THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Similar documents
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Securing Today s Mobile Workforce

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

2015 VORMETRIC INSIDER THREAT REPORT

2016 Survey MANAGING APPLE DEVICES IN HIGHER EDUCATION

ips.insight.com/healthcare Identifying mobile security challenges in healthcare

2016 Survey: A Pulse on Mobility in Healthcare

IT Security: Managing a New Reality

TRUSTED MOBILITY INDEX

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

- Samsung Tablet Photo - Tablets Mean Business. Survey of IT pros reflects growing trend toward tablets for workforce mobility and more

As Enterprise Mobility Usage Escalates, So Does Security Risk

ACHIEVING FIFTH GENERATION CYBER SECURITY

The Maximum Security Marriage: Mobile File Management is Necessary and Complementary to Mobile Device Management

A Guide to Closing All Potential VDI Security Gaps

mhealth SECURITY: STATS AND SOLUTIONS

Mobile Security Trends in the Workplace

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

MaaS360 Secure Productivity Suite

BELTUG Market Trends Survey Results V-ICT-OR members - August 2015

TESTING TRENDS IN 2015: A SURVEY OF SOFTWARE PROFESSIONALS

Mobility, Security Concerns, and Avoidance

The State of Cloud Monitoring

Say Goodbye to Enterprise IT: Welcome to the Mobile First World. Sean Ginevan, Senior Director, Strategy Infosecurity Europe

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

Internet of Things Toolkit for Small and Medium Businesses

Enterprise Mobility Management: Why Size Doesn t Matter

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

Mobile Device Management: Strategies for Success. Speaker: Keith Leone

SAP Runs SAP: Using Afaria to Provision, Manage, and Secure Employees Mobile Devices

TESTING TRENDS IN 2016: A SURVEY OF SOFTWARE PROFESSIONALS

Sales Presentation Case 2018 Dell EMC

Building a Threat Intelligence Program

Optimisation drives digital transformation

2018 Mobile Security Report

Shadow IT in the Enterprise

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

Mobile Device Management: A Real Need for the Mobile World

IT & DATA SECURITY BREACH PREVENTION

Protect Yourself Against VPN-Based Attacks: Five Do s and Don ts

Skybox Security Vulnerability Management Survey 2012

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Cloud-Enable Your District s Network For Digital Learning

Operationalize Security To Secure Your Data Perimeter

CHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

Sage Canadian SMB Survey on Mobile Devices March 2013

Five Reasons It s Time For Secure Single Sign-On

CICS insights from IT professionals revealed

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

CYBERSECURITY AND THE MIDDLE MARKET

Methodology USA UK AUSTRALIA CANADA JAPAN N=1,008 MOE=+/-3% N=1,044 MOE=+/- 3% N=1,028 MOE=+/- 3% N=1,025 MOE=+/- 3% N=1,005 MOE=+/- 3%

2018 Report The State of Securing Cloud Workloads

2018 Edition. Security and Compliance for Office 365

Securing BYOD With Network Access Control, a Case Study

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives

Mobile App Security and Malware in Mobile Platform

Accelerating Digital Transformation

INTELLIGENCE DRIVEN GRC FOR SECURITY

Mobile Experience and Security - A Delicate Balance. Jeff Keller, CISA, CIA, CFSA SVP/Senior Audit Director, Technology, Projects, Due Diligence

U.S. State of Cybercrime

The State of the Trust Gap in 2015

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS

BYOD: BRING YOUR OWN DEVICE.

How NSFOCUS Protected the G20 Summit. Guy Rosefelt on the Strategy, Staff and Tools Needed to Ensure Cybersecurity

Make security part of your client systems refresh

Enterprise Mobility Management: completing the EMM story

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

Key Findings from the Global State of Information Security Survey 2017 Indonesian Insights

Achieving End-to-End Security in the Internet of Things (IoT)

BUFFERZONE Advanced Endpoint Security

Table of Contents. Location-Based Engagement 2-7. Responding to advertising 2. Usage of Mobile Apps 4. Mobile Shopping 5. Smartphone Owners 7

Managed IT Services Eliminating technology pains for SMBs

NinthDecimal Mobile Audience Q Insights Report

Swedish bank overcomes regulatory hurdles and embraces the cloud to foster innovation

Tripwire State of Container Security Report

Healthcare in the Public Cloud DIY vs. Managed Services

Novell ZENworks 7.2 Linux Management

Emerging Technologies The risks they pose to your organisations

2014 IT Risk/Reward Barometer United States Results. November Number of respondents (n) = 452

THE CYBERSECURITY LITERACY CONFIDENCE GAP

Trinity Multi Academy Trust

BUFFERZONE Advanced Endpoint Security

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

BYOD Risks, Challenges and Solutions. The primary challenges companies face when it comes to BYOD and how these challenges can be handled

