Mobile Security Threat Growing for Enterprises
Corporate data security breaches are increasingly originating from mobile devices equipped with high-level access to company databases, new research finds.
According to new mobile security survey by IDG Research of 100 "global IT leaders," 74 percent said they have experienced data breaches due to holes in mobile security. Software vulnerabilities (38 percent) and malware (36 percent) were among the leading causes for data breaches.
Mobile security is a growing issue for enterprises, the survey found, because fully 82 percent of those surveyed by IDG said the majority of their corporate data is accessible via mobile devices. Those vulnerabilities are likely to grow as more enterprises adopt a "bring-your-own-device" policy.
In response, the market researcher reported that the vast majority of those enterprises surveyed plan to increase their investments in mobile security over the next year. Study sponsor Lookout, a San Francisco-based mobile security specialist, said half of those surveyed by IDG were CIOs.
The mobile security specialist cites recent vulnerabilities like the Stagefright 2.0 vulnerability that allows attackers to remotely take over an Android device. The vulnerability is thought to affect nearly all Android devices. Meanwhile, a new iOS malware vulnerability known as XcodeGhost emerged on Apple devices last month. The vulnerability steals data from iOS devices.
Hence, mobile security vendors like Lookout, which works with carriers like AT&T, Orange and T-Mobile, are betting that enterprises will soon begin focusing more of their security spending on mobile threats. The company estimates that global enterprises spend about $90 billion a year on security.
An increasingly common attack scenario involves the installation of malware installed on a company-furnished mobile device. Once opened, the malware exposes corporate data via the device. The breach could have occurred by connecting to free Wi-Fi or by downloading a game, the researchers found. These and other mobile scenarios put sensitive corporate at greater risk, the study warned.
IDG found that the CIOs are most concerned about mobile apps containing malware or other security vulnerabilities followed by apps that access and transmit sensitive corporate data. Connections to unsecured Wi-Fi connections are among the other top security concern. Taken together, CIOs and other IT administrators are primarily concerned about the overall lack of visibility into potential mobile security issues as these devices expand access to corporate databases.
IDG said 95 percent of those surveyed believe the risk of data breaches has increased because corporate data resides on or can be accessed by mobile devices.
The sheer number of mobile apps is adding fuel to mobile security fire. The study noted that a growing number of apps developed and deployed by enterprises or systems integrators do not go through a security vetting process such as an app store.
Along with a lack of security assessments for mobile apps, the IDG survey stressed, "Organizations have done a poor job of taking into context the situation of the user accessing data, including which applications they are using.”
As enterprises begin spending more on mobile security, the survey advises that companies start treating mobile devices like "laptops with permanent connectivity on a network outside of enterprise control."