A lack of mobility in today’s market could harm a business in many ways. Not being mobile might lead it to miss out on consumer solutions or result in missed business opportunities. As a result, enterprise mobility has become a must-have for modern organizations, delivering many successes and opportunities. Yet despite the advantages of mobility, security threats are fast evolving through malware sophistication and targeting and pose a real threat to your company’s security.
In this post, we want to highlight a few facts about enterprise mobile security and how organizations who want to embrace enterprise mobility can go about avoiding the associated threats.
Mobile Devices & Threats
According to research by the Enterprise Strategy Group, enterprise mobility technology spending plans for the next 12 months show an 18% increase in BYOD initiatives and a 19% increase in mobile applications deployment. For Q3 2014, Android OS achieved a worldwide Smartphone market share of over 84%, a remarkable increase from 17.2% in 2010. Equally there has been a huge growth in Android malware, with about 99% of all mobile malware detected by Kaspersky Lab in 2012 designed to attack Android devices.
In 2014 alone, about 81% of organizations suffered a data loss incident and new malware increased by 71%; a clear message about cybercrime reaching a critical point. A 2015 global study by Check Point shows that 59% of organizations with a BYOD policy are faced with the problem of tracking/controlling access to corporate and private networks, while 46% are faced with the challenge of keeping device OS and apps updated.
The Changing Mobile Landscape
We want to highlight six areas where organizations can make more effort in managing exposure to the various security threats that come with enterprise mobility, becoming proactive in preventing vulnerability.
1. Mobile Endpoints
The current use of enterprise mobile endpoints for Android (66%), Apple (77%) and Windows (33%) is set to significantly rise (by 20% for Android, 10% for Apple and 30% for Windows). Organizations can better manage their growing mobile device fleet by setting and maintaining security policies, protecting information on devices, and by applying authentication to both networks and applications.
2. Device-Level Security
Respondents of a Ponemon mobile security survey indicated lax attitudes to mobile security. While 77% of people viewed mobile technology as essential and 76% thought mobile usage could negatively impact security, only 39% had mobile security measures in place. Better identity and access management systems for tracking user account changes and the ability to establish patterns and define normal activity are some of the ways in which organizations can successfully mitigate the risk of device-level data breach.
3. Mobile Applications
With a basic security test fail rate of over 75% for mobile apps due to a number of factors ranging from lack of proper encryption to the number of weekly attacks on mobile apps, it is no surprise that mobile device breaches are hitting companies very hard. Organizations must first educate their employees about the risks associated with mobile applications, then standardize on trusted enterprise-grade applications, implement category-based applications management processes and encrypt documents to prevent data loss.
4. Cyber Security Strategy
According to Cisco’s 2015 Annual Security Report, a cyber security benchmark showed that while 90% of respondents were confident in their security capabilities, a full 60% were not patching software and systems. Organizations must build on the following security principles: security must support the business, work with existing architecture and be usable, be transparent and informative, enable visibility and appropriate action and, finally, must be viewed as a people problem.
5. App Stores & Developers
Mobile apps can easily copy personal details, GPS coordinates or details of all apps installed on a device and upload them. Organizations now face high-risk application events as many as 305 times per day - up 88% from last year’s rate of 162 times per day - as a direct consequence of downloaded apps. Organizations therefore need to implement a software-defined protection architecture and combine OS and CPU level sandboxing with threat extraction technologies to mitigate against fast-evolving attacks from app store and/or developer vulnerabilities.
6. Wipe Data
IBM’s MaaS360 analytics gathered from global IT organizations indicate that on average, 450 devices get wiped in a day, with 51% using manual wipe and only 37% doing a full wipe. Improved containerization capabilities are essential for organizations to be able to isolate work data, making it easier to perform selective wipes or even repurpose a device previously used by another employee.
Secure the Future
Organizations must be future minded, setting clear long term objectives on how to optimize security infrastructure, tools and technologies in order to be prepared for the ever increasing vulnerabilities and threats resulting from the changing mobile landscape. By understanding both potential and unknown cyber security threats, utilizing the expertise of information security professionals and creating solid plans that align with your business, you can turn security into an enabler and fully reap the benefits of the mobile enterprise.
Have you already tried Infragistics SharePlus, our native mobile SharePoint solution? SharePlus is amazingly easy to adopt and loved by users working with SharePoint on the go. Sign up for a SharePlus Enterprise demo today.