less likely to experience downtime. Top tier companies only experienced 21 percent of the downtime of the lower tier businesses a total of 588 hours compared to 2,765 hours.
8 8 | |Endpoint Endpoint Security Security Best Best Practices Practices Survey Survey
�For each of the following devices, characterize the quantity of cyberattacks against your organization over the past 12 months:
1 - We saw no cyberattacks 3 - We saw cyberattacks on a regular basis 5 - We saw an extremely large number of cyberattacks
100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0%
2 - We saw just a few cyberattacks 4 - We saw a large number of cyberattacks 2% 7% 17% 2% 7% 9% 2% 5% 15%
2% 9% 11%
2% 7% 16%
3% 6% 10%
36%
42% 41% 42%
41%
39%
41%
34%
32%
40%
37%
43%
Mobile devices
Laptops/notebooks
Physical desktops
Virtual desktops
Physical servers
Virtual servers
Please estimate how many separate incidents you experienced in the past 12 months, worldwide, that caused the following types of downtime: (Means shown)
Downtime of a specific smartphone or tablet 122
Downtime of a specific desktop or notebook
89
Downtime of a specific server
48
Widespread downtime
30
20
40
60
80
100
120
140
Please estimate how much downtime (in hours) you experienced in the past 12 months, worldwide, that caused the following types of downtime: (Means shown)
Downtime of a specific smartphone or tablet 270
Downtime of a specific desktop or notebook
241
Downtime of a specific server
48
Widespread downtime
29
*Top Tier Results
50
100
150
200
250
300
Endpoint Security Best Practices Survey | 9
�FINDING 2
Top tier organizations employ the latest in endpoint protection technologies and practices We asked survey respondents what precautions they were taking to protect their endpoints. Based on the safeguards, policies and procedures they employed, we were able to divide businesses into three tiers of preparation, and compared the organizations that were in the top tier with those in the bottom tier to see what distinguishes them from each other. Among these top performers, nearly 100 percent indicated they keep their endpoints, including virtual and physical servers, virtual and physical desktops, laptops/netbooks and mobile devices somewhat or completely updated with current operating system and application updates through the entire organization. These companies have not only deployed virus and spyware protection across nearly all of their virtual and physical endpoints, they have also deployed firewall protection, intrusion prevention systems, and tools to prevent unauthorized copying of data to and from peripheral devices such as USB drives. Nearly all of these top tier companies also indicated that a wide range of endpoint security safeguards and technologies, including encryption, access control, data loss prevention and reputation-based security are somewhat-to-extremely necessary. Finally, 99 percent of these top performers provide some form of employee security training, with 82 percent doing so at least once a year.
10 | Endpoint Security Best Practices Survey
�The policies and practices of the top performers contrast sharply with our findings among those organizations who ranked in the bottom tier of results and who experience more successful cyber attacks and heavier losses. These poor performers have not deployed the technologies necessary to thwart todays sophisticated threats, and do not adequately train employees on security best practices. When asked whether they keep their endpoint devices current with operating system and application updates across their virtual and physical servers and devices, less than half indicated their endpoints are somewhat-to-completely updated. Only 20 percent of their physical endpoints: desktops, laptops/notebooks and mobile devices, have virus and spyware protection, and only 10 percent of their virtual servers and desktops have those technologies deployed. The percentages are similarly low for physical and virtual endpoints with firewall protection, intrusion prevention systems and tools to prevent unauthorized copying of data to and from peripheral devices such as USB drives. Roughly half consider technologies such as encryption, access control, data loss prevention and reputation-based security as somewhat or extremely necessary, and only 66 percent train employees at least once a year.
