A study entitled Global Study on Mobile Risks finds that corporate mobile devices and the bring your own device phenomenon are going against enterprise security and policies. 77 percent of more than 4,000 respondents in 12 countries agree that the use of mobile devices in the workplace is important to achieving business objectives. However, 76 percent also believe that these devices put their organizations at risk. Furthermore, only 39 percent say they have the necessary security controls to address the risk.
Enterprise mobile usage is not completely secure yet despite rise in usage
The study was conducted by the Ponemon Institute and was sponsored by security firm, Websense. The research shows that organizations often don’t know how and what data is leaving their networks through non-secure mobile devices. Traditional static security solutions, such as antivirus (AV), firewalls, and passwords are not effective at stopping advanced malware and data theft threats from malicious or negligent insiders. The study was designed to help IT security professionals plan for the increased use of mobile devices in the corporate sector.
The key findings of the study were:
- 59 percent of respondents report that employees circumvent or disengage security features, such as passwords and key locks, on corporate and personal mobile devices.
- During the past 12 months, 51 percent of the organizations in this study experienced data loss resulting from employee use of insecure mobile devices, including laptops, smartphones, USB devices, and tablets.
- 77 percent of respondents agree that the use of mobile devices in the workplace is important to achieving business objectives. A similar percentage (76 percent) believe that these tools put their organizations at risk. Only 39 percent have the necessary security controls to address the risk, and only 45 percent have enforceable policies.
- Insecure mobile devices increase rates of malware infections. 59 percent of respondents say that over the past 12 months, their organizations experienced an increase in malware infections as a result of insecure mobile devices in the workplace, with another 25 percent unsure.
- 65 percent of the respondents are most concerned with employees taking photos or videos in the workplace, probably due to fears about the theft or exposure of confidential information. Other unacceptable uses, include downloading and using Internet apps (44 percent) and using personal email accounts (43 percent). 42 percent say that downloading confidential data onto devices (USB or Bluetooth) is not acceptable in their organizations.
Over 4,600 IT and IT security practitioners in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, United Kingdom, and the United States were surveyed. With an average of 10 years’ experience in the field, 54 percent are supervisors (or above) and 42 percent are from organizations with more than 5,000 employees. This survey defines mobile devices as laptops, USB drives, smartphones, and tablets.