The effect of BYOD on information security

Coinciding with Ovum’s third BYOX World Forum, Check Point has today released its second mobile security report: The impact of mobile devices on information security. Conducted by Dimensional Research, 790 IT professionals with a security responsibility from the US, Canada, UK, Germany and Japan were queried on their BYOD experience. The overwhelming response is that BYOD is growing dramatically, security is the biggest concern, and that BYOD security incidents are costly.

The often noted difference between ‘allowed’ connections and actual connections is confirmed. Sixty-seven percent of the respondents allow personal devices to connect to the corporate network; but 93% actually have mobile devices connecting – and 96% say that the number of connections is growing. Of the companies that allow mobile connections, there is little difference in size. Sixty-eight percent of companies with fewer than 1000 employees do so, compared to 65% of companies with more than 5000 employees.

Only 7% of respondents claim to have no issues with the use of BYOD. From the issues that do arise, security is the most serious. Sixty-seven percent worry about securing corporate data, while 63% are concerned with tracking and controlling access to corporate and private networks. More traditional IT concerns are less worrying: keeping OS and apps up to date (38%) and finding OS-agnostic solutions (14%).

But one solution to the security problem – particularly in the smaller companies – is to ignore it. Little more than a third of all businesses do anything to secure company data on personal devices. Larger companies are more likely to be proactive (66%), while only 17% of companies with fewer than 1000 employees take steps. “Among those who do manage the information,” notes the survey, “active-synch policies were the most common (21%), followed by Mobile Device Management (MDM) tools (15%), and secure container (8%).”

This lack of technical solutions may be linked the respondents’ view on threats: 66% believe that careless employees are a greater threat than cybercriminals. Carelessness can be handled by policies; cybercriminals are better handled by technology. Indeed, the threat from lost or stolen devices is considered greater than the threat from downloaded malware. Android is considered the most vulnerable platform – but surprisingly, Apple is considered a greater risk than Windows Mobile. Blackberry is considered the most secure.

Despite the source of threat, the incidence of mobile-related security incidents is common, and the effect is expensive. Seventy-nine percent of the respondents have experienced a security incident in the last 12 months. Including all of the administrative expenses, 16% incurred costs of more than $500,000, while only 22% had costs less than $10,000. Unsurprisingly, but not exclusively, the greater costs were experienced by the larger companies.

“Without question,” says Tomer Teller, security evangelist and researcher at Check Point Software Technologies, “the explosion of BYOD, mobile apps, and cloud services, has created a herculean task to protect corporate information for businesses both large and small. An effective mobile security strategy will focus on protecting corporate information on the multitude of devices and implementing proper secure access controls to information and applications on the go. Equally important is educating employees about best practices as the majority of businesses are more concerned with careless employees than cybercriminals.”

What’s Hot on Infosecurity Magazine?