Cyber attackers are gaining access to valuable, sensitive data, such as login and access credentials, according to the 3rd Annual SANS Endpoint Security Survey conducted by SANS Institute and co-sponsored by Guidance Software.

This data can be used to further compromise networks and gain access to sensitive information on employees, customers and company intellectual property and trade secrets. Other highly compromised data included email files (28 percent) and sensitive customer or employee data (17 percent).

SANS surveyed 829 IT professionals with endpoints located around the globe to explore how IT professionals monitor, assess, protect and investigate their endpoints. A majority of respondents were security analysts (34 percent), followed by security managers or chief information security officers (16 percent) and IT managers or CIOs (15 percent).

The survey results highlight the need for a more proactive approach to detecting threats and compromises. While 44 percent of respondents said that their endpoint systems have been compromised within the last 24 months, 15 percent reported that they didn’t know how many threats were detected through proactive hunting. For the second year in a row, more than a quarter of respondents were notified of a breach by a third party.

“Cybercriminals are constantly looking for ways to infiltrate a company’s network to steal valuable data. The longer they remain undetected, the greater the damage they can inflict,” said Ken Basore, SVP of Product Engineering, Guidance Software. “This survey highlights the need for 360-degree visibility into an organization’s endpoints and for an aggressive, proactive approach to security.”

Other key findings from the survey include:

• Detection - Forty-one percent said they were unable to acquire information about unauthorised sensitive data that they need to detect threats. An additional 39 percent reported they are unable to acquire endpoint data from memory-based artefacts and 33 percent were unable to access data on finger print running applications.
• Response - A majority of professionals (74 percent) want results from endpoint queries in an hour or less and 38 percent want that data in five minutes or less. This once again underscores that the ability to quickly conduct investigations is a top priority for companies.
• Remediation - Sixty-five percent of respondents said that determining the impacted data on breached endpoints and determining the scope of a threat across multiple endpoints was impossible. Limited visibility into the impact of a breach will negatively impact an organization’s ability to remediate the damage.