I think the thing that has surprised me the most during my years as a security writer is the number of people who shrug off the need to understand cybersecurity threats in order to protect their business and personal interests. Just the other day, for example, I saw a Facebook comment written by an IT professional that argued that insider threats are a myth and that this person didn’t see the need to worry about better security education or even question the idea that a major breach may have involved inside players.
I hope this person’s attitude is an anomaly, especially as we see that virtually every breach seems to have some insider component to it. But what isn’t an anomaly is the overall attitude that unless the problem happened already, there is no reason to worry – or as my husband calls it, the ostrich syndrome: It’s easier to bury your head in the sand rather than face the reality. And that’s a serious security problem, no matter where the threat is.
A new study from Kaspersky Lab shows the ostrich syndrome is happening among small business owners and the use of mobile devices, particularly BYOD. Nearly a third of SMBs don’t see BYOD as being a potential danger. Even more alarming, the study revealed that 80 percent of SMBs had no interest in learning how to best manage security on mobile devices.
As Konstantin Voronkov, head of Endpoint Product Management with Kaspersky Lab, said in a release, it is rare to find a business person who doesn’t use at least one personally owned mobile device for business purposes. In fact, the study found that 92 percent of employees have at least some sensitive corporate data stored on BYOD, which is why business owners and IT departments should heed Voronkov’s statement:
The loss of important corporate data via personal devices is a common occurrence, and a negligent attitude towards the security of mobile devices could pose a serious risk to a company’s business.
Perhaps part of the problem is that no one seems sure about who is in charge of security. Even when there are set security policies, employees and owners seem to point fingers at someone else, absolving themselves from security responsibilities while blaming another party. The Kaspersky study found that 60 percent of BYOD users expect their employers to cover security issues. Even that Absolute Software study I wrote about earlier this week found that respondents were mixed over who has responsibility for security within the company and for mobile devices. I can’t help but wonder if part of the problem is that the language of who takes charge of mobile security is so vague – or not there at all – so it creates a false sense of security. Are SMBs unconcerned about BYOD security because they assume the device owners are handling things, while the device owners think the company has their back?
As my IT Business Edge colleague Kim Mays pointed out, SMBs do recognize that mobile devices are now a mainstay in their workplaces and are adopting mobile solutions. They recognize that mobile devices and BYOD aren’t going anywhere. Now it is time to address the ostrich syndrome and pull the heads out of the sand when it comes to better security policies and risk management solutions.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba