According to an IDG Global Mobility Study, 70 percent of employees surveyed access the corporate network using a personally owned smartphone or tablet and a whopping 80 percent of employees access email from their personal devices.
As we go from desktop to mobile, so do the cyber criminals.
Back in 2012, the landscape of mobile threats was marked by classic scams and phishing attacks. As access to corporate assets increases with BYOD in the new year, the mobile threat landscape changes as well.
It is critical to look at the behavioral patterns of mobile users as they point to the ways in which it can be exploited by cyber criminals. In our research last year highlighted in the Blue Coat 2013 Mobile Malware Report, there is a marked difference between the patterns of desktop and mobile users.
On average, a user spends 72 minutes a day browsing the mobile Web. This is independent of the time spent using native applications and represents the time when users are most vulnerable to threats. During that time, users are spending more than 11 minutes with content related to computers/Internet. The remaining 60 minutes are spent looking at a variety of content, from social networking and shopping to business/economy and entertainment.
For most users, mobile devices are a personal experience. Other than recreational content, news/media was one of the most popular categories on mobile devices with nearly three times as many requests. Social networking requests continued to rank slightly higher for mobile users even with the predominance of native mobile applications for social networking sites.
The most noticeable difference between desktop and mobile user behaviour occurs within search engines/portals. Search engines are used more than twice as much by desktop users as by mobile users. Mobile users demand rapid access to information and often go directly to the source rather than waiting for search results.
Today, users will move between Web, mobile Web and native mobile applications, depending on which can best meet their experience expectations. From a security perspective, users will tend to go with the application that provides the best user experience even if it is not the most secure option.
As organisations introduce corporate app stores to better manage the applications on their network, user experience will be a key driver of adoption. For example, if logging into a VPN is cumbersome or provides poor performance, a user will find another way to send out documents. That method won't always be secure or even comply with regulations.
To mitigate the risks from BYOD, organisations can close the mobile app gap on their network. They should ensure that they are able to see and consistently enforce policy across all three types of applications on their network:
Sign up for CIO Asia eNewsletters.