VIPRE REPORT: Price Reigns Supreme for Small Businesses When Choosing Their Endpoint Security

Similar documents
KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

The 2017 State of Endpoint Security Risk

Building a Threat Intelligence Program

REPORT. proofpoint.com

CYBER SECURITY FOR BUSINESS COUNTING THE COSTS, FINDING THE VALUE

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

THALES DATA THREAT REPORT

State of Cloud Survey GERMANY FINDINGS

5 Trends That Will Impact Your IT Planning in Layered Security. Executive Brief

Eliminating the Blind Spot: Rapidly Detect and Respond to the Advanced and Evasive Threat

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Second International Barometer of Security in SMBs

Panda Security 2010 Page 1

The Value Of NEONet Cybersecurity. Why You Need To Protect Your The Value Of NEOnet Cybersecurity. Private Student Data In Ohio

THALES DATA THREAT REPORT

The Solution Provider s Guide to Protecting Clients from Ransomware

Adobe Security Survey

MRG Effitas 360 Degree Assessment & Certification Q1 2018

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Cybersecurity for the SMB. CrowdStrike s Murphy on Steps to Improve Defenses on a Smaller Scale

Streaming Prevention in Cb Defense. Stop malware and non-malware attacks that bypass machine-learning AV and traditional AV

10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS

Security Automation Best Practices

Mastering The Endpoint

MRG Effitas 360 Degree Assessment & Certification Q4 2017

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

MOBILE SECURITY. Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device)

IT Security: Managing a New Reality

Pedal to the Metal: Mitigating New Threats Faster with Rapid Intel and Automation

Resolving Security s Biggest Productivity Killer

9 Steps to Protect Against Ransomware

SECURITY AUTOMATION BEST PRACTICES. A Guide on Making Your Security Team Successful with Automation SECURITY AUTOMATION BEST PRACTICES - 1

SMB PULSE SURVEY. Findings Overview. Some highlights: A Note on Company Size

June 2017 intel.com schneider-electric.com

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Cybersecurity 2016 Survey Summary Report of Survey Results

Cybersecurity Perspectives 2018 THE DATA BREACH EFFECT

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

Anti-Virus Comparative

MRG Effitas 360 Degree Assessment & Certification Q MRG Effitas 360 Assessment & Certification Programme Q2 2017

CYBER SECURITY EFFECTIVENESS FOR THE RESOURCE-CONSTRAINED ORGANIZATION

Security and Compliance for Office 365

Best Practices in Securing a Multicloud World

CYBERSECURITY PREPAREDNESS AND RESPONSE

Fundamental Shift: A LOOK INSIDE THE RISING ROLE OF IT IN PHYSICAL ACCESS CONTROL

CYBERSECURITY RESILIENCE

whitepaper How to Measure, Report On, and Actually Reduce Vulnerability Risk

SECURITY AUTOMATION BEST PRACTICES. A Guide to Making Your Security Team Successful with Automation

RANSOMWARE PROTECTION. A Best Practices Approach to Securing Your Enterprise

CYBERSECURITY SAVE YOUR BOTTOM LINE IBC Annual Convention Anne Benigsen, Bankers Bank of the West

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

Kaspersky Security Network

with Advanced Protection

The Problem with Privileged Users

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

COST OF CYBER CRIME STUDY INSIGHTS ON THE SECURITY INVESTMENTS THAT MAKE A DIFFERENCE

Protecting from Attack in Office 365

Managed Endpoint Defense

Evolution of Spear Phishing. White Paper

2018 Edition. Security and Compliance for Office 365

CyberEdge Group 2018 Cyberthreat Defense Report

Barracuda Advanced Threat Protection. Bringing a New Layer of Security for . White Paper

Security in India: Enabling a New Connected Era

IT & DATA SECURITY BREACH PREVENTION

THE IMPLICATIONS OF PERFORMANCE, SECURITY, AND RESOURCE CONSTRAINTS IN DIGITAL TRANSFORMATION

CHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION

IBM Security Systems. IBM X-Force 2012 & CISO Survey. Cyber Security Threat Landscape IBM Corporation IBM Corporation

Cybersecurity and Hospitals: A Board Perspective

Imperva Incapsula Survey: What DDoS Attacks Really Cost Businesses

STOPS CYBER ATTACKS BEFORE THEY STOP YOU. Prepare, recognize, and respond to today s attacks earlier with Verizon Security Solutions.

