More than one in five respondents to a new survey on enterprise mobile security report that their organizations have suffered a mobile security breach, with most being traced to malware and malicious Wi-Fi networks.
The online survey of nearly 900 cybersecurity professionals belonging to LinkedIn’s 300,000-member Information Security Community was conducted by Crowd Research Partners on behalf of several data security vendors.
While 21% of respondents said mobile devices have been involved in security breaches in their organizations at some point, 42% said they haven’t. Another 37% said they weren’t sure.
Nearly four in 10 respondents (39%) said their enterprises’ BYOD or corporate-issued mobile devices have “downloaded malware in the past,” while 35% said they weren’t sure. And while 24% of respondents said their enterprise mobile devices have connected to malicious Wi-Fi in the past, nearly half (48%) simply didn’t know.
That’s an awful lot of not being sure for such an important topic. As the survey notes, “These findings indicate a lack of or ineffective monitoring of BYOD and corporate-owned devices in the workplace.”
They sure do, and failure to stay on top of mobile threats is an invitation for disaster. Yet only one in three survey respondents (34%) say they always wipe the mobile devices of departing employees, while 14% said they never do and 23% (here we go again) weren’t sure how frequently they wiped data from employees leaving the enterprise. This, even as 72% of respondents cite data loss/leakage as their main BYOD-related security concerns. All of which makes absolutely no sense, respondents!
One possible reason for this failure to meet concerns about mobile security with actions designed to minimize security problems is lack of IT resources. More than one in three respondents (35%) said the impact of mobile threats has caused them to add more IT resources to manage security. But some enterprises simply may not have — or may be unwilling to allocate — enough resources to effectively manage mobile security. So they look the other way, hope for the best, and respond that they “aren’t sure” to mobile security surveys — none of which exactly qualifies as mobile security best practices.
Does your enterprise have a well-designed mobile security strategy? If not, what’s up with that?