The survey also showed that 94 percent expect the frequency of mobile attacks to increase and 79 percent stated that securing mobile devices will grow more difficult as result.
“We need to take security to all levels, which includes mobile and IoT, not just our networks. We need to keep ahead of the bad guys, which means more research of vendors and solutions to provide full security for your environment. As more and more mobile devices and BYOD grow, the threat will grow,” he said.
“We need to control BYOD devices just as corporate phones,” he said. If the user does not agree to the security apps to be installed and wiping, then they do not get access to the corporate network or company email.
“Mobile and IoT devices are just like a PC to me. I need to provide the best security to these systems just like I do to our PCs and servers behind the corporate LAN. I try my best to stay a step ahead of the bad guys, thus do my due diligence in finding security solutions for an ever-changing landscape. It’s just not PCs and servers any more. It’s much more,” Lentz said.
The report stated that while the cost of a mobile breach is similar to that of a desktop or laptop breach, a third of those surveyed stated the risk of data loss is higher on mobile devices. Just over one third of companies have deployed a mobile threat defense solution, with a lack of resources cited as the primary reason for going without advanced mobile security. That said, this research found that just over half of companies are increasing budget and resources to secure mobile devices compared to previous years.
What can be done
Howe said while no security strategy is one size fits all, organizations should focus on four main capabilities to start ensuring protection:
- Knowledge of where data is stored and the risk that location possesses. Knowing where data is housed is just as important as how it is accessed. For example, most organizations now utilize the cloud, outside of email, which is often the only regularly used data storage on a mobile device. Being aware of both where content is stored, and the risk that location holds can prevent a costly leak.
- Limit access to sensitive data where possible. Many organizations may find that the footprint of a mobile device data breach can be greatly reduced by reducing the number of individuals who have access to the most sensitive data.
- Control of remote access. With mobile usage on the rise, employees are now attempting to access highly-sensitive data from all over the world. Ensuring data can only be reached through a secure, multi-factor authenticated connection vs. through simply entering a password on any device can lower the level of risk significantly.
- Mobile device protections based on risk level. If you find that you must allow access to or store highly sensitive information on mobile devices, have additional protections in place. Services and products exist that provide higher level mobile device security that can be controlled and monitored and if all else fails and a breach still occurs; an organization needs to have the ability to wipe a device of all sensitive data is, no matter where it is located.
Sign up for CIO Asia eNewsletters.