An explosion of personal mobile devices on corporate networks is creating new security headaches for business, according to a survey of IT professionals by a network security vendor.
Many of these devices are carrying a wide range of business and customer information, according to the report, released this week by Check Point Software Technologies. The results found that 71 per cent of companies say mobile devices have "contributed to increased security incidents" and many of the security problems are traced to employee carelessness or ignorance.
SECURITY MINEFIELD: 'Bring your own device' will bedevil IT security in 2012
The report, The Impact of Mobile Devices on Information Security, surveyed 768 IT professionals of various ranks in the U.S., Canada, U.K., Germany and Japan, from a range of company sizes and industries. The full report is available in a PDF file.
Among the findings:
- About 94 per cent of respondents report a rise in personal mobile devices connecting to the corporate network; 78 per cent of respondents say the number has more than doubled in the last two years; 65 per cent allow personal devices to connect to corporate networks.
- 30 per cent say Apple iOS is the most used platform on their network, with BlackBerry OS just behind at 29 per cent; Android ranks third, at 21 per cent; but 43 per cent of respondents say Android devices pose the greatest security risk; 36 per cent say Apple iOS; 22 per cent fingered BlackBerry OS.
- Employee behaviors are a key part of the security problem: 47 per cent say customer data is stored on mobile devices; 72 per cent say careless employees are a greater security threat than hackers; and "lack of employee awareness" of corporate security policies ranked as having the greatest impact on mobile data security.
About two-thirds of respondents say they've seen an increase in security incidents in the past two years, and 71 per cent of these say mobile devices are a "contributing factor" to the rise. But the increase varies: 35 per cent say the number of security threats increased 1 per cent-25 per cent; 19 per cent say the increase was 25 per cent-50 per cent; 10 per cent say it surged by more than 50 per cent. One-third of respondents say they've seen no increase in threats.
The respondents were asked to "rank the impact" of a list of factors on mobile data security. The following shows what percentage of respondents chose each factor:
- 1. lack of employee awareness - 62 per cent
- 2. insecure Web browsing - 61 per cent
- 3. insecure Wi-Fi connectivity - 59 per cent
- 4. lost or stolen mobile devices with corporate data - 58 per cent
- 5. corrupt applications downloaded to mobile devices - 57 per cent
- 6. lack of security patches from service providers - 53 per cent
- 7. high rate of users changing or upgrading their mobile devices - 48 per cent
These numbers are troubling, in part because the survey found a wide range of corporate data is stored on these devices. Almost 80 per cent of respondents say corporate email is stored on them; 65 per cent say business contacts. But 47 per cent say customer data, 38 per cent say network login credentials, and 32 per cent say corporate data via business applications also turn up.
John Cox covers wireless networking and mobile computing for Network World. Twitter: http://twitter.com/johnwcoxnww Email: firstname.lastname@example.org Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.