End users and their devices are right smack in the center of the battle between enterprise InfoSec teams and malicious hackers, and it’s not hard to see why.
When compromised, connected endpoints — desktops, laptops, smartphones, tablets — offer intruders major entry points into corporate networks. However, end users are also their organizations’ best threat detection tools.
That’s a key takeaway from SANS Institute’s “2017 Threat Landscape Survey: Users on the Front Line,” a report published in August and co-sponsored by Qualys.
The study, conducted in May and June, polled 263 IT and InfoSec pros from companies of all sizes and major industries such as finance, government, technology and education.
It found that most of the top intrusion methods reported by respondents sought to directly or indirectly compromise end users or their devices. Hackers’ preferred threat vectors included:
- Email attachment or link (flagged by 74 percent of respondents)
- Web-based drive by or download (48 percent)
- App vulnerabilities on endpoints (30 percent)
- Web server / web app vulnerabilities (26 percent)
- Removable storage devices (26 percent)