THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

Similar documents
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY:

2018 GLOBAL CHANNEL PARTNER SURVEY THYCOTIC CHANNEL PARTNER SURVEY REPORT

MOBILE SECURITY 2017 SPOTLIGHT REPORT. Information Security PRESENTED BY. Group Partner

2015 VORMETRIC INSIDER THREAT REPORT

The State of Cloud Monitoring

TESTING TRENDS IN 2016: A SURVEY OF SOFTWARE PROFESSIONALS

Perimeter Defenses T R U E N E T W O R K S E C U R I T Y DEPENDS ON MORE THAN

TRUSTED MOBILITY INDEX

2017 Trends in Security Metrics and Security Assurance Measurement Report A Survey of IT Security Professionals

Mastering The Endpoint

- Samsung Tablet Photo - Tablets Mean Business. Survey of IT pros reflects growing trend toward tablets for workforce mobility and more

ACHIEVING FIFTH GENERATION CYBER SECURITY

Building a Threat Intelligence Program

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

mhealth SECURITY: STATS AND SOLUTIONS

CYBER SECURITY RISK ASSESSMENT: WHAT EVERY PENSION GOVERNMENTAL ENTITY NEEDS TO KNOW

KNOWLEDGE GAPS: AI AND MACHINE LEARNING IN CYBERSECURITY. Perspectives from U.S. and Japanese IT Professionals

TESTING TRENDS IN 2015: A SURVEY OF SOFTWARE PROFESSIONALS

Good Technology State of BYOD Report

Mobile Security Trends in the Workplace

THE CYBERSECURITY LITERACY CONFIDENCE GAP

IT Monitoring Tool Gaps are Impacting the Business A survey of IT Professionals and Executives

2014 NETWORK SECURITY & CYBER RISK MANAGEMENT: THE THIRD ANNUAL SURVEY OF ENTERPRISE-WIDE CYBER RISK MANAGEMENT PRACTICES IN EUROPE

U.S. State of Cybercrime

2018 Mobile Security Report

THE STATE OF CLOUD & DATA PROTECTION 2018

2016 Survey: A Pulse on Mobility in Healthcare

UNLOCKED DOORS RESEARCH SHOWS PRINTERS ARE BEING LEFT VULNERABLE TO CYBER ATTACKS

A value proposition for IT security Justifying the investment in the components of a compliance oriented architecture

Vulnerability Management Trends In APAC

SIEM: Five Requirements that Solve the Bigger Business Issues

The Data Breach: How to Stay Defensible Before, During & After the Incident

Paper. Delivering Strong Security in a Hyperconverged Data Center Environment

IT Security: Managing a New Reality

ips.insight.com/healthcare Identifying mobile security challenges in healthcare

Operationalize Security To Secure Your Data Perimeter

The AVG 2015 Digital Diaries Executive Summary

Securing Today s Mobile Workforce

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

ENDPOINT SECURITY WHITE PAPER. Endpoint Security and the Case For Automated Sandboxing

Internet of Things Toolkit for Small and Medium Businesses

As Enterprise Mobility Usage Escalates, So Does Security Risk

What can we lose not implementing proper security in our IT environment? Aleksandar Pavlovic Security Account Manager Cisco

TESTING TRENDS FOR 2018

Vulnerability Management Survey

Security Awareness Training Courses

Unisys Security Insights: Australia A Consumer Viewpoint 2015

INTELLIGENCE DRIVEN GRC FOR SECURITY

WINDOWS 10: THE STATE OF THE UNION

Fraud Mobility: Exploitation Patterns and Insights

A Guide to Closing All Potential VDI Security Gaps

Modern Database Architectures Demand Modern Data Security Measures

Managed IT Services Eliminating technology pains for SMBs

HOSTED SECURITY SERVICES

Trustlook Insights Q BYOD Trends & Practices

Insider Threat Program: Protecting the Crown Jewels. Monday, March 2, 2:15 pm - 3:15 pm

THE STATE OF MEDIA SECURITY HOW MEDIA COMPANIES ARE SECURING THEIR ONLINE PROPERTIES

CYBERSECURITY AND THE MIDDLE MARKET

Background FAST FACTS

SD-WAN for Addressing Branch Network Complexity & Security

Emerging Technologies The risks they pose to your organisations

Optimisation drives digital transformation

2016 Survey MANAGING APPLE DEVICES IN HIGHER EDUCATION

INTRODUCTION. We would like to thank HelpSystems for supporting this unique research. We hope you will enjoy the report.

Mobile App Security and Malware in Mobile Platform

Cloud Foundry User Survey

SDN HAS ARRIVED, BUT NEEDS COMPLEMENTARY MANAGEMENT TOOLS

WHY MOBILE SECURITY SHOULD BE IN YOUR TOP PRIORITIES

Bring your own device: a major security concern

Cyber Security. June 2015

Predictive Insight, Automation and Expertise Drive Added Value for Managed Services

The future of UC&C on mobile

CompTIA Security Research Study Trends and Observations on Organizational Security. Carol Balkcom, Product Manager, Security+

Security in a Converging IT/OT World

Implementing Your BYOD Mobility Strategy An IT Checklist and Guide

Roadmap to the Efficient Cloud: 3 Checkpoints for the Modern Enterprise

CHANGING FACE OF MOBILITY RAISES THE STAKES FOR ENDPOINT DATA PROTECTION

The 2017 State of Endpoint Security Risk

Achieving End-to-End Security in the Internet of Things (IoT)

A Mobile Security Checklist: The Top Ten Threats to Your Enterprise Today. White Paper

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

AN IPSWITCH WHITEPAPER. The Definitive Guide to Secure FTP

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Second International Barometer of Security in SMBs

Security in India: Enabling a New Connected Era

EMPLOYEE SKILLS TRAINING PLATFORM. On-access skills training and measurement for all employees

Managing IT Risk: What Now and What to Look For. Presented By Tina Bode IT Assurance Services

CLEARING THE PATH: PREVENTING THE BLOCKS TO CYBERSECURITY IN BUSINESS

Tripwire State of Container Security Report

SAP Runs SAP: Using Afaria to Provision, Manage, and Secure Employees Mobile Devices

Healthcare in the Public Cloud DIY vs. Managed Services

THALES DATA THREAT REPORT

` 2017 CloudEndure 1

Adobe Security Survey

IT & DATA SECURITY BREACH PREVENTION

Sales Presentation Case 2018 Dell EMC

Toward an Automated Future

Supporting The Zero Trust Model Of Information Security: The Important Role Of Today s Intrusion Prevention Systems

Cyber Insurance: What is your bank doing to manage risk? presented by

Securing Wireless Mobile Devices. Lamaris Davis. East Carolina University 11/15/2013

Transcription:

October Sponsored by

Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information is easily transported outside of managed environments, while the Bring Your Own Device (BYOD) movement has dramatically increased the number of expensive security incidents. In recent months, we have seen several highly visible, high-impact corporate hacks. These highly publicized breaches have significant financial impact as well as risk to the company s reputation. Mobile security is of utmost concern as the number of personal devices connecting to corporate networks continues to grow. The following report, sponsored by Check Point, is based on a global survey of 706 IT and security professionals conducted in the United States, Canada, Germany, United Kingdom, Australia and New Zealand. The goal of the survey was to capture data on current attitudes and trends with mobile devices and IT security. This is the third survey on this topic sponsored by Check Point and this report evaluates differences in responses to similar questions asked over the past two years. Executive Summary 1. Number of personal mobile devices connecting to corporate networks continues to grow 2. The cost of remediating mobile security incidents continues to increase 3. Employee behavior is a significant factor in mobile security Key Findings Number of personal devices connecting to corporate networks continues to grow 75% allow personal devices to connect to corporate networks, an increase from 67% in 2013 and 65% in 2012 91% say the number of personal devices connecting to corporate networks is growing 72% more than doubled the number of connected personal mobile devices in the past two years Mobile security incidents are on the rise, and so is the cost of fixing them 82% of security professionals expect mobile security incidents to increase this year 98% have concerns about the impact of a mobile security incident 95% face challenges with the security of BYOD 64% say cost of remediating mobile security incidents is increasing 42% of executives say a mobile security incident costs more than $250,000 64% cite Android as the mobile platform with the greatest risk, up from 49% in 2013 and 30% in 2012 Employee behavior is a significant factor in information security 87% say careless employees are a greater threat to security than cybercriminals, up from 72% in 2012 Employee actions have the highest impact on vulnerability of mobile data 63% say employees likely contributed to recent high-profile security breaches 92% say employee behaviors could have made a difference in preventing high-profile security breaches 56% are managing business data on employee-owned personal devices, up from 37% in 2013 Sponsored by

Detailed Findings Continued growth in the number of companies with mobile devices connecting to corporate networks IT professionals were asked if mobile devices, such as smartphones or tablets, were allowed to connect to their corporate networks. Most reported broad use of mobile devices within their organizations, with 95% saying that they had mobile devices connecting to corporate networks, including 74% who allowed both personal and company owned devices, 20% who allowed only company-owned mobile devices, and 1% that had only personal mobile devices. The 1% all worked at small companies. Mobile devices connect to corporate networks No 5% Yes 95% This is a slight increase in the number of companies that allow mobile devices on their corporate networks compared to 93% in 2013. More corporate networks include personal devices If we consider only personally-owned mobile devices connecting to corporate networks, has seen a more significant growth rate than in the past. In, 75% of IT professionals reported that devices owned personally by employees, contractors, or others connect to their corporate networks, up from 67% in 2013 and 65% in 2012. Companies allowing personal mobile devices to connect corporate networks 75% 25% 2013 67% 33% Yes No 2012 65% 35% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Page 3

Companies have an increasing number of personal mobile devices connecting to their networks IT professionals whose companies do allow personally-owned mobile devices were asked how much growth there has been in the number of personal devices on their corporate networks. The vast majority, 91%, have seen an increase in the number of mobile devices connecting to corporate networks over the past two years. For most participants, the increase was very dramatic with 72% saying they more than doubled the number of personal mobile devices in this timeframe. Increase in number of personal devices connec3ng to corporate networks More than 5 8mes 26% No increase 9% Less than twice as many 19% Between 2 and 5 8mes 46% Mobile security incidents expected to grow With the high rate of growth of mobile devices, particularly personal mobile devices connecting to corporate networks, it is unsurprising that the number of security incidents is also expected to grow. Among all IT professionals, about two-thirds (64%) expected to see an increase in the number of mobile security incidents. Interestingly, IT professionals in general were more optimistic than the IT professionals who focus exclusively on security as their entire job. Among the security professionals who spend all their time thinking about securing corporate data and systems, a shocking 82% expect the number of security incidents to increase. Not a single dedicated security professional (0%) indicated that they expected the number of mobile security incidents to decrease this year, although among all IT professionals, including those for whom security was only part of their job, 7% felt that the steps they were taking to ensure security would decrease the number of security incidents. Expected change in number of security incidents in coming year (All IT professionals) No change 29% Expected change in number of security incidents in coming year (Dedicated security professionals only) Decrease 0% No change 18% Decrease 7% Increase 64% Increase 82% Page 4

IT professionals are concerned about the business impact of mobile security incidents Nearly all IT professionals (98%) have concerns about the impact of a mobile security incident. When asked about their greatest concerns, lost or stolen information topped the list with 82% of IT professionals citing this as an issue, followed by 61% who worried about introducing security weaknesses for future attacks. Mobile security incident concerns Lost or stolen informaaon 82% IntroducAon of security weakness for future ahacks 61% Compliance violaaon and fines 43% Cost of replacing lost or stolen devices 31% Other No concerns 3% 2% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% Participants who took the time to write in Other answers specifically called out worries about reputation and bad press, loss of productivity while correcting problems, and costs to stay within security standards and compliance. Securing corporate information remains greatest challenge in adopting BYOD BYOD or Bring Your Own Device continues to cause challenges for corporate IT. The majority of participants, 95%, reported that when employees use their own smartphones, tablets, or other devices to work with business information, it creates security challenges. IT professionals report that the most common challenge faced by IT organizations in adopting a BYOD policy is securing corporate information (72%), followed by managing personal devices that contain corporate and personal data and applications (67%), and tracking and controlling access to corporate and private networks (59%). BYOD security challenges Securing corporate informabon 72% Managing personal devices that contain both corporate and personal data and applicabons Tracking and controlling access to corporate and private networks 59% 67% Keep device operabng system and applicabons updated Finding agnosbc security solubons (i.e. managing all OSes) 42% 46% Other We have no challenges with BYOD 2% 5% 0% 10% 20% 30% 40% 50% 60% 70% 80% Page 5

The specific challenges and importance of the challenges did not change significantly from year to year, but the overall number of IT professionals facing security concerns as well as the number concerned about particular items, has increased across the board. The overall number of IT professionals who face security challenges rose from 93% in 2013 to 95% in. Most challenges saw a slight in increase in number of IT professionals experiencing them, for example concerns about securing corporate information rose from 67% in 2013 to 72% in. BYOD security challenges (2013 vs. ) Securing corporate informaaon 72% 67% Managing personal devices that contain both corporate and personal data and applicaaons 67% 63% Tracking and controlling access to corporate and private networks Keep device operaang system and applicaaons updated 46% 38% 59% 59% 2013 Finding agnosac security soluaons (i.e. managing all OSes) 14% 42% We have no challenges with BYOD 5% 7% 0% 10% 20% 30% 40% 50% 60% 70% 80% Interestingly, there was a dramatic increase in the ability to finding agnostic security solutions that can manage all operating systems across the wide range of mobile devices used. In 2013 only 14% listed finding agnostic security solutions as a top concern, but in that number rose dramatically to 42%. Cost of remediating security incidents is increasing The costs of remediating a security incident can be wide-ranging once you include staff time, legal fees, fines, resolution processes, and other expenses for each incident where corporate information has been lost or stolen from a mobile device. Most IT professionals (64%) report that the costs of remediating mobile security incidents is increasing, with only a small number (6%) reporting these costs are decreasing. Changing costs of remedia1ng mobile security incidents No change 30% Decreasing 6% Increasing 64% Page 6

Because of this wide range of possible expenses, the actual cost of a mobile security incident can be challening to calculate. IT executives had the most visibility into these costs, which can be substantial. Three-quarters (75%) of IT executives reported that a mobile security incident costs their company more than $10,000, including 42% who said it cost more than $250,000. This is an increase from 2013 where only 37% reported a mobile security incident cost more than $250,000. Cost of mobile security incidents (Execu'ves) 25% 33% 42% Less than $10,000 $10,000 - $250,000 2013 28% 35% 37% More than $250,000 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Perception of Android security risks grew again in IT professionals were asked which of the most common mobile platforms they viewed as being the greatest risk to their corporate security. The number of IT professionals saying Android was the riskiest increased and was by far the most frequent platform indicated (64%), followed by Apple/iOS (16%) and Windows Mobile (16%) and Blackberry (4%). Perception of Android security problems continued to grow dramatically as the platform perceived to have the greatest security risk (up from 49% in 2013 and 30% in 2012). Mobile platform perceived as greatest security risk (2012 vs. 2013 vs. ) 16% 64% 16% 4% Apple/iOS 2013 25% 49% 17% 9% Android Windows Mobile 2012 25% 30% 29% 16% Blackberry 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Apple/iOS decreased in perception as the riskiest mobile platform for the first time since this survey began, to 16% from 25% in both of the prior years. Windows Mobile saw about the same results after dropping considerably from 2012 to 2013. Blackberry dropped for the 2nd year in a row as the number of IT professionals who viewed this as the most risky platform decrease by more than a half. Page 7

Concern about careless employees is growing Employee behavior was found to have significant impacts on mobile security in this year s survey. IT professionals were asked which group of individuals was considered the greatest security risk careless employees or cybercriminals who intentionally try to steal corporate information. Careless employees continued to be reported as a greater security threat than cybercriminals with 87% of participants citing careless employees as the greatest security risk as opposed to only 13% citing cybercriminals. This is a notable increase from 2012 when the same question was asked and 72% cited careless employees. This reinforces the importance of implementing a strong combination of technology and security awareness throughout an organization. Greater security threat to mobile devices 87% 13% Careless employees 2012 72% 28% Hackers 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Employee actions have highest impact on vulnerability of mobile data Mobile security incidents can have a wide range of impacts. IT professionals were presented with a list of possible impacts and asked to rank them from first to last with the first being the factor that was the most impactful and the last being the factor that was the least impactful. Last year, lost or stolen devices was ranked first among IT professionals as the factor that had the greatest impact on the vulnerability of mobile data, followed by malicious applications downloaded to the mobile device. In, the role of employees rose significantly and is now represented in all the biggest impacts on the vulnerability of mobile data. This includes employees accidentally accessing malicious sites or downloading malicious content, lack of employee awareness about security policies, and employees intentionally ignoring security policies all surpassing lost or stolen mobile devices with corporate data. Impact on the vulnerability of mobile data 1. Employees accidentally accessing malicious sites or downloading malicious content 2. Lack of employee awareness about security policies 3. Employees intenaonally ignoring security policies 4. Lost or stolen mobile devices with corporate data 5. Security updates not kept current 6. High rate of users changing or upgrading their mobile device Page 8

Employee behavior can make a difference in preventing security reputation events Employee adherence to corporate security policies whether it be lack of awareness of security policies or employees intentionally ignoring security policies were ranked among the highest impacts on the vulnerability of mobile data. Recent months have seen a large number of very high profile customer data breaches. IT professionals were also asked if they felt employee behavior could have made a difference in preventing these embarrassing and customerimpacting issues. Two-thirds of participants (63%) indicated that it is likely employee carelessness contributed to recent high-profile breaches of customer data. The vast majority (92%) said that in their opinion employee behaviors could have made a difference. Likelihood recent high- profile breaches could have been prevented if employees followed security policies It wouldn t have made a difference 8% It s possible it might have made a difference 30% It is likely employee carelessness contributed 58% Employee carelessness caused these problems 5% 0% 10% 20% 30% 40% 50% 60% 70% More companies are managing employee-owned devices Once corporate data is on personal devices, it becomes a security risk point if those are not managed properly. In there was a significant increase in the number of IT organizations managing business data on the personal devices that employees use for work. More than half of organizations (56%) are managing the business data that exists on personal devices, up significantly from just over one-third (37%) in. Manage business data on personal devices 44% 56% No 2013 63% 37% Yes 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Page 9

Survey Methodology An independent database of IT and security professionals was invited to participate in a web survey on the topic of mobile devices and information security sponsored by Check Point. A total of 706 respondents across the United States, Canada, United Kingdom, Germany, Australia and New Zealand completed the survey. Each respondent had responsibility for securing company systems. Participants included IT executives, IT managers, and hands-on IT professionals, and represented a wide range of company sizes and industry verticals. Front- line IT professional 40% Job func)on IT execu(ve 26% IT team manager 34% IT security is part of my job 73% Responsibility for IT security IT security is my en.re job 27% 5,000 to 15,000 15% More than 15,000 16% 1,000 to 5,000 23% Company size 5 to 100 17% 100 to 1,000 29% This survey is the third in a series of surveys on this topic sponsored by Check Point. This report compares certain results to the results of similar questions asked in the past two years. About Dimensional Research Dimensional Research provides practical marketing research to help technology companies make their customers more successful. Our researchers are experts in the people, processes, and technology of corporate IT and understand how IT organizations operate. We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business. For more information visit. About Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point s award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft. Page 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback