August 13, 2015

Cybersecurity Survey Reveals Endpoint Risk

By Penny Swift

Cybersecurity Survey Reveals Endpoint Risk

A survey conducted at Black Hat 2015 reveals that endpoint poses the greatest security to threat to cybersecurity, with 90 percent of respondents stating their organizations would be more secure if Flash was disabled.

Black Hat 2015: State of Security, released by Bromiun Inc. yesterday, also reveals that a large number of businesses find the implementation of patches for “zero-day vulnerabilities” in the software they are using (including Internet browsers and Flash) to be an enormous challenge. While most believed that the recently launched Windows 10 does improve security, a third said these improvements were not sufficient.

Flash has become a prime target for hackers, thanks to the popularity and widespread use of the software, so it’s no surprise an overwhelming majority of those surveyed believe their organizations would be safer without Flash,” Clinton Karr, senior security strategist at Bromium told CloudTweaks today. “This has been a huge topic within the industry as we’ve seen numerous critical patches for the software over the course of this year. As hackers continue to exploit Flash users, it’s extremely important for companies to consider disabling it or to turn to new technology that doesn’t jeopardize productivity and security.”

Bromium, considered a pioneer in threat isolation technology to prevent breaches relating to data, surveyed more than 100 IT professionals at the annual Black Hat conference held in Nevada earlier this month.

They asked participants:

  • To identify the source of the greatest security risks in their organizations
  • State whether their organizations would be more secure if Flash was disabled
  • If their organizations would be less productive and/or if critical applications were likely to break if Flash was disabled
  • How quickly organizations implement patches for zero-day Vulnerabilities
  • Which industry is most at risk of cyber attacks
  • Which industry implements the best security practices
  • What they thought about Windows 10 security features
  • Whether they were planning to upgrade to Windows 10

The Endpoint Identified as the Greatest Security Risk

The survey found that most participants were cynical though pragmatic, identifying that end users introduce the greatest security risk. A total of 55 percent selected the endpoint, while 27 percent said insider threats were the biggest problem. Only 9 percent said the cloud was the greatest risk, and 9 percent said networks.

Researchers did not find this surprising, since the human element is an obvious security risk – particularly when people use untrusted networks outside their office or home environment, including coffee shops, hotels, and airports. This human element not only increases the endpoint risk, but also the risk of cyber attack, largely because typical detection-based security solutions like antivirus simply don’t identify malicious content on the Internet or in emails.

Impact of Flash on Security and Productivity

flash

There is no doubt that IT security professionals are ultra-aware of the security threats Flash poses, with 90 percent of survey participants stating that their organization would definitely be more secure if they disabled Flash. This is in keeping with an earlier Bromium Labs report Endpoint Exploitation Trends, that found Flash had been responsible for more “exploits” than any other software during the first half of 2015. Further, Flash vulnerabilities are currently so overwhelmingly problematic that YouTube has switched from Flash to HTML5; Mozilla has temporarily blocked Flash from Firefox; and the new security chief of Facebook, Alex Stamos has called for Flash to be “killed.”

According to the Black Hat survey report, the reason there are so many Flash exploits is simply because of the popularity of the software, just as Java exploits used to be very common.

The challenge for IT security professionals is that disabling Flash is not always an option they can choose – specially since many operations teams insist that it will make the organizations less productive and even “break” some of their critical applications if it was disabled.

Of those who participated in the survey, 44 percent said productivity would be adversely affected.

Implementation of Patches to Overcome Security Vulnerabilities

Implementing patches was reported to be a major problem for many of the information security professionals who responded to the survey. Only 10 percent said they were able to implement patches for “zero-day vulnerabilities” in the first day after patches were released. Considerably more – 50 percent – could get this done within a week; 22 percent said it takes a month or more.
The greatest concern was for organizations running vulnerable versions of Flash since they could easily be compromised by exploit kits like the currently popular Angler.

Industries Most at Risk

While most information security professionals felt critical infrastructure in general was at the most risk of cyber attack, when asked to identify which industries were most vulnerable, 30 percent said financial services. However, ironically, 60 percent felt that financial services had the best security practices, followed by technology (27 percent.)

While 12 percent identified government as being most as risk, 17 percent named health care, and energy equally. Other industries mentioned included retail and transport, both of which were identified by less than half the respondents.

Reaction to Windows 10

There was mixed reaction to Windows 10, with many professionals (40 percent) having zero opinion about it. Nevertheless, 23 percent said security was dramatically improved, while 33 percent said the improvement was not sufficient. Only 4 percent said that there was no improvement at all.

Since Windows 10 was released shortly before Black Hat 2015, none of the respondents had upgraded to Windows 10: only about 10 percent planned to upgrade in the next three months. A large percentage (40) had no plans to upgrade, and 31 percent said they would wait at least a year before upgrading.

Ultimately, the Bromium survey found that whilst the endpoint is currently considered to be the greatest security risk, the human element is just one element of the risk. The other major vulnerability is software, which is a trend the company continues to research on an ongoing basis.

By Penny Swift

Penny Swift

Penny has been a professional writer since 1984 - Penny has written more than 30 general trade books and eight college books. She has also written countless newspaper and magazine articles for: Skills on Site, Popular Mechanics (SA) and SA Conference, Exhibitions and Events Guide.

Penny has a BA in Social Sciences and currently resides in Cape Town, South Africa.

Maximize IT Asset Efficiency: Discover 10 Leading Management Tools

Maximize IT Asset Efficiency In today’s digital age, IT Asset Management (ITAM) services have become [...]
Read more
Surya Kant Verma

Choosing the Right Cloud Platform: A Guide to Finding Secure, Cost-Efficient Solutions

Choosing the Right Cloud Platform Cloud computing has revolutionized how organizations work, offering an increased [...]
Read more
Frank Suglia

Forecasting Cloud Trends in 2024

The past few years have rapidly accelerated cloud adoption and impacted the overall IT landscape. [...]
Read more
Premkumar Balasubramanian

It Can Be The Year of Right Clouding – But Avoid Potential Pitfalls

Some people are calling 2023 The Year of Cloud Repatriation. I think this is a bit inflammatory. [...]
Read more
Derek Pilling

Diversify for Success: The Multi-Cloud Advantage

What is Multi-Cloud? For good reason there is a lot of discussion about multi-cloud among [...]
Read more
Lex Hegt

How Can Organizations Effectively Monitor and Analyze Their Azure Billing Data?

Monitor and Analyze Azure Billing Data With the ever-increasing investments in Azure, many organizations struggle [...]
Read more

SPONSOR PARTNER

Explore top-tier education with exclusive savings on online courses from MIT, Oxford, and Harvard through our e-learning sponsor. Elevate your career with world-class knowledge. Start now!
© 2024 CloudTweaks. All rights reserved.