90% of firms plan to increase investments in mobile security over next 12 months

IDG Research Services, in a survey of 100 IT leaders and IT security executives, revealed that roughly two-thirds of organizations have a mobility programme in place: a bring-your-own-device (BYOD), a corporate-owned personally-enabled (COPE) environment, or a mix of these two common approaches.

In addition, 82 percent of respondents report that the majority of their corporate data is accessible to users via mobile devices.

A whopping 95 percent of the IDG respondents say a rise in data on or accessed by mobile devices increases the risk of a security breach. Those with a company size greater than 10,000 employees are more likely to say their organisations are significantly more at risk. The same can be said for those with 100 percent of their data accessible to users via mobile devices. In other words, the greater the volume of employees and access to data, the greater the worry.

Most surprisingly, 74 percent of respondents report their organisations have experienced a data breach as a result of a mobile security issue. These data breaches have been caused by the following: mobile apps containing malware, apps that contained security vulnerabilities, and unsecured Wi-Fi connections.

As a result, survey respondents are understandably concerned about apps containing malware (73 percent

are extremely/very concerned) and apps that access or transmit sensitive data (66 percent are extremely/very

concerned).

Data breaches can have wide-reaching, damaging effects, and unfortunately, too many organizations are finding this out only after suffering an attack.

While it is unlikely that a worker is storing millions of customer records on a tablet or smartphone, the probability of an embargoed copy of next quarter’s financial results being on an executive’s tablet is significantly higher. At the same time, mobile devices are rapidly becoming productivity tools while serving as access points to large amounts of enterprise data primarily through cloud services, which may or may not have IT’s blessing. And, as a result, the likelihood that serious mobile breaches are occurring continues to increase, even if these lapses fail to make headline news, the study highlighted.

IT leaders need to take action to close the security gap and gain the necessary visibility into the risks facing

mobile device use. Fortunately, the vast majority of respondents’ organisations (90 percent) are making it a

priority to increase their investments in mobile security over the next 12 months.

“A move toward beefing up mobile security is crucial. After all, mobile apps represent significant risks to today’s highly mobile organisations. This is true whether an organisation leverages Android or iOS devices – almost an even split according to survey results.”

Bottom line

“Progressive organisations are now recognising the need to invest more in securing this growing attack surface. The reason it’s important to address this issue is quite simple: many IT departments, especially within larger organisations, are using these mobile devices to be more productive and efficient. As such, mobile devices should have the same focus from a security standpoint as a desktop computer. And yet, according to a recent Ponemon Institute report, most enterprises have not historically spent anywhere near the amount of money or resources to secure the mobile environment as they should. If a company is embracing BYOD or simply allowing these devices to be used as personal devices inside the corporate network, they should view them as though they are laptops with permanent connectivity on a network outside of enterprise control. After all, these devices are connected by a cellular network.”