A new study shows that growing malware attacks on computer systems, mainly through exploitation of third-party and Web-based software applications, have made organizations more worried today than they were a year ago about the security of their networks. The report, "Study of Endpoint Risk," released Monday, also says that a proliferation of new endpoint computing platforms, such as smartphones and tablet computers, and the increasing sophistication of malware attacks combine to heighten the security risk for organizations.
The study, while conducted by the independent Ponemon Institute, was commissioned by Lumension, a provider of endpoint security technology. According to the report, while the greatest risk for malware attacks rests at the application layer, one-third of survey respondents admit they place no restrictions on what apps run on their network. Another one-third may employ application policies but don't fully enforce them, a finding the report calls "a gaping hole" in security.
The survey identifies five applications that concern IT managers most about their security risk: third-party apps outside of those from Microsoft (58 percent identified this as a concern); Adobe (54 percent); Google Docs (46 percent); Microsoft operating systems and applications (44 percent); and Oracle applications (39 percent). The malware risk seems pervasive, given that 98 percent of survey respondents reported at least one malware intrusion in 2010, 35 percent have experienced 50 malware attacks in one month, and 43 percent reported "a dramatic uptick" in malware attacks this year. At the same time, intercepting malware is made more difficult by the lack of visibility IT administrators have into the endpoints on their network and lack of knowledge about third-party or Web-based applications on the devices.
An increasing number of malware attacks, insider security threats and the use of cloud computing are the top three concerns for survey respondents in 2011, the report states. Respondents also identified use of mobile devices by remote workers, desktop and laptop computer vulnerabilities and third party apps as the weakest points on their networks. That's a change from the 2009 survey, which found that the weakest spots were the use of removable media (such as USB drives) and risks inside data centers.
In addition to Lumension, providers of endpoint security technology include Check Point Software, Cisco Systems, IBM, Sophos and TrendMicro. Generally, endpoint security software restricts what applications end users can add to their devices and limits access they have to Web-based apps.