THE STATE OF CLOUD & DATA PROTECTION 2018

FIS Global Partners with Asigra To Provide Financial Services Clients with Enhanced Secure Data Protection that Meets Compliance Mandates

CipherCloud CASB+ Connector for ServiceNow

Supporting The Zero Trust Model Of Information Security: The Important Role Of Today s Intrusion Prevention Systems

A value proposition for IT security Justifying the investment in the components of a compliance oriented architecture

Spotlight Report. Information Security. Presented by. Group Partner

Mobile Security and Public Networks

Top Network Considerations for Enterprise Mobility and BYOD

HIPAA Compliance Assessment Module

SDN HAS ARRIVED, BUT NEEDS COMPLEMENTARY MANAGEMENT TOOLS

PROTECTION SERVICE FOR BUSINESS. Datasheet

Transcription:

June 2013 Sponsored by

Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information can be easily transported and lost, while the Bring Your Own Device (BYOD) movement has dramatically increased the number of expensive security incidents. The following report, sponsored by Check Point, is based on a global survey of 790 IT professionals conducted in the United States, Canada, United Kingdom, Germany, and Japan. This is the second survey on this topic, and this report evaluates differences in responses to similar questions asked one year ago. The goal of the survey was to gather data to quantify the impact of mobile devices on corporate information security. Executive Summary 1. BYOD is growing dramatically and affecting enterprises of all sizes 2. Corporate information on a mobile device is a more important asset than the device itself 3. Mobile security incidents are costly, even for SMBs Key Findings Increasing numbers of mobile devices connect to corporate networks 93% have mobile devices connecting to their corporate networks 67% allow personal devices to connect to corporate networks BYOD grows quickly and creates problems for organizations Among companies that allow personal devices to connect to corporate networks: 96% say number of personal devices connecting to corporate networks is growing 45% have more than five times as many personal mobile devices as they had two years ago, an increase from 36% last year 63% do not manage corporate information on personal devices 93% face challenges adopting BYOD policies Securing corporate information cited as greatest BYOD challenge (67%) Customer information on mobile devices causes security concerns 53% report there is sensitive customer information on mobile devices, up from 47% last year 94% indicate lost or stolen customer information is grave concern in a mobile security incident Mobile security incidents very expensive 79% report mobile security incidents in the past year 52% of large companies say cost of mobile security incidents last year exceeded $500,000 45% of businesses with less than 1000 employees reported mobile security incident costs exceeding $100,000 49% cite Android as platform with greatest perceived security risk (up from 30% last year), compared to Apple, Windows Mobile, and Blackberry 66% say careless employees greater security risk than cybercriminals Sponsored by

Detailed Findings Extensive use of mobile devices on corporate networks Participants were asked if mobile devices, such as smartphones or tablets, connected to their corporate networks. Broad use of mobile devices was reported, with 93% saying that they had mobile devices connecting to corporate networks. This is an increase compared to 89% in 2012. Mobile devices connected to the corporate network 2013 93% 7% Yes 2012 89% 11% No 50% 55% 60% 65% 70% 75% 80% 85% 90% 95% 100% More corporate networks include personal devices Just over two-thirds of organizations, 67%, have devices owned personally by employees, contractors, or others that connect to their corporate networks. This included 65% who allow both personal and company owned mobile devices, as well as 2% that had only personally owned mobile devices on their networks. This is an increase compared to 65% in 2012. Types of mobile devices connected to the corporate network Only company owned mobile devices 26% None 7% Only personally owned mobile devices 2% Both personal and company owned mobile devices 65% (n= 790 All) Page 3

The use of personal mobile devices for work is very consistent across companies of all sizes. Little variation was seen in the number of businesses saying they have personal mobile devices on their corporate networks from the smallest businesses (68%) to the largest (65%). Personal mobile devices connect to corporate networks (By company size) 80% 70% 60% 50% 40% 30% 20% 10% 0% 67% 68% 66% 65% All Less than 1000 employees 1000-5,000 employees More than 5000 employees Personal mobile devices at work continue to expand IT professionals whose companies do allow personally owned mobile devices to connect to corporate networks were asked how much growth there has been in the past two years. The vast majority, 96%, have seen an increase in the use of mobile devices connecting to corporate networks. For some companies, the increase was very dramatic with 45% saying they have more than five times as many personal mobile devices on their networks as they did two years ago. Increase in use of personal mobile devices on corporate networks No increase 4% Less than 2 1mes 8% More than 5 1mes 45% Between 2 and 5 1mes 43% (n= 507 Have personal mobile devices on corporate network) Page 4

