Comscore reported that half of all digital time was spent on smartphone apps, and that a total of 68 percent of time was spent on a mobile device. So it’s hard to not to see how mobile security is fast becoming a security problem for companies and organisations.
BYOD, bring your own device, has become so widely accepted. ZK research recorded that 82 percent of businesses now have some kind of BYOD in place. It should be stated though that it is not so much these BYOD plans that are putting organisations in vulnerable situations, but rather the fact that these devices are predominantly mobile and can be connected from virtually anywhere. Company owned mobile devices are of course easier to keep in compliance with corporate policy, but ultimately, both individually owned and company-owned mobile devices are putting organisations at risk.
The Check Point survey found that in organisations where more than 2,000 devices are connected to the network, there’s a 50 percent chance that at least six of those devices are infected. In the 2016 Endpoint Security Survey released by the SANS Institute on behalf of IBM, almost half (44%) of respondents stated that one or more endpoints had been breached in the previous 24 months, creating a mobile security incident within the organisation. Astonishingly, as much as 45 percent of data is stored on the endpoint, usually not even slightly protected by the most basic security policies.
In terms of mobile devices and confidential information, data is vulnerable in a number of different ways: email phishing, malicious attacks, unsecured apps, lost or stolen devices and/or public Wi-Fi. However it is the fact that login credentials being the most commonly exfiltrated is what is most concerning as these can be difficult to detect.
Mobile is fast becoming a critical component of organisations and businesses, however without the correct security, mobile can also fast become an organisation’s biggest downfall. It is therefore baffling, for lack or a better word, that “security for mobile devices is still not considered as high priority as security for other computing platforms.”
Organisations need to begin protecting themselves, and the mobile device needs to be considered in the same context as any other endpoint connected to an organisation’s networks or used by employees.