Businesses Spend 1,156 Hours Per Week on Endpoint Security

Insecure endpoints cost businesses millions of dollars, and hours of productivity, as they struggle to detect and contain threats.

Kelly Sheridan, Former Senior Editor, Dark Reading

June 13, 2017

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Insecure endpoints are an expensive risk and difficult to address. Businesses spend millions of dollars, and hundreds of hours, on detecting and containing endpoint alerts but can't come close to catching them all.

A new study entitled "The Cost of Insecure Endpoints," commissioned by Absolute and conducted by the Ponemon Institute, polled 556 IT and IT security practitioners responsible for detecting, evaluating, and/or containing insecure endpoints within their organizations.

The businesses in this study manage an average of approximately 27,364 endpoints, nearly half (55%) of which contain sensitive or confidential information. These endpoints generate nearly 615 alerts in a typical week, nearly 60% of which involve malware infections.

An average of 1,156 hours is spent each week on detecting and containing insecure endpoints. Less than half (45%) of the 615 alerts are considered reliable, and only 115 are actually investigated.

"That's a lot of time for your security staff to be analyzing whether an alert is reliable or not," says Richard Henderson, global security strategist for Absolute. "You need a big team to investigate that many unique alerts per week."

Organizations spend an average of $3.4 million in resources to figure out the amount of hours spent each week on detection and containment of insecure endpoints. They can spend up to $6 million each year on the time it takes to find and lock insecure endpoints, hours wasted on erroneous alerts, and unplanned downtime and business interruption for employees.

Many alerts can be investigated in five to 10 minutes; the problem, he says, is this time quickly adds up and many alerts go unaddressed. The average cost of each failed endpoint is $612.45.

The struggle to properly secure endpoints is leaving businesses vulnerable to threats like ransomware, which has "changed the landscape" for endpoint security in the last couple of years, he explains.

"Ransomware is not going to go away any time soon because companies continue to pay," he says. The problem would not be as severe if data was properly secured, employees practiced good data hygiene, and patches were implemented upon release.

Most people neglect to patch their systems, researchers found. Three-quarters of respondents said the most commonly found security gap on their endpoint is out-of-date or unpatched software.

"You might as well just leave the bank vault open and leave the money for the robber," Henderson says of unpatched systems.

Endpoint security will continue to be a problem as new employees bring their own devices into the workplace. Businesses will look to automation to offset the cost and challenges of finding and hiring security talent.

"The future is going to be semi-automated or fully automated for most security technologies," Henderson notes. Organizations will need to farm out traffic monitoring across endpoints, and trust their systems to assess what's important and weed out unnecessary info. Researchers found only 40% of businesses use automated tools to evaluate threats.

The problem is, most security teams don't have the budget to afford new automated systems, either. More than half (51%) say cost stops them from buying these tools; 44% cite complexity as an issue and 30% claim lack of confidence in the products.

Henderson acknowledges the high cost of tech can be a burden in security. It's tough to justify the price of expensive tools when a sign of their effectiveness is a lack of alerts or other activity.

"Security teams don't get whatever they need," he says, debunking a popular misconception among business workers. "Companies have finite budgets, and they need to scrape for every inch or every cent they get in infosec."

About the Author

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights