Posted on by

Ransomware, hybrid work continue to shape the endpoint security space

Our Information Security, Endpoint Security 2023 study examines use case effectiveness around endpoint security tools, as well as key issues such as ransomware and where the key security issues in internet of things systems exist.

The Take

Ransomware continues to be a top issue in information security. Most recently, in June, the “MOVEit hack” — for which the CL0P ransomware group takes credit — has led to the breach of the personal information of millions of users across financial firms, US government departments, auditors, entertainment and energy companies. A previously unknown SQL injection vulnerability in a popular file transfer product called MOVEit Transfer was exploited to carry out the attacks. Some 23% of respondents report being victims of ransomware in the previous 12 months, up from 18% of respondents to last year’s study. That said, the percentage of respondents who actually paid a ransom drops to 6% from a high of 22% last year. Just 24% have been able to restore successfully from a backup, while 22% have noted the attack was interrupted by a network security tool and 21% note an endpoint security tool interrupted the attack.

Summary of Findings

The number of endpoint security tools installed per endpoint in an enterprise has been on a steady downslope from 2017 to 2019, going from about three to an average closer to two, and there are a number of reasons for that, including consolidation of endpoint security products into platforms, as well as formerly complementary endpoint detection and response players becoming primary endpoint security vendors. The increased scale of remote work in 2020 brought on by the COVID-19 pandemic reversed this course, bringing the average closer to three again. In 2023 this trend will likely continue, with an average of 3.12 security tools per endpoint, but the total for the largest enterprises is closer to four.

According to 49% of respondents, preventing malware from loading or executing is the use case that endpoint security tools are seen as most effective for. Detecting and stopping already running malware is the second-most-cited use case where such tools are seen as effective. The most ineffective use case, and perhaps the greatest opportunity for differentiation between vendors’ offerings, is the failure of currently installed endpoint security tools at enterprises to assist in after-the-fact investigations. About 31% of respondents note their endpoint protection is not supplying enough information to be effective in this regard.

Endpoints that enterprises have security concerns about go beyond PCs, laptops and mobile phones, and increasingly include requirements to secure IoT devices. The top security issues with such devices generally reflect their specialist nature. The top cited issue (by 33% of respondents) is the inability to effectively patch application vulnerabilities when they are discovered post-deployment. Poor authentication, including default password usage in some well-publicized security incidents, is the second-most-cited concern at 25%. Rounding out the three most-cited concerns is the lack of physical security around deployed IoT devices (24%).

Generative AI continues to dominate headlines in 2023, and the information security research space has examined both its promise and potential pitfalls. One such early concern is the idea that, as AI can be used as a copilot while coding, it could potentially be used to create malware, or allow malware to more easily be polymorphic and evade detection. However, this potential use case does not yet resonate as a concern with security practitioners — 30% are not at all concerned and 45% are only somewhat concerned with this possibility. Until a widespread, demonstrated attack occurs, the risk will continue to be seen as theoretical by the majority of practitioners. That may be a matter of time, however, as different proof-of-concept approaches to making malware more effective through generative AI tools have been demonstrated.

A Primer on Decentralized Digital Identity

Read Report

Want insights on Infosec trends delivered to your inbox? Join the 451 Alliance.

Published by Daniel Kennedy

Daniel Kennedy is the Principal Research Analyst for Information Security for quantitative research at 451 Research, a part of S&P Global Market Intelligence. He is responsible for managing all phases of the research process. Dan is an experienced information security professional who has written for both Forbes online and Ziff Davis, has provided commentary to numerous news outlets including The New York Times and The Wall Street Journal, and his personal blog Praetorian Prefect was recognized as one of the top five technical blogs in information security by the RSA 2010 Conference. Prior to 451 he was a Partner in the information security consultancy Praetorian Security, LLC where he directed strategy on risk assessment and security certification. Before that he was Global Head of Information Security for D.B. Zwirn & Co. as well as Vice President of Application Security and Development Manager at Pershing LLC, a division of the Bank of New York. Daniel holds a Master's of Science degree in Information Systems from Stevens Institute of Technology, a Master's of Science in Information Assurance from Norwich University, and a Bachelor's of Science in Information Management and Technology from Syracuse University. He has gained certification as a CEH (Certified Ethical Hacker) from the EC-Council, a CISSP, and has a NASD Series 7 license.