According to Tripwire’s study, only thirty-three percent of the respondents have security strategies in place to protect the growing number of endpoints on their networks. In addition, sixty percent of the respondents said they are not confident that all of the devices connected to their networks receive security updates in a timely fashion.
“Timely application of security updates is one of the most effective ways to reduce risk in any organization, but it remains a widespread challenge,” said Tim Erlin, senior director of IT security and risk strategy for Tripwire. “As more diverse devices are deployed, the availability and management of these updates becomes more difficult. Organizations need to have a strategy now, before an incident occurs.”
Critical endpoints are systems that, if compromised, could have significant fiscal or operational impact on an organization. Endpoints have traditionally been defined as devices with which users interact, such as desktops, tablets or phones; however, this definition has now been expanded to include additional items like employee-owned devices, virtual machines, point-of-sale terminals, Internet of Things (IoT) devices and servers. Despite presenting significant and unique security risks, critical endpoints are rapidly increasing on networks. Intel has projected there will be over 200 billion connected devices by 2020. Additional findings from the survey included:
- Twenty-one percent of the respondents consider the security of IoT devices connecting to their organization’s networks to be one of their top security concerns.
- Nearly one-third (thirty-one percent) of the respondents said they conduct comprehensive inventories of hardware- and software-based assets, including IoT devices, on their networks only per year.
- Fifty-two percent of the respondents said the projected growth rate of endpoints on their organization’s networks over the next 24 months would be less than twenty-five percent per year.
“The proliferation of devices from BYOD, IoT, and the incidental use of personal devices in the enterprise is causing ‘device sprawl,’ so it’s no surprise enterprises aren’t keeping up” said Dwayne Melancon, vice president of products. “The key to dealing with this risk is to remember that foundational controls still apply, regardless of scale – know what’s on your network, understand how it’s vulnerable, keep it patched, keep it securely configured, and monitor the heck out of it for suspicious activity.”