March 7, 2012 – The stakes are being raised on the game of mobile security cat and mouse, according to new research released by Ponemon Institute and Websense Inc., a provider of unified web security, email security, mobile security, and data loss prevention solutions.

According to the "Global Study on Mobility Risks" study, employees using corporate mobile devices and bring-your-own-devices (BYOD) are rapidly circumventing enterprise security and policies.

The research shows that companies are often unaware of how and what data is leaving their networks through non-secure mobile devices. Further, traditional static security solutions such as antivirus (AV), firewalls, and passwords are not effective at stopping advanced malware and data theft threats from malicious or negligent insiders.

Conducted by the Ponemon Institute and sponsored by content security provider Websense, Inc, the survey targeted more than 4,600 IT and IT security practitioners in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, United Kingdom, and the United States. Of the total surveyed, 17 percent represented financial services, which includes insurance, banking, investment management, brokerage, payments, and credit cards.

With an average of 10 years' experience in the field, 54 percent of the respondents are supervisors (or above) and 42 percent are from organizations with more than 5,000 employees. This survey defines mobile devices as laptops, USB drives, smartphones, and tablets.

"We asked thousands of IT security professionals and mobile devices were overwhelmingly important to business objectives," said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. "However, mobile devices put organizations at risk—risks that they do not have the necessary security controls and enforceable policies to address. It's also clear that employees are deliberately disabling security controls, which is a serious concern."

More than 77 percent of those queried agree that the use of mobile devices in the workplace is important to achieving business objectives, yet 76 percent also believe that these devices put their organizations at risk—and most important, only 39 percent report having the necessary security controls to address the risk, and only 45 percent have enforceable policies.

"This survey shows that organizations need a safe way to manage their mobile devices," said Tom Clare, senior director of Product Marketing Management at Websense.

According to a Ponemon Institute survey conducted in June 2011, "Perceptions about Network Security," IT respondents said 63 percent of breaches occurred as a result of mobile devices. And only 28 percent said employee desktop computers were the cause.

"IT has spent years working on desktop security and trying to prevent data loss over web and email channels—but mobile devices are radically changing the game," said Clare. "Tablets and iOS devices are replacing corporate laptops as employees bring-their-own-devices to work and access corporate information. These devices open the door to unprecedented loss of sensitive data. IT needs to be concerned about the data that mobile devices access and not the device itself."

Among other key findings of the report, 59 percent of respondents say that employees circumvent or disengage security features, such as passwords and key locks, on corporate and personal mobile devices.

Further, during the past 12 months, 51 percent of the organizations in the study experienced data loss resulting from employee use of insecure mobile devices, including laptops, smartphones, USB devices and tablets.

A full 65 percent of respondents reported being most concerned with employees taking photos or videos in the workplace, which Ponemon attributes to probable fears about the theft or exposure of confidential information. Other unacceptable uses include downloading and using internet apps (44 percent) and using personal email accounts (43 percent). Forty-two percent say that downloading confidential data onto devices (USB or Bluetooth) is not acceptable in their organizations.

This story originally appeared at Insurance Networking News.

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access