BlueFort Security Ltd -

This week, Lumension are distributing the findings from their annual State of Endpoint Risk security report, commissioned through The Ponemon Institute. You will be surprised by some of the results.

To give you a brief preview, more than one-third of organizations surveyed are experiencing at least one intrusion per day, and nearly half noted a dramatic uptick in malware in 2010. Yet what really surprises me is this: we’re still using outdated technology to combat the newest of security problems companies are facing today. Where’s the logic in that? As most security insiders know, we are no longer seeing brute-force attacks, but instead smaller, more sophisticated and advanced persistent threats.

Think about it this way. If a modern military unit sees the enemy change its tactics and strategy, and bring new weapons into combat, a strong commander always adapts to the new environment and updates the unit’s weapons and strategies, or he knows he’ll lose the battle. Based on the findings from this survey, our corporate IT commanders are not responding to the enemies’ new strategies or weapons – they’re using the same ones they used 10 years ago! This would not work on the battlefield, and it’s not working in today’s IT security environments either – that much is crystal clear based on this year’s research findings.Corporations lacking a secure endpoint strategy risk losing valuable data and, ultimately capital, which can undermine the company’s ability to operate successfully. I could point to countless examples just in the past year where comprised IT environments led to multi-million legal ramifications and losses.

It’s not news that there is significant risk associated with cyber security threats, but what is news is that IT professionals are not taking advantage of the new solutions that can dramatically improve their ability to counter malware attacks. Case in point – our survey found that due to the mobility of today’s new workforce and its passion for multiple devices, the majority of the threats infiltrating corporate IT environments do so at the application level. Yet one-third of respondents in our survey place absolutely no restrictions on which applications run on their networks, and another one-third of respondents employ application policies, but they do not actively enforce them. Again – where is the logic in that? Why have policies in place if they are not enforced?

Unfortunately, stagnate IT budgets seem to play a big part in this problem. In fact, nearly half of our survey respondents indicated their IT operating expense is increasing and that malware is now a significant cost driver for many.

All told, we know the security landscape has changed dramatically, but unfortunately organizations in the US are not acting fast enough and utilizing the slew of new technologies that are readily available to them. More than 64% of survey respondents said that their networks are not more secure than they were last year. Sadly, this is not progress. The enemy has changed the game, and we have the weapons and strategies to defend ourselves, but we aren’t arming ourselves to win the battle. This is not acceptable in my book and must change now. Not as we head into 2011. But today.

I urge you to review the State of Endpoint Risk survey today and would love your feedback on the findings. Are they jiving with your own organizations best practices (or lack thereof)? Do you feel armed to wage the cybersecurity battle to the best of your ability? Or do you feel vastly underprepared as so many in this years’ survey reported?

Originally published on the Lumension blog.