Bromium Research Highlights Increasing Concerns around End User Security Risk
February 2015 by Bromium
Bromium®, Inc. announced the results of “Endpoint Protection: Attitudes and Trends 2015,” a survey of more than 100 information security practitioners focused on the greatest challenges and risks facing their organisations today. The results of the survey indicate that the overwhelming majority of information security professionals believe end users are their biggest security headache, largely due to their tendency to click on suspicious and malicious e-mails and URLs.
Additionally, the survey highlights the operational challenges information security professionals face as they struggle to manage multiple point solutions, to respond to the security alerts, and to detect and remediate compromised endpoints.
“When you have more than 70 percent of breaches begin at the endpoint and nearly 80 percent of information security professionals stating that users are their biggest security headache, it becomes overwhelmingly apparent that traditional endpoint protection is a spectacular failure,” said Simon Crosby, co-founder and CTO, Bromium. “We are witnessing the start of a new era of proactive protection, now that the majority of information security professionals have lost confidence in detection-based solutions, such as anti-virus.”
Key findings from “Endpoint Protection: Attitudes and Trends 2015” include:
End Users Are Information Security Professionals’ Biggest Headache – Nearly 80 percent of respondents believe that end users are their biggest security headache, a modest increase from similar research in 2014 with a result of 72 percent.
End User Tendency to Click on Malicious Internet Content Increases Risk – More than 63 percent of respondents believe that clicking on malicious Internet content by end users introduces the most security risk (43 percent URLs/20 percent e-mails).
Responding to Security Alerts and Compromised Endpoints is Costly and Complex –Manual and reactive processes, such as investigating security alerts and the detection and remediation of compromised endpoints each account for 20 percent of the responses. Additional results from the survey found that only 15 percent of organizations are able to respond to 90 percent or more of their security alerts, which represents an alarming security gap.
Security Professionals Have Lost Faith in Legacy Security Solutions – When asked to rate their confidence in a variety of information security solutions, only 31 percent responded that they were confident in antivirus and only 37 percent responded that they were confident in next-generation firewalls.
Even as the information security market has grown to $70B, the magnitude and frequency of data breaches has been increasing. Information security professionals are drowning in the rising tide of security alerts generated by end users connecting to untrusted networks in coffee shops or clicking on suspicious content, but as attacks outpace defense, the traditional models of information security are broken.