Endpoint Security Best Practices Survey | 11
�For each of the following endpoints, for what percentage of these endpoints has virus and spyware protection been deployed throughout your organization? (Means shown)
Virtual servers 87%
Physical servers
90%
Virtual desktops
86%
Physical desktops
90%
Laptops/notebooks
90%
Mobile devices
0% 10% 20% 30% 40% 50% 60% 70%
79%
80% 90% 100%
For your entire organization, what percentage of these endpoints has firewall protection? (Means shown)
Virtual servers 93%
Physical servers
94%
Virtual desktops
91%
Physical desktops
94%
Laptops/notebooks
93%
Mobile devices
0% 10% 20% 30% 40% 50% 60% 70%
83%
80% 90% 100%
*Top Tier Results
12 | Endpoint Security Best Practices Survey
�For your entire organization, what percentage of these endpoints has intrusion prevention systems installed throughout the organization? (Means shown)
Virtual servers 90%
Physical servers
92%
Virtual desktops
88%
Physical desktops
91%
Laptops/notebooks
91%
Mobile devices
0% 10% 20% 30% 40% 50% 60% 70%
78%
80% 90% 100%
For your entire organization, what percentage of these endpoints has security tools that prevent unauthorized copying of data to and from peripheral devices such as USB drives? (Means shown)
Virtual servers 85%
Physical servers
87%
Virtual desktops
83%
Physical desktops
84%
Laptops/notebooks
83%
Mobile devices
0% 10% 20% 30% 40% 50% 60%
73%
70% 80% 90% 100%
*Top Tier Results
Endpoint Security Best Practices Survey | 13
�FINDING 3
Attacks against endpoints are costly The first thing we asked about in the survey was the cost incurred in dealing with a variety of endpoint-focused cyber attacks. We defined cyber attacks as an attack (from inside or outside the organization) on the computer network, website, physical devices such as desktops and mobile devices, as well as virtual servers and desktops. Examples could be viruses, spam, denial of service attacks, theft of information, fraud, vandalism and so forth. We then asked the respondents to indicate the costs they experienced as a result of cyber attacks to their endpoints. Combining the frequency of attack (what percentage of respondents experience each type of attack) with the magnitude (the average cost for each type of attack) we were able to determine that the typical organization incurred $470,000 in losses due to endpoint cyber attacks in the past 12 months. The most common consequences of attacks were forced dedication of IT manpower to remediate affected endpoints; the loss of organization, customer or employee data; and damage to the organizations brand and reputation.
14 | Endpoint Security Best Practices Survey
�Please indicate which costs your organization experienced as a result of cyberattacks to your endpoints in the past 12 months:
Reduced stock price 3%
Lost revenue
30%
Lost productivity
53%
Loss of organization, customer or employee data
24%
Damaged brand reputation
24%
Costs to comply with regulations after an attack
18%
Labor costs to recover endpoints to a working state
0% 10% 20%
31%
30% 40% 50% 60%
For each endpoint, please assign a total value, in monetary terms, of each of these losses in the past 12 months: (Means shown)
Reduced stock price $123,504 $558,618 $174,309 $106,910 $480,831 $366,301 $159,149
$0 $100,000 $200,000 $300,000 $400,000 $500,000 $600,000
Lost revenue
Lost productivity
Loss of organization, customer or employee data
Damaged brand reputation
Costs to comply with regulations after an attack
Labor cost to recover endpoints to working state
*Top Tier Results
Endpoint Security Best Practices Survey | 15
�Symantec Recommendations
There is no silver bullet or single solution that will prevent all attacks, and companies should not rely solely on endpoint security technology for protection. To reduce the risk of a successful cyber attack, here are some steps any organization can take: Assess the risk. Its vital that organizations identify and classify confidential information. Organizations must know where sensitive information resides, who has access to it, and how it is entering or leaving your organization. In addition, organizations should continually assess their network and endpoints to identify possible vulnerabilities. Minimize the risk. Organizations must implement a multi-layer protection strategy to minimize the risk of exploited endpoints. In addition to traditional antivirus, firewall, and host intrusion protection technology, organizations should deploy the latest innovations in endpoint security, such as reputationbased security and real-time behavioral monitoring. These newer technologies provide additional efficacy in the battle to thwart many of new cyber-attacks. Finally, organizations must patch applications and systems regularly. Education is crucial. Train employees on the risks and what they need to do for safe computing and then hold them accountable. Eighty-two percent of top tier companies provide security training to their employees at least annually compared to 66 percent of bottom tier. Be Prepared. Its important to prepare for the inevitable by creating a full incident response plan. Its also vital to occasionally practice implementing the plan. When the time comes to put the plan into action, it will help you by improving your response time and will ensure a more complete response.
16 | Endpoint Security Best Practices Survey
Endpoint Security Best Practices Survey | 17
