The “2013 State of the Endpoint” study* by Ponemon Institute surveyed 671 organizations, and was completed late last year. The result was published in December 2012 subject to caveats detailed in the report. There is not much to cheer about the status of end point security. The risks continue to exist. The root of the problem seems to be the proliferation of employee owned mobile devices in organizations despite implementation of security standards and the increase in Malware attacks and advanced hactivism.
Considering the problem of proliferation of personal devices in organizations, the survey indicates that 80 percent of the participants were convinced that use of laptops and other personal devices of employees posed a significant threat. However, only 13 percent said that they had done something about this fear by imposing stricter security norms for personal devices of employees. These respondents felt that the problem is compounded when third party applications—such as Google docs and Adobe—are used by employees. All the respondents in this category said that their organization lacked a centralized enforceable Cloud security policy and 58 percent of them pointed out that the policies that existed were not being enforced strictly. 14 percent of the respondents were unsure whether their organization enforces the policy regarding the use of private Clouds by employees.
The position regarding the impact of malware and hactivism remained unchanged vis-à-vis the study of 2010. Fifty eight percent of the respondents reported that the number of malware attacks were on the increase. Most of these organizations stated that they were aware of about 25 or more malware attempts or incidents each month. About 20 percent of the respondents were unsure about the number of attempts.
A large percentage expressed concern about Mac malware infections and stated that operating expenses were going up due to their efforts to eradicate malware. Clearly, organizations need to define their policies regarding malware handling and to ensure that the Cloud backup vendors they patronize have the right tools in place for preventing or tackling malware infestations.
Studies such as this draw attention to current problems of the IT industry—especially Cloud backup and computing from the customer perspective. It underscores the importance of identifying security issues, the need for drawing up organizational security policies before subscribing to a Cloud backup service.
It follows that organizations need to emphasize on the need for data confidentiality, privacy and effective management practices.