SECOPS: NAVIGATE THE NEW LANDSCAPE FOR PREVENTION, DETECTION AND RESPONSE

Prevx 3.0 v Product Overview - Core Functionality. April, includes overviews of. MyPrevx, Prevx 3.0 Enterprise,

MOVING MISSION IT SERVICES TO THE CLOUD

How Cyber-Criminals Steal and Profit from your Data

Gaps in Resources, Risk and Visibility Weaken Cybersecurity Posture

Machine-Powered Learning for People-Centered Security

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

The data quality trends report

270 Total Nodes. 15 Nodes Down 2018 CONTAINER ADOPTION SURVEY. Clusters Running. AWS: us-east-1a 23 nodes. AWS: us-west-1a 62 nodes

2018 Mobile Security Report

JAPAN CYBER-SAVVINESS REPORT 2016 CYBERSECURITY: USER KNOWLEDGE, BEHAVIOUR AND ATTITUDES IN JAPAN

How Your Organization Can Drive Success in the Age of Digital Disruption

WHITEPAPER THE EVOLUTION OF APPSEC: FROM WAFS TO AUTONOMOUS APPLICATION PROTECTION

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

2013 Cloud Computing Outlook: Private Cloud Expected to Grow at Twice the Rate of Public Cloud

As Enterprise Mobility Usage Escalates, So Does Security Risk

Larry Clinton President & CEO Internet Security Alliance

DDoS MITIGATION BEST PRACTICES

HEALTH CARE AND CYBER SECURITY:

Ransomware piercing the anti-virus bubble

Endpoint Security Transformed. Isolation: A Revolutionary New Approach

THE CLOUD SECURITY CHALLENGE:

Sensitive Data Loss is NOT Inevitable

Cyber Security in Timothy Brown Dell Fellow and CTO Dell Security

Securing Digital Transformation

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

HOSTED SECURITY SERVICES

TABLE OF CONTENTS Introduction: IS A TOP THREAT VECTOR... 3 THE PROBLEM: ATTACKS ARE EVOLVING FASTER THAN DEFENSES...

Why Enterprises Need to Optimize Their Data Centers

Transcription:

VIPRE REPORT: Price Reigns Supreme for Small Businesses When Choosing Their Endpoint Security

SUMMARY More than 70% of IT managers say budget considerations have forced them to compromise on security features yet price beats all other factors when companies of up to 500 employees purchase endpoint security. Additionally, although solution complexity is a problem, most IT managers have high confidence in their ability to defend against malware. The survey reveals an apparent acceptance of the inevitability that some malware attacks will occur, perhaps explaining why the focus on advanced features isn t as keen as it should be. It may also explain why ransomware, which has become the most prevalent cyber threat in the current landscape, doesn t even rank as the respondents top security threat. Instead, that distinction goes to web-based threats. When making endpoint security purchases, price overshadows all other criteria for IT managers at companies of up to 500 employees. Price is so important, in fact, that 71% of respondents in a recent survey say they ve had to settle for solutions with fewer features due to budget considerations. On the bright side, nearly all respondents (97%) agree their organizations need endpoint security. However, many are not terribly pleased with the choices available to them, with 67% saying security tools are too complex. This sentiment echoes a common complaint among IT and cybersecurity professionals. The survey, conducted by Opinion Matters on behalf of VIPRE, suggests a level of overconfidence by IT managers in their ability to defend against malware not supported by many of the findings. For instance, while most respondents would personally guarantee the safety of their customers data, almost half (48%) believe they don t need the advanced malware capabilities that would justify their confidence. As a whole, advanced malware protection doesn t come across as much of a priority, considering 50% of respondents said their endpoint security lacks advanced features. Settling for Less 71 % of IT Admins have settled for weaker endpoint security because of budget constraints. 2

PRICE MATTERS 63% of the IT professionals polled consider endpoint security tools too expensive and the number goes up to 73% for those at companies with the smallest security budgets $25,000 or less. It s no wonder, then, that 71% of respondents have had to buy more basic security, as opposed to the advanced protection that they need, due to price. Only 28% say doing so put their company at risk but the number jumps to 41% at companies that suffered a breach in the past year and 69% in the last four. Despite their collective show of frugality, 80% of respondents believe more expensive products offer better protection. This is likely a truer reflection of how much IT professionals think they should spend on endpoint security. While they would love a reality where skimping on price doesn t create risks, it is clear that spending more would make most of them feel better. Price ranked as the No. 1 deciding factor in endpoint security purchases (53%), followed by ease of use (47%), feature set (41%), support (34%), advanced detection technology (31%), and cloud-based management (29%). Ransomware prevention mustered only a 21% score an indication of overconfidence, considering how prevalent a threat it has become. The FBI says ransomware was responsible for $1 billion in cyber-extortion payments last year. 3

