Mobile security continues to be a major weakness in UK organizations’ cyber-readiness, with 41% of respondents to a new BT study claiming they had suffered a device security breach in the past year, and a fifth of these having been hit by more than four incidents.
Much of the problem seems to come down to the lack of management around BYOD or corporately owned personally enabled (COPE) devices, which are permitted in 95% of respondent organizations.
Just one third of IT decision makers from those large organizations surveyed said they had an official BYOD policy, 10% still do not enforce password protection and many claimed that security training was not universal throughout the company.
Some 34% said they don’t have any kind of mobile security policy, despite a third of personal or corporate owned devices having access to sensitive data on enterprise networks.
“If CEOs are passionate about making security practices work, then they will inevitably become an intrinsic part of people’s lives,” said BT Security president, Mark Hughes, in a statement.
“Problems usually arise when people don’t understand the risks and the impact that neglecting security could cause for the business, as well as for them personally. A security breach could cause a share price drop and reputational brand damage. This means that security is everyone’s job.”
Compounding the problem, the average length of time between reviewing mobile security measures is 10 months – likely to be too long given the rapidly evolving threat landscape.
New mobile threats seem to emerge almost every week.
Alcatel Lucent Kindsight recently estimated the number of infected mobile devices globally at around 15 million – increasing 17% in the first half of 2014, compared to a growth of 20% for the whole of 2013.
It’s not surprising that a panel of security experts predicted during the Infosecurity Magazine Winter Virtual Conference last month that risks are only set to grow as new generations of devices, services and employees enter the workforce.