By Allie Philpin
It’s 10 years since we experienced Cabir; a worm that infected Symbian-based devices and spread via Bluetooth as a .sis package. Since then, mobile devices and security seem to have run wild as incidents of mobile malware are significantly on the increase. And it seems, says a survey about enterprise security carried out by InformationWeek last year, many security professionals are still in the dark about what devices – mobile, laptops, tablets, etc. – have access to their networks.
InformationWeek’s 2013 Mobile Security Survey revealed that the principal worry among IT security professionals, 78% of 424 survey participants, is stolen or lost devices, irrespective of the device being provided by the company of a personal device that holds corporate data. 36% of respondents said that corporate information being stored in the cloud was of great concern, too; in fact, it is the second highest concern.
As the concerns about mobile security rise, around 46% of security professionals are now working on mobile device management, developing policies and security protocols such as power-on passwords for mobile devices that are used to access enterprise content. But many, 42% of respondents, admit that they don’t have any malware scanning software installed, whilst just 39% state they have software for mobile device management in place.
The survey revealed further key findings:
• Encouragingly, 53% of survey respondents have to enter a password length that is more than 4 characters in length.
• 45% say that they allow any mobile device to access the corporate network as long as the user has agreed to the organisation’s corporate policies… but it isn’t enforced!
• 22% of security professionals admit they are worried about mobile devices being rooted or jail-broken by users.
• Whilst just 7% (thankfully!) of respondents say that they do not have any password-strength policy in place.
These statistics are extremely worrying, when you consider that in the past 12 months, 11% of respondents have experienced a data loss that required public disclosure, and even more alarming is the fact that 45% of mobile devices that hold enterprise data have been missing in the same timeframe! There are also organisations, 28% according to the survey, that don’t adhere to any regulations, such as HIPAA, PCI-DSS, SOX or any state-level disclosure laws, yet many do. And the number one excuse for not managing mobile device security? Well, there’s two actually… one is a lack of skills, and the other is financial with 16% of respondents citing costs. But at the end of day, can organisations really afford not to ensure their corporate data on mobile devices is secure? Not really…