The Mobilisafe research is based on analysis of more than 140 million mobile connection events and provides insights into the risks the bring-your-own-device (BYOD) phenomenon presents to organizations.
“Every iOS version generally speaking has security patches to address pretty severe vulnerabilities, so the high distribution of out-of-date devices is introducing quite a bit of risk into organizations”, said Giri Sreenivas, chief executive officer and co-founder of Mobilisafe.
The Mobilisafe white paper found that on average 80% of employees were already using smartphones and tablets at work. “This figure was considerably higher than some of the other survey estimates that have been published. So there is a substantial difference between our real life data versus surveys”, Sreenivas told Infosecurity.
In addition, the research found that a new device model was introduced into a company for every seven employees. “If there were 70 employees in an organization, we would see 10 different device configurations. So this indicates the diversity of devices, which reflects what is going on in the mobile device market today; iOS is relatively homogenized but Android has tremendous fragmentation with major manufacturers customizing devices as they see fit”, Sreenivas observed.
The white paper noted that close to 40% of total authenticated devices were inactive for more than 30 days, prompting conversations with employees about lost or stolen devices with sensitive corporate data.
“This is an indication of a number of things. One is the rate at which employees are cycling through mobile devices….Employees are going after the hottest tablet or phone. This is leaving a lot of unanswered questions, like what did you do with your old phone that has sensitive corporate data and employee credentials on it? Did you sell it, lose it, or hand it down to someone in your family?” Sreenivas related.
The research found that 71% of devices contained high-severity vulnerabilities in operating systems and applications. In addition, a new mobile device vulnerability was mapped on average every 1.6 days, which is four times faster than in 2011, and 38 different OS versions contained high-severity vulnerabilities.
The white paper offered four steps for organizations to implement effective mobile device security: establish full visibility of all devices and users connecting to the network, continually monitor and assess the vulnerability risk of each device, enforce access controls properly, and deploy security patches in a timely manner.
To help organizations with BYOD security, Mobilisafe has introduced an agentless, cloud-based mobile risk management product that enables IT to identify and reduce BYOD security risks. Customers deploy Mobilisafe software components onto their existing servers that aid the cloud-based offering in the discovery of devices, monitoring and assessment of risk, and enforcement of access controls, the company explained in a release.