Mobile Security Threats Put Businesses At Risk

A significant lack of visibility into devices and networks is putting businesses at risk for data leakage and phishing attacks, according to a study conducted by Enterprise Mobility Exchange.

The study showed that nearly 50 percent of mobile workers spend the majority of their worktime connected to non-corporate public Wi-Fi and carrier networks. Of that 50 percent, over 27 percent claim to connect to non-corporate owned networks more than 76 percent of the time. And, over 60 percent lack tools to audit when a device connects to a third-party network. Over half of the companies were also unsure how to even monitor device data traffic and to which servers users were connected to, beyond their corporate firewalls.

“Our study showed that it’s impossible to devise effective strategies for mitigating mobile security threats if you don’t know what devices are doing for a large part of the time they’re in use,” said Dorene Rettas, Managing Director, Enterprise Mobility Exchange. “Moreover, the widespread use of third-party networks creates a blind spot that needs to be addressed in order to make devices truly secure.”

In addition to data leakage and phishing attacks, other threats such as insecure applications, spyware and network spoofing were also highlighted as top concerns. While most respondents indicated having some level of mobile security policies to mitigate risks, roughly one-third didn’t actively enforce them. Despite the potential for unsafe user behavior that might compromise the security of corporate information, more than a third (36 percent) do not provide employees with security training.

The research also uncovered that, even as organisations recognise the threats, they are somewhat complacent to address them. Nearly half of those who provided an answer (49 percent) could not determine the number of mobile security incidents that took place in the previous year. And 66 percent of the companies do not require users to connect through a secured VPN to access corporate data, jeopardising their internal networks.

“As office and field work continues to demand always-on access to applications, it’s in an organisation’s best interest to provide employees secure access to a variety of Wi-Fi and carrier networks,” added Christopher Kenessey, CEO & President for NetMotion. “But enterprises still have a way to go to ensure visibility and security over device and user behaviour across networks outside the firewall.”

“With a large number of field workers connecting to non-corporate, unsecured networks, organisations need real-time data gathering tools to stay ahead of the security threats in today’s mobile workplace,” said Nick McQuire, Vice President of Global Enterprise Research for CCS Insight. “Visibility and actionable analytics are required for IT organisations to monitor their devices and networks in order to mitigate security risks.”

Help Net Security:

You Might Also Read:

Millions Of WiFi Routers Are At Risk Of Hacking

« Cyberwars Heat Up In AsiaPac To Battle Chinese Aggression
Guide To All Things Criminal On The Web »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

Critical Infrastructures for Information and Cybersecurity (ICIC)

Critical Infrastructures for Information and Cybersecurity (ICIC)

ICIC addresses the demand for cybersecurity for National Public Sector organizations and civil and private sector organizations in Argentina.

CSIS Security Group

CSIS Security Group

CSIS provide actionable threat intelligence, prevention, incident response and 24/7 managed security services.

NopSec

NopSec

NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches.

Zix

Zix

Zix offers secure email encryption, threat protection, archiving, DLP and BYOD security for hospitals, financial services, government, and more.

jobsDB.com

jobsDB.com

jobsDB Singapore is a search engine for jobs throughout Singapore.

BigPanda

BigPanda

BigPanda is the first provider of Autonomous Operations solutions that empower IT Operations at large, complex enterprises.

Kindus

Kindus

Kindus is an IT security, assurance and cyber security risk management consultancy.

ToucanX

ToucanX

ToucanX has eliminated remote attack vectors without sacrificing productivity. We’ve brought embedded near real time virtualization to the enterprise endpoint.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

ALSCO

ALSCO

ALSCO is dedicated to bringing first class IT services, technical support, and solutions to goverment, companies and organizations worldwide.

J.S. Held

J.S. Held

J.S. Held is a global consulting firm providing technical, scientific, and financial expertise across all assets and value at risk.

Papua New Guinea National Cyber Security Centre (PNG NCSC)

Papua New Guinea National Cyber Security Centre (PNG NCSC)

PNG NCSC is a jointly funded initiative enabling PNG to benefit with the most advanced cyber protection of its critical information and communications technology infrastructure.

TIM Enterprise

TIM Enterprise

TIM Enterprise offers innovative, sustainable and secure 360-degree digital solutions to companies and public administrations.

NoviFlow

NoviFlow

NoviFlow is a leading provider of terabit networking software solutions for Communication Service Providers (CSPs).