Infographic: Mobile Security Run Amok
2014 marks the 10th anniversary of the world's first mobile malware, Cabir. In the decade since, the incidents of mobile malware have increased dramatically. Yet, according to InformationWeek's 2013 enterprise security survey, the majority of security pros still don't have a clue about what devices are accessing their networks.
Where is your organization in the battle over mobile device management and security? Check out the graphical depiction of the research below, then let's chat in the comments about the challenges you face.
Comment |
Print |
More Insights
Comments
Newest First | Oldest First | Threaded View
Re: No Clue? The 45 percent-- encryption
The data point about encryption is kind of misleading. If 13 percent of respondents say they don't enforce encryption on mobile devices, that means 87 percent do. That seems to me like a pretty good statistic.
Re: No Clue? The 45 percent
The encryption portion of this is the most astounding part to me ... We've had encryption for email for how long, but it seems too alien a process when the device is in the palm of our hand. Easy encryption on mobile devices lets people use their devices (that they're using anyway) and keeps IT managers from stabbing themselves in the eyes.
Re: dirty words
Paul -- Why do you think MDM is so underutilized? Cost, effectiveness, technology issues, users?
dirty words
MDM seems to be dirty words to IT. Mobile devices have been around for some time now and security is still a big issue. Companies adopt BYOD in some form but have no means to manage it correctly.
Re: Mobility fallout -- encryption
If 13 percent don't enforce encryption on mobile devices using my massive abilities in arithmetic, that means 87 percent of enterprises do enforce encryption. I guess that puts you in the majority, Li.
Re: Mobility fallout -- encryption
Marilyn, this is not a suprise to me. People are eager to get email access, etc. working on their mobile device. As long as it works, they will not bother to enforce the security rules. I think the best approach for the enterprise would be configuring the system so that no unencrypted/unprotected access is allowed.
Mobility fallout -- encryption
Anyone surprised that 13 percent of respondents don't enforce encryption on mobile devices that contain enterprise data?
Re: No Clue? The 45 percent
Hi Marilyn - Definitely a combination - What I personally consider key is having the management flexibility in the tools and tech to not only ensure a policy is enforced, but actually deliver the flexibility needed to guide its development -- especially if policies start off too rigid/control-centric and are being ignored.
Re: No Clue? The 45 percent
Thanks, PeterJW. What are the "techniques you've seen that are effective in controlling BYOD. Are you speaking of policies or technologies or a combination of the two.
Re: No Clue? The 45 percent
"The installation process is rather tedious and time-consuming. Furthermore, I do doubt its effectiveness."
That's a killer assessment, especially from someone who is tech-savvy and not your typical end-user/employee. If a tough, unenforceable BYOD policy turns off even the "believers," then mobile security has truly run amok. There must be a better way.
That's a killer assessment, especially from someone who is tech-savvy and not your typical end-user/employee. If a tough, unenforceable BYOD policy turns off even the "believers," then mobile security has truly run amok. There must be a better way.
White Papers
Flash Poll
Current Issue
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
4 Comments
Slideshows
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
From DHS/US-CERT's National Vulnerability Database
CVE-2012-6651
Published: 2014-07-31
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.
CVE-2014-2970Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_headers.php or (2) minify.php.
Published: 2014-07-31
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...
CVE-2014-3488** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5139. Reason: This candidate is a duplicate of CVE-2014-5139, and has also been used to refer to an unrelated topic that is currently outside the scope of CVE. This unrelated topic is a LibreSSL code change adding functionality ...
Published: 2014-07-31
The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
CVE-2014-3554The SslHandler in Netty before 3.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
Published: 2014-07-31
Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.
CVE-2014-5171Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp allows remote routers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DNS Search List (DNSSL) in an IPv6 router advertisement.
Published: 2014-07-31
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and other sensitive information by sniffing the network.
General Availability for Enhanced Mitigation Experience Toolkit (EMET) 5.0Zero-Day Vulnerabilities Found in Symantec Endpoint ProtectionHackers "Join" World Cup 2014 Matches on the WebSerious security issues affect 14 of 17 major antivirus enginesHackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System
Archived Dark Reading Radio
Join us as security researcher Zach Lanier provides a peek at the surprising weaknesses in DLP
- Featured UBM Tech Sites
- InformationWeek |
- Network Computing |
- Dr. Dobbs |
- Dark Reading
- Our Markets:
- Business Technology |
- Electronics |
- Game & App Development
- Working With Us:
- Advertising Contacts |
- Event Calendar |
- Tech Marketing Solutions |
- Corporate Site |
- Contact Us / Feedback
Tweet This