Enterprise security report says mobile workers put data at risk
|Christian Hargrave in Security Wednesday, October 10, 2018|
50 percent of mobile workers are using non-corporate networks to work according to a new study named the Greatest Mobile Security Threats in the Enterprise.
According to a new study titled Greatest Mobile Security Threats in the Enterprise, a significant lack of visibility into devices and networks is putting businesses at risk for data leakage and phishing attacks. The study, conducted by Enterprise Mobility Exchange and commissioned by NetMotion Software, showed that nearly 50 percent of mobile workers spend the majority of their work time connected to non-corporate public Wi-Fi and carrier networks. Of that 50 percent, over 27 percent claim to connect to non-corporate owned networks more than 76 percent of the time. And, over 60 percent lack tools to audit when a device connects to a third-party network. Over half of the companies were also unsure how to even monitor device data traffic and which servers users were connected to beyond their corporate firewalls.
“Our study showed that it’s impossible to devise effective strategies for mitigating mobile security threats if you don’t know what devices are doing for a large part of the time they’re in use,” said Dorene Rettas, Managing Director, Enterprise Mobility Exchange. “Moreover, the widespread use of third-party networks creates a blind spot that needs to be addressed in order to make devices truly secure.”
Insecure applications, spyware, and network spoofing
In addition to data leakage and phishing attacks, other threats such as insecure applications, spyware, and network spoofing were also highlighted as top concerns. Although while most respondents indicated having some level of mobile security policies to mitigate risks, roughly one-third didn’t actively enforce them. Despite the potential for unsafe user behavior to compromise the security of corporate information, more than a third (36 percent) do not provide employees with security training.
The research also uncovered that, even as organizations recognize the threats, they are somewhat complacent to address them. Nearly half of those who provided an answer (49 percent) could not determine the number of mobile security incidents that took place in the previous year. And 66 percent of the companies do not require users to connect through a secured VPN to access corporate data, jeopardizing their internal networks.
“As office and field work continues to demand always-on access to applications, it’s in an organization’s best interest to provide employees secure access to a variety of Wi-Fi and carrier networks,” added Christopher Kenessey, CEO & President for NetMotion. “But enterprises still have a ways to go to ensure visibility and security over device and user behavior across networks outside the firewall.”
“With the large number of field workers connecting to non-corporate, unsecured networks, organizations need real-time data gathering tools to stay ahead of the security threats in today’s mobile workplace,” said Nick McQuire, Vice President of Global Enterprise Research for CCS Insight. “Visibility and actionable analytics are required for IT organizations to monitor their devices and networks in order to mitigate security risks.”
The Greatest Mobile Security Threats in the Enterprise study was conducted in the United States in July and August 2018. It reached more than 130 respondents at companies with corporately owned mobile devices (phones, tablets, laptops) across financial, government, warehousing, and other industries.