The survey revealed some ambivalence toward advanced features in general. Although 90% say they can afford them, only 31% look at advanced detection as a criterion for picking solutions. About 40% say they already have it, while 50% say they plan to get it. At companies with security budgets of less than $25,000, the number of those already protected by advanced features is actually higher at 50%. At those companies, 17% say they plan to invest in advanced protection, while 17% do not. Overall, 48% of respondents agreed with this statement: An organization of my size does not need endpoint security with advanced malware defense capabilities. This is another sign of uncertainty, which suggests a lack of understanding as to what advanced features means, something security vendors should address. Pricey Opinions 0 10 20 30 40 50 60 70 80 90 Free endpoint security products provide enough protection for organizations of my size I have more confidence in an endpoint security solution I pay for than a free product More expensive products generally provide superior protection than lower priced alternatives Pricing is easy to understand They are too expensive Survey respondents shared their views on endpoint security pricing, revealing that most IT admins agree that security vendors pricing schemes are easy to understand, but they believe endpoint security is too expensive. And while respondents mistakenly put more faith in more expensive products, many feel that free endpoint security provides adequate protection. DISAGREE AGREE 4

YOU GET WHAT YOU PAY FOR While 63% of survey respondents say free endpoint security products provide enough protection for organizations of my size, 90% say they have more confidence in products they buy than those available for free. At the smallest companies, the number of those who believe free endpoint security is sufficient is higher. It rises to 83% at companies with 5 to 24 employees, but drops to 61% less than the overall percentage at those with 25 to 50 employees. Unexpectedly, that number climbs among the largest companies surveyed (351 to 500 employees) to 67%. Perhaps more surprising, the number is even lower at companies with the smallest budgets 50%. It would seem the outlook on the efficacy of free products isn t directly related to company size or budget. #SecurityFail Coincidence? 70 % of IT admins at small businesses breached within the last year say free endpoint security products provide enough protection. Does it have to do with breach history, then? Not so. Respondents at companies that have suffered a breach in the last one to three years embrace free endpoint security to the tune of 70%. At face value, the finding is shocking. But looking under the surface, it lends credence to the idea that IT professionals, whether consciously or not, simply accept that some attacks are inevitable. While the sentiment is realistic, there is a danger it could lead to complacency. 5

COMPLEXITY COMPLAINTS Perhaps the acceptance of inevitability is partly fueled by endpoint security products that respondents say have become too complex to easily manage. If solutions are too difficult to manage, it stands to reason that a sense of inevitability would start to creep in, especially if a breach is still fresh in your memory. 67% of participants complained about complexity and that number soars to 94% at companies that suffered a breach in the past year. Looking further back, that number begins to decline, with companies suffering a breach in the last two years coming in at 80% as compared to 70% for companies that were breached within the last three. Another concern has to do with the selection process itself. 86% of respondents say it s difficult to select the right endpoint solution for their organization, while 64% agree there is not enough differentiation between solutions, making it harder to make a clear decision between vendors. If that weren t problematic enough, the survey reveals a mismatch between features offered and what, exactly, is needed. 52% say endpoint security offers too many unnecessary features and the same number say solutions don t offer enough features to suit their specific needs. Interestingly, deployment isn t an issue for most survey participants, with 90% saying the tools are easy to deploy. Productivity, however, is a different story. 51% say endpoint security solutions hurt employee productivity. 6

Complexity Gets in the Way of Security 0 10 20 30 40 50 60 70 80 90 Endpoint security provides too many features I don t need Endpoint security slows down the productivity of my workforce MANAGED SERVICES Endpoint security solutoins have become too complex to easily manage Vendors offer many products and options (levels of protection, feature sets and add-ons) and it can be confusing to easily select the right endpoint security There is little differentiation between security vendors DISAGREE AGREE Whether it s too few differentiators between vendors or too many product options offered by each, IT admins struggle to make easy choices when it comes to endpoint security. More than half feel their solutions are bloated with features they don t need, too complex to manage and that their endpoint security solutions still slow down their workforce. 7

WHY SO CONFIDENT? As noted previously, the VIPRE survey indicates a significant level of confidence in organizations ability to defend against malware. For instance, a vast majority of respondents (89%) say their tools are adequate in defending against ransomware, zero-day attacks and other threats that evade traditional antivirus software. Such threats are the hardest to defend against because they cannot be detected by tools that rely on known malware signatures to do their work. Confidence is especially high at the largest organizations (351 to 500 employees), with 93% of those respondents saying their tools are adequate. And it is surprisingly high at organizations that have been breached recently 85% at companies breached in the past year and 88% at those breached in up to two years. Another measure of confidence is the fact that 77% of respondents feel they have a strong grasp over security because they have enough in-house resources to manage endpoint security and other security solutions. The percentage drops to 67% among the smallest companies but stands tall at 89% among the largest. The same pattern is reflected in budget size, with 87% at companies with budgets of $200,000 and above and 61% for those allocating $25,000 or less to endpoint security. We Got This 77 % of IT Admins believe they have a strong grasp over their security. 8

TRUMP S EFFECT ON SECURITY CONFIDENCE With the American electorate divided in their support for the new Trump administration, it should come as no surprise that when asked if U.S. cybersecurity will become easier under the new president, the split among IT managers seems to fall in line: 41 % think cybersecurity will become more difficult and 40% think the opposite. The rest see no change. For those at companies that suffered a breach in the past year, the level of confidence increases. In a show of confidence in the new administration, 59% of them say they think cybersecurity will be easier. 19% No Change 40% Less Difficult 41% More Difficult Early in President Trump s administration, IT Admins are split on whether his leadership will make cybersecurity easier or more difficult for small businesses. 9

PERSONAL GUARANTEES Perhaps the most telling of the survey findings regarding confidence is the personal guarantee that 83% of respondents would put on their company s security, two points higher than when they were asked this question two years ago. Curiously, the number among companies breached over the past year was even higher at 88%, all the way up to 100% among those breached in the last five. This suggests that those that have been struck have strengthened their defenses, unless they believe lightning doesn t strike twice, which is far from a certainty. IT professionals presumably are aware hackers will not hesitate to attack again if they believe they can gain from it. In some ransomware cases, attackers have even asked for money a second time. Cyber-Overconfidence 83 % of IT Admins would personally guarantee their company s customers that their data will be safe in 2017. That number rises to nearly 90% for respondents at businesses breached. Nevertheless, 53% of respondents would recommend negotiating after a ransomware attack. This is a sizable increase from a 2015 survey of IT security professionals, when only 30% said they would negotiate. The number in the new survey is especially high at 82% among those that have already suffered a cyber attack in the past year, indicating that those that have already been victimized tend to be more willing to negotiate. 10

PHISHING REMAINS A BIG CONCERN Phishing is one of the most pervasive cybersecurity threats and is often used to deliver ransomware. It works because hackers employ all variety of tricks to get victims to infect their machines by clicking on compromised URLs and email attachments. When IT managers have to remove malware from an executive s computer, most often, it has been delivered through phishing, as per 45% of those polled. The problem is worse at the larger companies, up to 56% of those with 351 to 500 employees. This shows hackers prefer to zero in on bigger targets but also will attack smaller companies when given the chance. Execs Under Attack 56 % of IT Admins at business with 351 to 500 employees report senior leadership falling victim to phishing attacks. 11

NEED FOR SCHOOLING Despite all the high-profile cyber attacks in recent years, IT professionals often are still called on remove malware from a computer or other device used by a member of your company s senior leadership team because they did something they should not have done. The biggest problem is phishing, according to 45% of respondents, which is especially vexing because it can t be defeated with technology alone. Organizations need to educate users about the phishing threat and train them not to click on suspicious URLs and attachments. Respondents also had to remove malware from visits to porn websites (26% down from a high of 56% in 2017), letting a family member use a companyowned device (22%), attaching an infect USB stick or phone to a PC (22%) and installing a malicious app (21%). On the bright side, a full 25% of respondents said they ve never been asked to remove malware caused from executives computers. Execs Causing Infection 0 10 20 30 40 50 Exec installed a malicious app Exec attached infected USB device to PC Exec let a family member use company PC that led to infection MANAGED SERVICES Exec visited an infected pornographic website Exec fell victim to phishing attack While the biggest culprit behind infected PCs used by executives appears to be phishing, IT Admins are still dealing with executives visiting infected pornographic websites, letting family members use work machines, installing malicious apps and connecting to infected USB devices. 12

CONCLUSION When it comes to endpoint security, it s clear education is needed not just to warn users about the danger but also regarding other aspects. For instance, focusing on price as the primary factor to choose a solution is misguided and could very well lead to overlooking more important features such as advanced malware detection. Forgoing needed security features because of price can put a company at risk, something that 28% of respondents admit. But the risk is almost certainly greater than that percentage would indicate. It s also clear that solution complexity is a problem and that s an issue for security solution vendors to address by making their products simple to select, deploy and manage. If administrators find the solutions too hard to manage, they could make mistakes that cause vulnerabilities even if they are confident in their ability to defend against malware attacks.

STUDY METHODOLOGY The independent blind survey of 253 US IT Managers and IT Directors working with companies with five to 500 employees was conducted by Opinion Matters on behalf of VIPRE in February and March 2017.

ABOUT VIPRE VIPRE is the highest-rated, award-winning internet security product for home users and businesses. It is powered by the world's most sophisticated security technologies that protect millions of users from today s top online threats, including ransomware, Zero-days and other malware that easily evades traditional antivirus. Backed by cutting-edge artificial intelligence, one of the world s largest threat intelligence clouds and real-time behavior monitoring, VIPRE deploys in minutes to deliver unmatched protection without slowing down PCs. All VIPRE customers receive free U.S.-based technical support. Simply the Best. VIPRE wins Top-Rated Security Product and consistently wins 100% block rates and zero false positivesfrom AV- Comparatives. 15

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback