November 10, 2014
New report urges firms to protect against BYOD security breaches
According to a new report from BT, security breaches related to the practice of Bring Your Own Device (BYOD) and related forms of mobile working have affected 41 percent of UK organisations over the last year. Despite this, the report claims organisations are still not taking sufficient measures to protect themselves against threats such as lost or stolen devices and malware infections. The report reveals that at least one fifth of respondents’ organisations that suffered a mobile security breach, experienced more than four incidents in the last year. The research is based on a total of 640 interviews with IT decision makers from large sized organisations (1000 or more employees) across 11 regions: Australia, Brazil, France, Germany, Hong Kong, Middle East, Singapore, Spain, South Africa, UK and USA. Respondents’ organisations were from the financial, retail and public sectors. It shows that uptake of BYOD (Bring Your Own Device) and COPE (Corporately Owned Personally-Enabled) devices is very high, with 95 percent of UK organisations allowing employees to use these devices for work purposes.
However, just over a third (35 percent) of UK organisations actively had a BYOD policy. In this environment, device security is falling by the wayside: only 15 percent of respondents felt that their company had sufficient resources in place to prevent a mobile security breach. Surprisingly, nearly 10 percent still do not have password protection, and just over half (55 percent) report that their organisation has IT security training for all.
The report highlights that while 33 percent of personal or corporate owned mobile devices have full access to the internal networks or contain sensitive client information, a third of organisations (34 percent) do not have any kind of enforceable mobile security policy.
For those that do, the average length of time between reviewing mobile security measures in the UK is 10 months. The infrequency of this is cause for concern, as many IT decision makers believe that the rate of malware infections will be on the rise in the next three to five years. Security breaches, such as lost or stolen devices, malware infections such as viruses, spyware, and Trojan Horses, or the loss or theft of company or customer data, have had a major impact on business processes, including taking up valuable help desk time and other IT resources. They have reduced employee productivity, day to day activity and even customer experience, as well as causing reputational damage. Some have even resulted in hefty fines.
Mark Hughes, president of BT Security, said: “Today’s threat landscape shifts very quickly so it is important for organisations to start with security in mind, rather than add it as an afterthought. This will ensure that security processes develop with them, and not after them. This makes the task of being security-led much more straightforward.”
Staff attitudes remain the biggest threat to data security. The report reveals that 81 percent are not taking the security of devices seriously. However, delving further into this, it becomes clear that this attitude trickles down from the top: sixty-nine percent of UK IT decision makers do not believe their CEO takes security very seriously. This is concerning, as security programmes need to have complete top down buy-in in order to be successful, with everyone from the CEO right throughout the organisation taking part.
Mark Hughes said: “If CEOs are passionate about making security practices work, then these will inevitably become an intrinsic part of people’s lives. Problems usually arise when people don’t understand the risks and the impact that neglecting security could cause for the business, as well as for them personally. A security breach could cause a share price drop and reputational brand damage. This means that security is everyone’s job.”
According to another report, the issue is compounded by the fact that an astonishing 95 percent of IT and security professionals are struggling with the threat presented by BYOD and more than 80 percent expect the number of mobile security incidents their company suffers to grow in 2015. These are the findings of a report called ‘Impact of Mobile Devices on Information Security’ from security firm CheckPoint, based on interviews with more than 700 IT professionals in the US, UK, Australia, Canada and Germany.
The survey says professionals’ biggest fear is the insider threat, with 87 percent of respondents believing careless employees are their main problem. The cost of mobile security incidents is also rising: 42 percent of those surveyed said mobile security incidents cost their company more than £150,000. And Android is still seen as presenting the greatest security risks. It was seen as the riskiest platform by 64 percent this year, up from 49 percent in 2013.
Yet personal devices continue to proliferate on corporate networks, with 91 percent of IT professionals reporting an increase in the number of mobiles over the past two years.