Ponemon Institute Releases State of EndPoint Security Report 2018

Earlier this week The Ponemon Institute released a new research paper entitled “Analyzing The 2018 State of Endpoint Security Risk,” sponsored by Barkly. To gather data and compile their results, researchers interviewed approximately 660 IT security professionals responsible for managing end point security for various corporations throughout the United States. What they concluded was is the number of 0Day exploits being released in the wild has dramatically increased over the course of 2018, and so to have the number of successful cyber attacks being absorbed by US corporations.

According to the results, the number of cyber attacks which have successfully breached the end point security measures implemented/installed by major US corporations has increased 17% from 2017 to 2018. Moreover, 64% of the IT professionals interviewed reported that at least one hacker or cyber attack had “successfully compromised data assets, files and/or IT infrastructure” causing significant financial damage to their systems within the course of the last 12 months alone. Perhaps most interestingly enough, 70% of the IT professionals interviewed admitted that they were unable to trace the origin of the hacks against them, and to this day have not uncovered the party(s) responsible for launching them. On top of this, only 69%of respondents say their traditional, signature-based antivirus solutions provide the protection needed to stop all serious attacks against their systems.

Key Findings from Ponemon’s Study:

  • 63% of IT security professionals say that they have seen endpoint attacks increase from 2017 – 2018
  • Only 52% of those same professionals claim the attacks can be stopped/mitigated
  • The average cost per compromised endpoint is $440. Small-and-medium-sized
    (SMB) companies have a much higher cost of $763
  • Of the professionals whom saw their systems compromised, 79% of them claim it was the result of new and previously unknown exploit – such as 0Day’s.
  • 19% say they were compromised by a previously disclosed/known attack style
  • Traditional anti-virus software only picks up 57% of all attacks
  • Every time a company is breached, it takes on average 102 days for security professionals to patch their systems
  • It takes on average 3 months for companies to buy/develop and begin to deploy Endpoint Detection & Response (EDR) solutions
  • The average cost, in damages, of an end point data breach rose from $5 million in 2017 to $7.12 million in 2018
  • The average IT budget of the companies surveyed was $114 million, with only an average of $5.56 million allocated specifically towards endpoint security
  • There was a 58% increase in the number of malware attacks against US corporations from 2017 to 2018

Based on their figures, researchers estimate that the number of endpoint security attacks absorbed by global corporations will only continue to increase in 2019. In their estimation, companies should expect to see at least a 38% increase in file based attacks – such as attacks using malicious encoded Word documents or pdf’s. Researchers are also advising companies to take a look at and/or consider replacing their “legacy” anti-virus service providers in favor of something new, and encourage more companies to launch or create new bug-bounty initiatives, which often times find solutions at a much lower cost than malicious data breaches after the fact.

View Full Study: