The state of endpoint risk is not improving according to the fourth annual report researched by the Ponemon Institute. IT professionals reported the flood of mobile devices entering their corporate networks, advanced persistent threats and third-party application vulnerabilities are their primary pain points moving into 2013. A few short years ago, these concerns barely made the list.


One of the top concerns cited was the proliferation of personally-owned mobile devices in the workplace such as smartphones and tablets. 80 percent of those surveyed said that laptops and other mobile data-bearing devices pose a significant security risk to their organization’s networks.

Yet, with only 13 percent stating they use stricter security standards for personal over corporate-owned devices and 29 percent reporting no security strategy for employee-owned devices at all, there is a clear disconnect between awareness and action.

These figures are staggering when compared to the 2010 survey. At that time, only nine percent of respondents said mobile devices were a rising threat. This year, 73 percent rank mobile as one of the greatest risks within the IT environment.

This year’s study also found that IT professionals view third-party applications as a major security threat. In fact, 67 percent of those surveyed reported they viewed third-party applications as a significant risk – second to mobile security risk.

In previous year’s surveys, the server environment, data centers and operating system vulnerabilities were cited as primary concerns. With the proliferation of mobile devices, along with the wide range of software and removable media commonly used in today’s enterprise environment, IT practitioners are increasingly worried about the attack vectors these third party tools could bring into the corporate network.

In addition to mobile security risk, the security concern that represents the biggest headache for 2013 is advanced persistent threats (APTs). Whereas worms and less harmful viruses were a concern in earlier reports, today’s IT teams consider APTs and hacktivism a real, global threat.

36 percent of those surveyed reported that they viewed advanced persistent threats as a “significant” threat to their environments while just 24 percent of respondents held this view last year. In addition, only 12 percent of those surveyed this year stated that current anti-virus/anti-malware technology is very effective in protecting their IT endpoints from today’s malware risk.

“Once again, we found the changing security terrain is preventing the state of endpoint security from improving,” said Dr. Larry Ponemon, Chairman and Founder, the Ponemon Institute. “With the rise of hacktivism and advanced persistent threats, along with the sheer number of malware incidents we are seeing today, IT simply cannot keep up with the bad guys. Add to this fact that end-users are furthering the complexity of the IT environment by bringing in mobile devices and downloading third-party applications - causing risk to exponentially proliferate. IT simply must take further action before the risk is beyond their control.”

671 IT and IT security practitioners were surveyed in this year’s study. Of those, 77 percent were employed in organizations with a headcount of more than 1,000 and 66 percent were in a supervisory role or higher. These professionals spanned key industries including financial services, the public sector and healthcare.