Employers are enjoying the benefits of mobile devices but IT security professionals are concerned about the security risk that that comes from the use of Smartphones and tablets. The more devices that are allowed to connect to company networks, the higher the risk, but are mobile device data breaches actually occurring?
There is widespread concern that the devices pose a major security risk, but little data on the extent to which mobile data breaches occur. A new survey sheds some light on just how frequently mobile devices are implicated in data breaches.
Six data security firms* sponsored a survey conducted by Crowd Research Partners which set out to shed some light on the matter. 882 IT security professionals from a wide range of industries were asked a number of questions relating to mobile security and data breaches experienced at their organizations.
More than a Fifth of Companies Have Suffered Mobile Device Data Breaches
The results show that 21% of companies have experienced a mobile device data breaches at some point in the past that affected either devices supplied by their company or used by employees under BYOD policies. However, a further 37% of respondents could not say whether mobile device data breaches had actually occurred, indicating many are at risk of data theft or loss, but would not be able to determine if a data breach had in fact occurred.
Malicious Wi-Fi networks continue to be a problem. 24% of respondents said that BYOD or corporate-supplied devices have connected to malicious Wi-Fi networks at some point in the past. Many companies cannot say whether this has actually happened. Almost half of respondents (48%) could not say with any degree of certainty whether their employees had connected to malicious Wi-Fi networks.
Cybercriminals are developing malware at an alarming rate and mobile devices are now being targeted by many cybercriminal gangs. While the majority of threats affect Android phones, iPhone users are also being targeted. A number of new iOS malware have been discovered in the past year.
Mobile malware is a major problem for businesses. 39% of respondents said users of their networks had, at some point in the past, downloaded malware onto their devices. 35% of respondents were unaware whether this had happened. This suggests more than a third of companies are not monitoring the mobile devices that are allow to connect to corporate networks.
Respondents were asked what measures they were using to protect the mobile devices they allowed to connect to their networks. Only 63% of respondents said they used password protection to keep the devices secure. 49% said they had implemented solutions that enable them to remotely wipe devices that are lost, stolen, or reach the end of their life. 43% use encryption for sensitive data and only 38% said they have policies covering data removal at employee separation or device disposal.
34% said that when an employee leaves their organization ensures data is wiped from mobile devices 100% of the time. 13% said this occurred more than half of the time, and 16% said this happened less than half of the time. Most alarmingly, 23% were unaware if they wiped devices and 14% said they never wipe data from employees’ devices when they leave the company.
43% reported using mobile device management (MDM), 28% used endpoint security tools such as anti-malware programs, and 27% used network access controls.
Many IT security professionals are worried about the risk posed by mobile devices and are concerned about mobile device data breaches. The survey results show there is good reason for them to be concerned. Many companies are failing to implement policies and procedures to effectively manage mobile device security risks.
*The online survey was sponsored by Bitglass, Blancco Technology Group, Check Point Technologies, Skycure, SnoopWall and Tenable Network Security. The survey was conducted on members of the LinkedIn Information Security Community.