The new report, The Impact of Mobile Devices on Information Security, shows that 67% of firms allow personal mobile devices to connect to their networks. 88% of devices were used for corporate email, 53% had customer data stored on them, 49% had corporate data in business apps, and 48% had network logins stored.
Despite this, 63% organisations said they do not attempt to manage corporate information on employee-owned devices, and just 23% use mobile management tools or a secure container on the device. 66% of respondents said they felt that careless employees posed a greater risk than cybercriminals.
Based on a survey of nearly 800 IT professionals in the UK, US, Canada, Germany and Japan, other key findings of the report include:
- Surge in personal mobile devices connecting to the corporate network – 96% of respondents say the number of personal devices connecting to their corporate networks is growing, and 45% have more than five times as many personal mobile devices as they had two years ago.
- Mobile security incidents common and costly for large & small firms – 52% of large businesses report mobile security incidents have cost more than $500,000 in the past year, in staff time, legal fees, fines and remediation. Even for 45% of firms with under 1000 staff, mobile security incidents exceeded $100,000 in the past year.
- Corporate information not managed on mobile devices – 63% of businesses do not manage corporate information on personal devices, and 93% face challenges adopting BYOD policies.
- Android has the greatest perceived security risks – Android was cited by 49% of businesses as the platform with greatest perceived security risk (up from 30% last year), compared to Apple, Windows Mobile, and Blackberry
- Lost data is the biggest concern in mobile security incidents – 94% of respondents said lost information was their biggest concern in a mobile security incident; just 10% expressed concern over a compliance violation or fine.
"Without question, the explosion of BYOD, mobile apps, and cloud services, has created a herculean task to protect corporate information for businesses both large and small," said Tomer Teller, security evangelist and researcher at Check Point Software Technologies. "An effective mobile security strategy will focus on protecting corporate information on the multitude of devices and implementing proper secure access controls to information and applications on the go. Equally important is educating employees about best practices as majority of businesses are more concerned with careless employees than cybercriminals."
The report by Dimensional Research surveyed almost 800 IT professionals in the United States, Canada, United Kingdom, Germany, and Japan. This is the second survey on this topic, and the report evaluates differences in responses to similar questions asked one year ago. The goal of the survey was to gather data to quantify the impact of mobile devices on corporate information security.