What's the Cost of an Insecure Endpoint?

With the cost and complexity of endpoint security at an all-time high, Ponemon’s research reveals 63 percent of enterprises cannot monitor at-risk, dark endpoints, leaving more than 50 percent of endpoints vulnerable to a costly data breach.

Great speaking with Richard Henderson, Global Security Strategist at Absolute about the results of “Cost of Insecure Endpoints Benchmark Study,” an independent benchmarking study conducted by the Ponemon Institute. The research reveals that traditional endpoint security approaches are ineffective and costing enterprises more than $6 million per year in poor detection, slow response, and wasted time. As the aggressive nature of emerging threats to proprietary data continues to grow, the cost and complexity of reducing risks and confirming compliance are at an all-time high.

The Ponemon study revealed organizations are finding it increasingly difficult to identify dark endpoints — the rogue, out-of-compliance, or off-network devices that create blind spots and increase an organization’s vulnerability to attack. While confidence in endpoint security ranked low, the IT security professionals surveyed believe that close to 60 percent of the hours currently invested in the capture and evaluation of intelligence surrounding the true threats, to both compliance and proprietary data, can be saved each week by deploying automated solutions. We need robots to take over for humans to eliminate mistakes.

“At the Ponemon Institute, we’ve followed the endpoint security industry closely for more than a decade. It’s clear that enterprises face real visibility and control challenges when it comes to protecting the data on corporate endpoints, ensuring compliance and keeping up with threats,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. “Enterprises need an automated approach to give IT pros visibility into endpoint security health and to better understand risk exposure, ensure compliance, and improve visibility.”

The study takes into account research into the security practices and budgets of more than 550 IT and IT security practitioners. While the results were staggering, the research did not take into account the liability associated with increased risks of data breaches that are becoming all too commonplace as workers place data at risk on laptops, mobile phones, and tablets. Key findings from the study include the following:

• Blind spots are large and growing: Among respondents, 63 percent could not monitor endpoint devices when they left the corporate network, while 53 percent of companies reveal that malware-infected endpoints have increased in the past 12 months.
• Out-of-date, unpatched, or corrupted endpoint agents are the most common endpoint security gaps: 55 percent of respondents say endpoint management and security applications have been removed or corrupted.
• Compliance and data protection are at risk: Some 56 percent of companies lack a cohesive compliance strategy, and 70 percent report a “below average” ability to minimize endpoint failure damages. Only 28 percent of respondents say their organizations rely on automated analysis and inspection to determine compliance.
• Respondents believe automation increases efficiency and offers better visibility of dark endpoints: It costs organizations an average of $1.37 million annually in wasted time responding to erroneous malware alerts. Enterprises could save nearly $2.1 million annually with automated endpoint security solutions.

“Managing endpoint security and protecting proprietary data is more than an IT issue, it’s increasingly a global business performance and national security concern,” said Geoff Haydon, CEO of Absolute. “This study along with recent ransomware attacks and high-profile data breaches show the danger of today’s endpoint blind spots, and underscore that automation and newer approaches to endpoint security are key to safeguarding endpoints and the sensitive data on them for optimal business performance.”