An explosion of personal mobile devices on corporate networks is creating new security headaches for the enterprise, according to a survey of IT professionals by a network security vendor.
Many of these devices are carrying a wide range of business and customer information, according to the report, released this week by Check Point Software Technologies. The results found that 71% of companies say mobile devices have "contributed to increased security incidents" and many of the security problems are traced to employee carelessness or ignorance.
The report, The Impact of Mobile Devices on Information Security, surveyed 768 IT professionals of various ranks in the UK, US, Canada, Germany and Japan, from a range of company sizes and industries. The full report is available in a PDF file.
Among the findings it was found that:
- About 94% of respondents report a rise in personal mobile devices connecting to the corporate network; 78% of respondents say the number has more than doubled in the last two years; 65% allow personal devices to connect to corporate networks.
- 30% say Apple iOS is the most used platform on their network, with BlackBerry OS just behind at 29%; Android ranks third, at 21%; but 43% of respondents say Android devices pose the greatest security risk; 36% say Apple iOS; 22% fingered BlackBerry OS.
- Employee behaviours are a key part of the security problem: 47% say customer data is stored on mobile devices; 72% say careless employees are a greater security threat than hackers; and "lack of employee awareness" of corporate security policies ranked as having the greatest impact on mobile data security.
About two-thirds of respondents say they've seen an increase in security incidents in the past two years, and 71% of these say mobile devices are a "contributing factor" to the rise. But the increase varies: 35% say the number of security threats increased 1%-25%; 19% say the increase was 25%-50%; 10% say it surged by more than 50%. One-third of respondents say they've seen no increase in threats.
The respondents were also asked to "rank the impact" of a list of factors on mobile data security. The following shows what percentage of respondents chose each factor:
1. lack of employee awareness 62%
2. insecure Web browsing 61%
3. insecure Wi-Fi connectivity 59%
4. lost or stolen mobile devices with corporate data 58%
5. corrupt applications downloaded to mobile devices 57%
6. lack of security patches from service providers 53%
7. high rate of users changing or upgrading their mobile devices 48%
These numbers are troubling, in part because the survey found a wide range of corporate data is stored on these devices. Almost 80% of respondents say corporate email is stored on them; 65% say business contacts. But 47% say customer data, 38% say network login credentials, and 32% say corporate data via business applications also turn up.