Almost 80% of businesses had a mobile security incident in the past year, in many cases incurring substantial costs, a study has shown.
The report, based on a poll of 790 IT professionals worldwide including 114 from the UK, shows that 67% of firms allow personal mobile devices to connect to their networks.
Some 88% of these devices were used for corporate email, 53% contained customer data, 49% had corporate data in business apps, and 48% stored network logins.
Despite this, 63% organisations said they do not attempt to manage corporate information on employee-owned devices.
Only 23% use mobile management tools or a secure container on the device, with 66% of respondents saying they felt that careless employees posed a greater risk than cyber criminals.
The survey also showed a surge in personal mobile devices connecting to the corporate network, with 45% of respondent reporting a fivefold increase in the past two years.
The study showed that mobile security incidents are common and costly for large and small firms.
Read more on mobile security
- US Army practises poor data security on mobile devices
- How to secure mobile endpoints? Start with a mobile strategy
- BYOD strategy, mobile device security remain a top IT priority
- Mobile device management the Microsoft way
- Speed of mobile developments poses security threat
- Top ten threats to mobile enterprise security
More than half of large businesses said mobile security incidents have cost more than $500,000 in the past year – in staff time, legal fees, fines and remediation – while 45% of firms with fewer than 1,000 employees said mobile security incidents exceeded $100,000 in the past year.
Android was cited by 49% of businesses as the platform with greatest perceived security risk, compared with Apple, Windows Mobile and Blackberry, up from 30% last year.
Lost data is the biggest concern in mobile security incidents for 94% of respondents, with just 10% expressing concern over a compliance violation or fine.
“The explosion of BYOD, mobile apps and cloud services has created a herculean task to protect corporate information for businesses both large and small,” said Tomer Teller, security evangelist and researcher at Check Point Software Technologies.
“An effective mobile security strategy will focus on protecting corporate information on a multitude of devices and implementing proper secure access controls to information and applications on the go,” he said.
Equally important, said Teller, is educating employees about best practices, as the majority of businesses are more concerned with careless employees than cyber criminals.