Security professionals are most concerned about the endpoint, citing it as the greatest source of risk in a Bromium survey of more than 100 pros who attended Black Hat USA 2015 in Las Vegas last week.
That's not surprising to Clinton Karr, a senior security strategist at Bromium, who noted in a release that the endpoint represents the difficult balance of security and productivity that security teams face. “For example, 90 percent of organizations would be more secure if they disabled Flash, but 41 percent would become less productive,” he said.
Adding to the risk, Karr said, is that traditional security has fallen short, proving “ineffective at mitigating this dilemma.”
The “Black Hat 2015: State of Security” survey also found that IT security have issues around implementing security patches. While 50 percent of those surveyed deploy patches for zero-day vulnerabilities within the first week (10 percent on the first day), nearly a quarter – 22 percent – take longer than a month to implement patches.
Financial services is at the top (at 30 percent) of the respondents' list of risk for cyber attack, although 60 percent also fingered it as the vertical with the best security practices in place. Energy was cited by 17 percent as the area of critical infrastructure that carries the highest risk of cyberattack.
While respondents widely welcomed improvements in Windows 10 security – 56 percent noted the boost, 33 percent believe that the improvements fall short.