This growth is even more dramatic than last year. In 2012, the same question was asked. Only 36% of companies have more than five times as many personal devices connecting to corporate networks compared to 45% in this year s survey. 2013 4% 8% 43% 45% No increase Less than 2 9mes Between 2 and 5 9mes 2012 6% 16% 42% 36% More than 5 9mes 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Securing corporate information greatest challenge in adopting BYOD BYOD is causing challenges for corporate IT. Among companies that allow personal devices on their networks, the vast majority, 93%, reported that when employees use their own smartphones, tablets, or other devices to work with business information, it causes issues. Participants reported that the most common challenge faced by IT organizations in adopting BYOD was securing corporate information (67%), closely followed by tracking and controlling access to networks (63%). Challenges with BYOD Securing corporate informa:on 67% Tracking and controlling access to corporate and private networks 63% Managing personal devices that contain both corporate and personal data and applica:ons 59% Keep device opera:ng system and applica:ons updated 38% Finding agnos:c security solu:ons (i.e. managing all OSes) 14% No challenges 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% (n=507 Have personal mobile devices on corporate network) Page 5

Corporate information on personal devices not managed by IT Almost two-thirds, 63%, of companies who have personally owned mobile devices connecting to their corporate networks do not manage the corporate information that resides there. Among those who do manage the information, active-synch policies were the most common (21%), followed by Mobile Device Management (MDM) tools (15%), and secure container (8%). Approach to managing business data on personally owned devices Ac:ve- synch policy 21% Mobile Device Management (MDM) tool 15% Secure container 8% We do not manage corporate informa:on on employee- owned devices 63% 0% 10% 20% 30% 40% 50% 60% 70% (n= 507 Have personal mobile devices on corporate network) Larger companies were the most likely to manage corporate information on personally owned devices. Very few companies with less than 1000 employees, 17%, use a technical approach to information management on employee s mobile devices, significantly less than the comparable 66% of companies with more than 5000 employees. 70% 60% 50% 40% 30% 20% 10% 0% IT manages the corporate informa2on on personally owned mobile devices (By company size) 37% 17% All Less than 1000 employees 47% 66% 1000-5,000 employees More than 5000 employees Page 6

More types of information on mobile devices today Participants reported an increase in all types of information stored on mobile devices compared to last year. Corporate email, the most common type of corporate information reported, increased from 79% of mobile devices last year to 88% this year. More companies have their most sensitive business information stored on mobile devices. Customer data stored on mobile devices increased from 47% in 2012 to 53% in 2013. Corporate information on mobile devices through business apps installed on mobile devices saw the greatest increase with a 17% rise from 2012 to 2013. Corporate informa-on stored on mobile devices Corporate email 79% 88% Contact informa3on for colleagues, customers, partners Corporate calendar* 65% 74% 72% Customer data Corporate informa3on via business apps 32% 53% 47% 49% 2013 2012 Network login creden3als 38% 48% Photos/video Confiden3al notes 30% 33% 28% 46% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% *Not asked in 2012 survey (n=736 Have mobile devices on corporate networks) Possible loss of corporate information from mobile devices ranked most concerning Mobile security incidents can have a wide range of impacts. Participants were presented with a list of possible impacts and asked to rank them from first to last with the first being the factor that was the most impactful and the last being the factor that was the least impactful. Lost or stolen devices was ranked number 1 as the factor that had the greatest impact on the vulnerability of mobile data, followed by malicious applications downloaded to the mobile device. The high rate of users changing or upgrading their mobile device was ranked last as a factor impacting mobile security. Page 7

Ranking of factors impac0ng the vulnerability of mobile data 1. Lost or stolen mobile devices with corporate data 2. Malicious applicaeons downloaded to the mobile device 3. Unsecured Wi- Fi connecevity 4. Insecure web browsing 5. Lack of security patches from service providers 6. Lack of employee awareness about security policies 7. High rate of users changing or upgrading their mobile device Weighted Score (n=736 Have mobile devices on corporate networks) Loss of corporate information greatest concern during a mobile security incident Mobile security incidents can have a wide range of impacts. Participants who had mobile devices on their corporate networks, including both personal and business, were presented with a list of possible issues that could occur as a result of a mobile security incident and asked which were most concerning. Possible loss of corporate information was by far the most concerning (94%). The cost of replacing the lost device ranked a distant second (20%). Concerns when a mobile security incident is experienced Lost or stolen informa8on 94% (Cost of replacing lost or stolen devices 20% Compliance viola8ons and fines 10% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% (n=736 Have mobile devices on corporate networks) Page 8

Mobile security incidents are expensive Once companies have mobile devices, security incidents happen and the costs are substantial. Most companies, 79%, that have mobile devices on their networks have had a mobile security incident in the past year. The majority, 57%, reported that the total costs of their mobile security incidents cost them from $10,000 to more than $500,000 in the past year. These costs included staff time, legal fees, fines, resolution processes, and so on. Cost of mobile security incidents in the past year More than $500,000 16% No mobile security incidents 21% $250,000 - $500,000 13% $100,000 - $500,000 13% Less than $10,000 22% $10,000 - $100,000 15% (n=736 Have mobile devices on corporate networks) When security incidents did happen, the cost was most substantial at the largest companies. Among those who work at companies with over 5000 employees, more than half (52%) reported that last year the cost of mobile security incidents exceeded $500,000. However, even SMBs reported that mobile security incidents were very expensive. Almost half of companies with less than 1000 employees, 45%, reported security incidents that cost more than $100,000, a significant amount for a small firm. Cost of mobile security incidents in the past year (By company size) More than 5000 employees 12% 14% 8% 14% 52% Less than $10,000 1000-5,000 employees 23% 19% 23% 18% 18% $10,000 - $100,000 $100,000 - $250,000 $250,000 - $500,000 Less than 1000 employees 36% 19% 18% 17% 10% More than $500,000 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% (n=576 Have had mobile security incident in the past year) Page 9

Android trusted less; Windows Mobile and BlackBerry trusted more for security Participants were asked which of the most common mobile platforms they viewed as being the greatest risk to their corporate security. Android was by far the most frequent platform indicated (49%), followed by Apple/iOS (25%) and Windows Mobile (17%). This question showed a dramatic change from the previous year. Android increased dramatically as the platform perceived to have the greatest security risk. Windows Mobile and BlackBerry both saw the number of IT professionals who viewed this as the most risky platform decrease by almost half. Mobile platform perceived as greatest security risk (2012 vs. 2013) 2013 25% No Change 49% 19% Increase 12% Decrease 17% 9% 7% Decrease Apple/iOS Android Windows Mobile 2012 25% 30% 29% 16% Blackberry 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% (n=790 All) Careless employees seen as a greater security risk than cybercriminals Participants were asked which group of individuals was considered the greatest security risk careless employees or cybercriminals who intentionally try to steal corporate information. Significantly more said careless employees pose greater security risks (66%) than cybercriminals (34%), which reinforces the importance of implementing a strong combination of technology and security awareness throughout an organization. Greater impact on security risk of mobile devices Cybercriminals 34% Careless employees 66% (n=790 All) Page 10

IT may not allow use of file-sharing sites, but policy is often not enforced The use of mobile devices has driven the adoption of file-sharing sites such as DropBox, Box, Google Drive and icloud, which some IT organizations see as a concern for security of corporate data. Participants were asked if employees are allowed to upload and share work information to public file-sharing applications. Organizations are divided on their policies with some allowing all employees to access these sites (35%) and some not allowing any employees (25%). Most allowed some employees while preventing others (40%). Policy on employee use of public file- sharing applica6ons No employees can use 25% All employees can use 35% Some employees in certain roles 40% (n=790 All) However, these policies are not enforced uniformly. Organizations who do have policies that some or all of their employees not use public file-sharing applications were asked whether they thought these policies were followed. Only 38% actually enforce their policies by blocking these sites on the corporate network, while 28% admit that some employees don t follow the policy. Employee adherence to policy of not using public file- sharing The policy is definitely followed since we block these sites from our network 38% We think all our employees follow our policy, but it is not enforced 34% Most employees follow the policy, but a few don't 26% Most employees don't follow the policy 2% 0% 5% 10% 15% 20% 25% 30% 35% 40% (n=512 Those with policies against use of public file-sharing) Page 11

Survey Methodology An independent database of IT professionals was invited to participate in a web survey on the topic of mobile devices and information security sponsored by Check Point. A total of 790 respondents across the United States, Canada, United Kingdom, Germany, and Japan completed the survey. Each respondent had responsibility for securing company systems. Participants included IT executives, IT managers, and hands-on IT professionals, and represented a wide range of company sizes and industry verticals. This survey is the second in a series of surveys on this topic. This report compares certain results to the results of similar questions asked one year ago. Front- line IT professional 29% Par$cipant job func$on IT execu(ve 31% IT security is part of my job 69% Responsibility for IT security IT security is my en.re job 31% More than 15,000 11% 5,000-15,000 16% Company Size Less than 100 17% IT manager 40% 1000-5,000 25% 100-1000 31% About Dimensional Research Dimensional Research provides practical marketing research to help technology companies make their customers more successful. Our researchers are experts in the people, processes, and technology of corporate IT and understand how IT organizations operate. We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business. For more information visit. About Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point s award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft. Page 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback