Mobile security breaches have affected 68 percent of organizations in the last 12 months, according to a new global study from BT. Despite this, organizations are still not taking sufficient security measures to protect themselves against mobile threats.
Around half of respondents' organizations who had suffered a mobile security breach, experienced more than four incidents in the last year. The research explores the attitudes of IT decision makers towards security within their organizations.
It shows that uptake of BYOD (Bring Your Own Device) and COPE (Corporately Owned Personally-Enabled) devices is very high, with 93 percent of organizations allowing employees to use these devices for work purposes. However, only four in 10 organizations surveyed actively have a BYOD policy.
The report highlights that while 33 percent of personal or corporate owned mobile devices have full access to the internal networks or contain sensitive client information, a third of organizations do not have any kind of enforceable mobile security policy. For those that do, the average length of time between reviewing mobile security measures is nine months. The infrequency of this is cause for concern, as many IT decision makers believe that the rate of malware infections will be on the rise in the next three to five years.
Security breaches, such as lost or stolen devices, malware infections such as viruses, spyware, and Trojan Horses, or the loss or theft of company or customer data, have had a major impact on business processes, including taking up valuable help desk time and other IT resources. They have reduced employee productivity, day to day activity and even customer experience, as well as causing reputational damage. Some have even resulted in hefty fines.
Staff attitudes remain the biggest threat to data security. The report reveals that 74 percent are not taking the security of devices seriously. However, delving further into this, it becomes clear that this attitude trickles down from the top: sixty-nine percent of IT decision makers do not believe their CEO takes security very seriously.
This is concerning, as security programs need to have complete top down buy-in in order to be successful, with everyone from the CEO right throughout the organization taking part. For comparison, earlier Gartner said that about 40% of the employees of large companies use their own smartphones, laptops or desktops for business purposes.
Mark Hughes said: "If CEOs are passionate about making security practices work, then these will inevitably become an intrinsic part of people's lives. Problems usually arise when people don't understand the risks and the impact that neglecting security could cause for the business, as well as for them personally. A security breach could cause a share price drop and reputational brand damage. This means that security is everyone's job."
