Earlier this year, I wrote a blog post that stated that SMBs tend to have their head in the sand when it comes to BYOD security concerns. I referenced a study by Kaspersky Lab when I wrote:
Nearly a third of SMBs don’t see BYOD as being a potential danger. Even more alarming, the study revealed that 80 percent of SMBs had no interest in learning how to best manage security on mobile devices.
I am reflecting on that post because a new study from Lookout and IDG Research found that mobile devices are becoming a favorite target for hackers and other cybercriminals. True, not every mobile device used in the workplace is BYOD, but a lot of them are. If leadership isn’t doing enough to manage security on mobile devices used in the workplace, no matter who owns or controls them, they are walking right into a den of cybersecurity threats.
According to IDG, 74 percent of organizations have experienced a data breach due to a mobile device security issue. Virtually everyone surveyed (95 percent) admitted that data on and/or accessed by mobile devices brings increased risk of a data breach, and eight out of 10 said their corporate data could be accessed on a mobile device.
Why is this such a big deal? Information is what the bad guys want and more often they are going directly after the data. The problem for security leaders, however, is the difficulty in detecting threats on mobile devices. As TechWeek Europe reported, having visibility into mobile apps would be helpful:
Most of the survey’s respondents said they were concerned about their inability to detect such threats, with 73 percent, for instance, saying they were ‘extremely or very concerned’ about their inability to detect apps containing malware.
Mobile data security, like all security efforts, needs to be everyone’s responsibility. This is especially so in the BYOD environment. As Wayne Rash pointed out at eWeek, security on mobile devices has to go beyond the device owner and the IT department; it has to be a multi-faceted, cooperative defense:
[C]arriers still have to deal with platforms that aren't secure and can't be made secure, and thus open themselves to problems caused by their users, even if they had nothing to do with them. … That illustrates the new interdependence between carriers, infrastructure providers and customers. There is no single place where security resides.
Companies must realize that it’s better to make mobile security a higher priority before the attack, but that’s assuming they haven’t already fallen victim to a breach.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba