Cyberattacks against endpoints rising, reaching $9 million per attack in 2019

Attacks against endpoints have become more costly, up more than $2 million since 2018.

How the cloud is evolving to improve enterprise security

Protecting your organization's network from security threats carries with it a variety of challenges. But one of the biggest challenges may be endpoint security, meaning the ability to protect your network from all the computers, mobile phones, tablets, and other devices that remotely connect to it. Since such devices come from outside your organization, they can be an access point for hackers and cybercriminals to launch attacks that could infect your network.

With the rise in BYOD (Bring Your Own Devices) and employees working from home or remotely, endpoints have become more prevalent. Released on Wednesday, a survey sponsored by Morphisec and conducted by Ponemon explains why your endpoints can be vulnerable to cyberthreats.

SEE: Enterprise Endpoint Protection Buyer's Guide (free PDF) (TechRepublic)

Based on a poll of 671 IT security professionals responsible for managing and reducing their organization's endpoint security risk, The Third Annual Study on the State of Endpoint Security Risk report found that organizations aren't making enough progress in reducing their endpoint security risks. Among the respondents, 68% said that their company was hit by one or more endpoint attacks over the past 12 months that successfully compromised data or IT infrastructure, an increase of 54% from 2017.

On average, the cost of a successful attack rose to $8.9 million in 2019, up from $7.1 million in 2018 and $5 million in 2017. The costs of system downtime have declined over the past few years, but the costs due to the loss of IT and end-user productivity as well as the theft of data have risen.

More than half of those surveyed rated their security team's ability to detect endpoint attacks as less than effective. An inability to detect advanced attacks and a lack of sufficient endpoint resources were the top reasons why most respondents rated their endpoint security as not fully effective. But a host of other challenges are impeding efforts to improve endpoint security.

  • Attacks are increasing. Attacks against endpoints are growing at the same time that detection is getting harder. A full 68% of the respondents said that the frequency of endpoint attacks has risen over the past 12 months. Some 51% said their organizations have been ineffective at combatting threats because their endpoint security tools aren't up to the task of detecting advanced attacks.
  • New zero-day attacks are rising. An average of 80% of successful breaches are new or unknown "zero-day attacks." Such attacks either exploit undisclosed vulnerabilities or use new malware variants that signature-based detection tools don't recognize. And though the level of existing or known zero-day attacks is expected to decrease this year, the number of new or unknown attacks is forecast to more than double.
  • Traditional antivirus products have drawbacks. Traditional antivirus products missed an average of 60% of endpoint attacks, according to the survey. As such, confidence in these products continues to decline. On average, respondents said that their current AV solution effectively blocks only 40% of attacks. Further, these products trigger a high number of false positives and security alerts, offer inadequate protection, and are too complex to deploy and manage.
  • Patching takes too long. The average time to apply, test, and fully deploy patches to endpoints is 97 days. Some 40% of those surveyed said they're taking longer to test and roll out patches to avoid issues and to evaluate the impact on performance.
  • Endpoint detection and response technology not in use. Endpoint detection and response (EDR) solutions can provide continuous monitoring of endpoints to look for advanced threats. However, some 64% of respondents said they do not use an EDR, citing its lack of effectiveness against new or unknown threats and the lack of staff required to support the technology.

To deal with the increased challenges of endpoint protection, more companies are looking to outsourcing. Among the respondents, 69% said they either currently or plan to outsource this protection to a managed service provider or other third party. These organizations cited such reasons as a lack of in-house expertise, a lack of in-house resources, and the complexity and costs involved in managing the process in-house.

Finally, a full 80% of respondents said they either use or plan to use Microsoft's Windows Defender antivirus solution on their endpoints. The top reasons given by security pros were to reduce the number of different endpoint security tools and their belief that Microsoft's solution is on par with third-party antivirus programs. Such a move could provide cost savings that can free up IT budgets to invest in additional endpoint protection, according to Morphisec.

"The move to Windows 10 provides the perfect opportunity for organizations to retool their endpoint security to better defend against the zero-day attacks and advanced threats that are evading legacy antivirus in 2020 and pose the biggest risk to their business," Andrew Homer, VP of Security Strategy at Morphisec, said. "Enterprises should utilize the free antivirus capability built into Windows 10 and reallocate their cost savings into an additional layer of advanced threat protection and increased IT resources."

But doesn't Windows Defender have the same drawbacks as traditional antivirus software? To some degree, yes, but it offers other benefits, according to Homer.

"Although Windows Defender AV does have similar limitations with thwarting zero-day and advanced threats, it's on par, or in some cases, even better than antivirus solutions offered by leading third-party security vendors," Homer said. "Therefore, the big benefit of using this free antivirus alternative is the savings organizations can take to utilize on advanced threat protection. Enterprises can leverage Defender AV alongside advanced threat protection in a lightweight stack that doesn't miss these threats, while also avoiding the complexity and false-positive fatigue that comes with heavier EDR solutions."

Also see

Cybersecurity and secure nerwork concept. Data protection, gdrp. Glowing futuristic backround with lock on digital integrated circuit.

 

Image: Getty Images/iStockphoto