Companies today face a daunting challenge – needing to fend off attacks from cyber-thieves, hacktivists and even disgruntled employees. Endpoint devices, especially across retail, financial services and hospitality point-of-sale (POS) applications, are sitting targets, with enterprises surprisingly unprepared to deal with these advanced security threats.
A cyber-security study from Bit9+Carbon Black has found that far too many UK organisations are unaware of what's happening on their endpoint and POS systems. There's a great deal of uncertainty about whether they've been the victim of a cyber-attack, or could prevent an attack, whilst few companies feel totally confident that their end-user machines are compliant with the latest Payment Card Industry Data Security Standard (PCI DSS V3.0), despite a looming January 2015 deadline.
The research also looked at the prevalence of Windows XP across businesses, along with migration plans. We caught up with Ben Johnson, Chief Security Researcher for Bit9+Carbon Black, to learn more about the research findings.
TechRadar Pro: What are the key highlights of this research?
Ben Johnson: We surveyed 250 IT decision-makers across UK private and public sector organisations to identify their biggest IT security concerns and establish how much visibility they had into past and future cyber-attacks. We also asked about Payment Card Industry Data Security Standard (PCI DSS) compliance as well as how reliant they were on Windows XP.
Uncertainty ruled, with almost half (49%) our respondents unsure if they'd been compromised over the past 12 months. We found blind spots across enterprise endpoints, with 61% rating their ability to detect suspicious activity as no better than average, and 32% who said their business had been hit in the past year. Feelings of vulnerability loomed large with almost 64% expecting an attack within the next year.
Security standards compliance was poor with just 12% of companies feeling totally confident that their endpoints were compliant with PCI DSS V3.0, and almost half (46%) of those working with POS systems unable to adequately monitor and control access to sensitive customer data on their retail endpoints.
Uncertainty prevailed here, as well, with only 52% of POS users feeling confident that their current security solution could stop advanced threats. Add to this the 70% of POS users who admitted they have no way of knowing if their systems had been attacked or not, and the picture is rather worrying.
TRP: Which parts of an enterprise are most vulnerable to cyber-attack?
BJ: Our survey showed that endpoints and client devices including desktops, laptops, tablets and smartphones remain the biggest security concern for respondents (38%), whilst server security came fourth on their list of concerns. 41% thought end-user machines were most vulnerable to cyber-attack, with another quarter pinpointing mobile devices.
Despite these endpoints being the crown jewels for cyber-thieves, and therefore the most vulnerable, respondents didn't feel able to effectively monitor and control these assets, with more than 61% of companies believing themselves to be average at detecting suspicious behaviour ahead of an attack.
TRP: How confident do companies feel about their antivirus software in the current climate?
BJ: Few respondents felt certain that their antivirus software would prevent cyber-attacks. Only 6% were completely confident that antivirus could effectively prevent targeted attacks, and only 32% were 'very confident'. The majority were less certain about their ability to deter cyber-threats using antivirus solutions alone.
Advanced attackers have lost respect for AV for at least a decade. It's a speed hump rather than a barrier and hasn't kept up with today's targeted threats, nor does it guarantee against advanced, previously unknown types of attacks such as zero-day vulnerabilities. Hackers will find a way to get in so the focus must be on stopping threats in their tracks and minimising the damage.
TRP: What are the most likely sources of attack and what concerns respondents most about the impact of these attacks?