Both nations start from a comparable position: mobile devices pose a significant threat to business (UK: 93%, US: 96%). In fact, 60 percent of the UK companies, and 55 percent of the US companies consider the threat posed by ‘bring your own device’ (BYOD) to be their ‘top’ security priority. But there is also a similar confusion over how to respond; for example, 44 percent of UK companies, and 47 percent of US companies have no clear way of identifying known mobile threats that could be attacking their network.
In other areas, however, there is a marked difference in attitudes; something Tenable’s CEO and CTO Ron Gula describes as “a contradictive disconnect between the perceived mobile threat, and the actions being taken.” Sixty-three percent of UK businesses have a written and defined BYOD policy that is followed by staff, while only 22 percent of US companies are in a similar position. Thirty-one percent of US companies do have a written policy, but one that is actively ignored by their employees.
Surprisingly, as many as 35 percent of US companies and 22 percent of UK companies are not controlling mobile usage on their networks at all.
“Despite the UK having a slight step up on US firms, with more employees acknowledging the BYOD policies in place, many of the figures remain worrying,” says Gula. “Smart devices entering the workplace represent a combination of opportunity and threat; so organizations must understand the bigger picture of where information rests and flows within the network.” Gula believes that the threat from BYOD is not that dissimilar to the known threat from laptops. All smartphones and tablets share a common set of challenges: they carry lots of data; they are often riding around in someone's pocket where they can be easily misplaced; they transfer data over a network that can be intercepted; and they run applications that may or may not be well written. “Placing important data on a mobile device where it's easy to lose, steal, or rootkit offers the same problem as uncontrolled laptops,” he adds, “only worse.”
Gula believes that the IT network environment is only going to get more complex and challenging, “so businesses must ensure that they can see what’s happening at every moment before something happens that they weren’t expecting.”