A survey sponsored by Check Point Software Technologies Ltd. found that 64 percent of respondents are doubtful that their organization can prevent a mobile cyberattack, leaving employees' personal information vulnerable to theft.
Alvaro Hoyos, chief information security officer at OneLogin, said that number does not surprise him. He said the employees might not know the ins and outs of their company's security controls. IT departments typically don’t go out of the way to communicate all the security controls that they are relying on to secure your IT environment.
He said companies should use their security awareness training to help users understand what risks you their employers are addressing with technology.
In the report, more than 60 percent indicated some lack of resources (such as budget, shortage of personnel) or lack of experience as the key drivers. Only 37 percent made a conscious appraisal for their company and decided there was not enough risk to warrant the investment.
Travis Howe, CISO of CRM app provider Conga, is also not surprised that the vast majority of organizations feel that their mobile devices are not well-protected.
"While decision-makers understand they should be doing more to protect their employee's mobile devices, they often don’t even realize just how vulnerable they are, ultimately leaving themselves at risk of a critical breach," he said.
Steve Lentz, director of information security at Samsung Research America, said his belief is that many IT and security practitioners rely and think mobile device management (MDM) provides adequate security. “Which is incorrect, MDM provides limited security. Its main function is central management of mobile devices. Look at your typical security infrastructure. Usually, mobile and IoT are white-listed or not behind the security systems, thus vulnerable.”
That might be the reason why only two out of 10 survey respondents believe they have been breached. That seems awfully low; that they might be breached and just don’t know it yet.
“We need to be proactive and ahead of the bad guys, which means our due diligence in finding security solutions for mobile devices and IoT. Both mobile and IoT are on the bad guys' radar due to lacking security. The bad guys want to find the easiest way in, thus mobile and IoT,” he said.
Lentz said in a recent rollout, Samsung found 23 phones with embedded malware leaking sensitive data and another five or six that were jail-broken or rooted with the owners not knowing any of this. He said Lookout missed all this as did traditional antivirus and MDM.
“Security people talk about providing zero-day security for our networks. I take that a step further and include my mobile devices,” Lentz said.
Sign up for CIO Asia eNewsletters.