With more and more employees getting work done on the go, mobile devices are quickly becoming a huge security risk for companies, new research shows.
A study done by the Ponemon Institute, a security research center, as well as Lumension, a provider of end-point management and security showed that 75% of IT security professionals say that mobile devices will be the biggest threat companies’ security in 2014, up from just 9% of security professionals who said the same in 2010. Additionally, 68% of the respondents said that their mobile devices have been targeted by malware within the last 12 months.
Larry Ponemon, who is the chairman and founder of the Ponemon Institute, says that he has seen the threat landscape fundamentally change over the last five years.
“Trending data shows increasing concern, year over year, over the explosion of mobile devices on the network,” Ponemon said. “It’s now IT’s greatest risk.”
Despite the findings of the study, nearly half of the IT security professionals surveyed do not manage mobile devices that are company owned.
While mobile devices may pose the biggest risk, they aren’t the only security threat that organizations are facing. The study found that advanced persistent threats (APTs) that occur when a cybercriminal gains accesses a company’s network in an attempt to steal data or cause damage, are too becoming a concern for IT professionals. This year, 39% of those surveyed said APTs, also known as targeted attacks, are one of the risks they’re most worried about, up 55% in 2009.
Overall, 40% of IT security professionals have reported that they have been victims of a targeted attach with the last year. Among those attacks, spear phishing emails sent to employees were identified as the No. 1 attack entry point.
The volume of malware also continues to be an escalating problem. The research has found that 41% of IT professionals have said they have experienced more than 50 malware attacks per month, which is up from three years ago. In addition, nearly 70% have also said that malware attacks are contributing significantly to rising operating costs.
C. Edward Brice, senior vice president of worldwide marketing for Lumension, says that as the end-point environment evolves, IT security strategy must also evolve as well. He said rubber-stamping the security portfolio of years past shouldn’t be an option, given how fluid organizations’ data have become.
“Security technologies should be reviewed for this emerging threat landscape,” Brice said. “User education is also critical.”
The study was based on surveys of 676 IT and IT security practitioners with involvement in end-point security.
Have something to add to this story? Share it in the comments.
Image: Flickr, Jhaymesisvi Photography