After application vulnerabilities, information security professionals are most concerned by the threats posed by mobile devices, a survey has revealed.
The 2011 (ISC)2 Global Information Security Workforce Study, carried out by researchers Frost & Sullivan, found that while 73 percent of respondents rated application vulnerabilities as a top threat to their organisation, 66 percent believed that mobile devices represented the second greatest risk.
“Technologies like the Apple iPad have exacerbated people’s concerns about mobile computing,” said John Colley, managing director for EMEA at (ISC)2.
“It [tablet devices] is also very popular with senior executives and it is very difficult for security people to say to them ‘we don’t like that’.”
Yet despite the concerns about mobile devices, a third of respondents in EMEA said they did not having a formal policy for unmanaged mobile devices.
Information security professionals, have, however, deployed a wide range of technologies to protect mobile devices. The most popular choices were encryption (71 percent), network access control (59 percent), mobile virtual private networks (VPNs, 52 percent), mobile device management (43 percent) and remote lock and wipe functionality (42 percent).
In addition, the survey found that many information security professionals might not be doing enough to manage the threats associated with social media, despite sites being widely used by the business.
Only 39 percent of respondents in EMEA set and enforce policy around the use of social media sites, although 57 percent do control access through content filtering and website blocking technology. However, 31 percent said they had no restrictions on the use of social media.
Colley admitted that it was a difficult area for information security workers.
“A lot of organisations use social media sites like Facebook, Youtube and Twitter as marketing tools, but information security professionals try to restrict it.
“It is difficult because if you want the brightest and best staff, they will be using social media,” he said.
A total 10,413 information security professionals from companies and public sector organisations from around the world answered the online survey. Members, as well as non-members, of the (ISC)2 certification body, were included.