We talk a lot about the monetary losses of a network data breach, but where do mobile breaches fit into the equation? How much damage is inflicted by our mobile devices?
Quite a bit, according to new research from Lookout and Ponemon Institute. Mobile devices are an increasing cause of breaches into organizations, and this leads to millions of dollars in losses to the business.
The study found that more than 80 percent of IT and security professionals believe that the mobile devices connected to their networks are susceptible to being hacked and 70 percent believe that mobile devices acted as the gateway to successful breaches.
There may be a couple of reasons why mobile devices are gaining traction as a breach vector. One is that mobile malware is going undetected. The report found that, on average, 3 percent of employee mobile devices are infected with malware at any given moment. That doesn’t sound like a lot, but it only takes one infected device to cause a lot of internal corporate damage. Plus, only a quarter of these devices are ever investigated for malware.
Another reason coattails on the mobile malware problem: Organizations aren’t doing enough to keep up with mobile device risks within the workplace. Only a third of the IT and security professionals report being vigilant about the data stored and accessed on mobile devices, meaning that plenty of sensitive information is at risk.
Finally – and I admit this one surprised me – IT and security professionals severely underestimate how much their employees are actually relying on mobile devices. For instance, the study revealed that while the folks in the IT department believe that only 19 percent of their employees have some access to sensitive customer information, the actual number of employees is 43 percent. That is a huge discrepancy and it means that mobile devices aren’t being monitored as well as they should be. As Aaron Cockerill, VP of Products at Lookout, stated in a release:
Employees are dragging companies into the mobile era. In 2016 and beyond, enterprises need to focus on introducing mobile security measures that safely enable productivity on mobile devices, rather than stop people from working the way they want to.
However, not everyone agrees with the study or that mobile device security is so dire. Marc Spitler, senior manager, Verizon Security Research, told Dark Reading:
In short, we aren’t seeing 'mobile phone' as an asset in our breach data set. We know that malware exists that targets mobile devices, but it may be that individuals are being affected, as we are not seeing it as part of an organizational breach.
Whether or not mobile devices are responsible for data breaches today, odds are they will be in the not-so-distant future, and the time has come for IT and security professionals to review their mobile security policies and get a better handle on just who is accessing the data and how.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba