Mobile Access to Corporate Data Surged 43 Percent in 2015

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

A recent Lookout survey of 588 IT and security leaders has found that mobile access to corporate data surged by 43 percent between 2014 and 2015, with 56 percent of data accessible on PCs now also accessible on mobile devices.

The survey, conducted by the Ponemon Institute, also found that 67 percent of respondents said it was certain or likely that their organization had already sustained a data breach as a result of employees using mobile devices to access the company's sensitive and confidential information.

While IT believes, on average, that just 19 percent of employees can access customer records via their mobile devices, 43 percent of employees say they have access to that data -- and similarly, while IT believes that only 8 percent of employees have access to confidential or classified documents on their mobile devices, 33 percent actually do.

Just 36 percent of respondents said their organization is vigilant in protecting sensitive or confidential data on employees' mobile devices.

"While many organizations still consider it 'early days' in their mobile deployments, this does not mean they should be 'early days' in their security," security advisor Craig Shumard, said in a statement. "It's never been more clear that mobile devices can be a critical part of the attack equation. With the rise in access to corporate data via mobile devices, those devices will become bigger targets for the bad guys. And the cost to the enterprise will only increase."

According to the Lookout report, the economic impact of a mobile data breach, including direct operational costs as well as potential maximum loss from non-compliance and reputational data, could be as high as $26.4 million.

The average enterprise spends up to $16.3 million per year investigating, containing and remediating mobile malware-based attacks.

Still, a recent survey of almost 700 IT professionals worldwide, conducted by Ultimate Windows Security on behalf of HEAT Software, found that fully 37 percent of respondents don't use any enterprise mobility management (EMM) solution at all -- 25 percent of enterprises and 58 percent of small businesses have no EMM solution in place.

"Organizations seeking to improve their security stance around mobile applications should continue to embrace EMM and implement, at a minimum, additional features such as secure containers and content access to ensure that they address data security concerns," the report states.

Separately, a Centrify survey of 100 RSA attendees found that while 69 percent of wearable device owners don't use any login credentials (such as PINs, passwords or fingerprint scanners) to access their devices, fully 56 percent use those devices to access business apps such as Box, Slack, Trello, Dropbox, Salesforce, Google Docs and Microsoft Office.

When asked what their top security concerns were regarding wearable devices, the leading responses were identity theft (42 percent), lack of IT management and device control (34 percent), and a general increase in breaches of sensitive work data or information (22 percent).

"As wearables become more common in the enterprise, IT departments must take serious steps to protect them as carefully as they do laptops and smartphones," Centrify chief product officer Bill Mann said in a statement. "Wearables are deceptively private. Owners may feel that due to their ongoing proximity to the body, they’re less likely to fall into the wrong hands. However, hackers don’t need to take physical possession of a device in order to exploit a hole in security."

Recent eSecurity Planet articles have offered advice on mitigating security risks from wearables and examined the 10 trickiest mobile security threats.