PHOTO - John Ong - Check Point's regional director of South Asia.
Seventy-one (71) percent of businesses admit that mobile devices have increased security incidents, according to a new survey by Internet security firm Check Point Software Technologies.
Speaking on 12 April 2012, Check Point Software Technologies regional director, South Asia, John Ong said the new report also showed that the number of personal mobile devices connecting to the corporate network has more than doubled in the past two years - with nearly half of devices storing sensitive data.
"The report, The Impact of Mobile Devices on Information Security, shows 71 percent of businesses believe mobile devices have caused an increase in security incidents, citing significant concerns about the loss and privacy of sensitive information stored on employee devices, including corporate e-mail (79 percent), customer data (47 percent) and network login credentials (38 percent)," said Ong.
He said that smartphones and tablet PCs continued to proliferate in corporate environments, and presented significant business benefits such as increased work efficiency and easy access to resources. "While businesses are steadily accepting this trend, IT administrators struggle with securing the abundance of devices and operating systems, while also protecting their organisation against data loss and the rise in mobile threats."
"The consumerisation of IT is among the top concerns for CIOs this coming year and we wanted to assess from IT administrators the current security challenges they face when it comes to mobile computing," said Check Point Software Technologies head of global marketing, Juliette Sultan. "The explosion of mobile devices connecting to the corporate network often creates greater opportunities for data loss and increased security management complexity. We anticipate this trend will continue to rise in 2012, encouraging enterprises to enforce the proper remote access policies to minimise the frequency, risk and costs associated with securing the mobile enterprise."
The study, The Impact of Mobile Devices on Information Security, surveyed more than 750 IT and security professionals located in the U.S., Canada, U.K., Germany and Japan. The survey sample represents organisations of all sizes and across multiple industries, including financial, industrial, defence, retail, healthcare and education.
Lack of security awareness is greatest factor
Ong said that about 94 percent of businesses surveyed have an increased number of personal mobile devices connecting to the corporate network, with 78 percent of respondents seeing the number of devices more than double in the last two years.
"The report's findings included a listing of the most common mobile devices and their security risks - Apple (30 percent) and BlackBerry (29 percent) were the most common types of mobile devices connecting to corporate networks, followed by Android (21 percent)," he said. "Nearly half of respondents (43 percent) also believe Android devices pose a larger security risk to the mobile enterprise."
"In addition, employee behaviour impacts security of mobile data," said Ong. "The majority of businesses believe the lack of security awareness among employees as the greatest factor impacting mobile data - followed by mobile Web browsing (61 percent), insecure wi-fi connectivity (59 percent), lost or stolen devices (58 percent) and malicious mobile application downloads (57 percent)."
"Also, the correlation between rise in mobile devices and security incidents was noted," he said. "About 71 percent of businesses believe smartphones and tablet PCs have contributed to an increase in number of security events in their organisations within the past two years."
Ong said: "Personal and corporate owned devices often store and access a variety of sensitive information including e-mail (79 percent), customer data (47 percent) and login credentials (38 percent) for internal databases or business applications."
"A good mobile security strategy will focus on educating employees about mobile security policies, while simplifying management and enforcing the proper secure access controls to protect data on-the-go," said Check Point Software Technologies' Sultan.
Sign up for Computerworld eNewsletters.