32% Of Enterprises Sacrificing Mobile Security For Speed
Just when you thought there were enough company-crushing data breaches and hacks to raise awareness and scare the daylights out of an IT team, a new survey uncovers eye-opening admissions from enterprise technology executives and how mobile security continues to be put on the backburner.
Verizon released a report this week about the state of mobile security in the enterprise, conducted by an independent research firm, surveying more than 600 mobility professionals. Some of the takeaways are head-scratching, and future outlooks remain in the eye of the beholder, considering the lack of forward progress made leading up to this survey.
For starters, 32% of respondents said they knowingly and intentionally sacrificed mobile security to improve expediency or business performance. The ROI for that decision? Forty-five percent of that group said it suffered data loss or downtime as a result of a mobile security incident in 2017.
The data went further to suggest enterprises weren’t engaging in proper mobile security hygiene, listing four specific protocols necessary to keep the perimeter safe:
- Changing all default passwords
- Encrypting data sent over public networks
- Restricting access on a need-to-know basis
- Regularly testing security systems
The results showed just 14%, or one-in-seven organizations, had all four in place, while 11% had none. Add to that a casual response to shadow IT – 41% of employers don’t restrict which apps are downloaded to employees’ mobile phones – and there’s a recipe for disaster being baked into the daily workflow of any organization with a mobile footprint.
In breaking down the mobile issues by industry, there was one common denominator: eight out of every 10 companies across seven major sectors all say mobility is undoubtedly creating more risk in their enterprise.
So now that the faults of so many mobile enterprises have been laid bare, will there be a cognizant change in how security is handled? The technology is changing, whether administrators are ready or not.
There’s a consensus building that 2018 will be the beginning of the end for passwords on mobile devices, as they create barriers to quicker production and oftentimes actually enhance hacker’s capabilities rather than thwart them.
“This year, 2018, is the year the world will start shifting away from authentication methods currently used in business,” said ESG Analyst Mark Bowker. “The FIDO Alliance is seeing success as solutions are emerging from Bank of America, ING, and PayPal, and enterprise application companies like Salesforce and Dropbox.”
But if enterprises are slow to adopt basic security protocols as the survey outlined, how will they adapt to future technologies? The answer is simple: It’ll be forced upon them. As previously reported by Enterprise Mobility Exchange, it’s been forecast that all smartphones manufactured from 2020 and on will have biometric capabilities, so any company operating in a BYOD environment will have this at their fingertips, and newer organizations beginning to spend budget on mobile device technology over the next half decade will automatically have one form of next generation authentication at the ready.
The positive in all this is recognition from the board room that things are changing, and adaptations need to be made.
Respondents admitted budget is not a barrier to better security, and 61% claimed their mobile security budget will increase in the next 12 months. The remainder said it would remain the same.
Where changes can be made, simply and quickly, is in driving awareness to the end user. Sixty-two percent of survey takers said lack of understanding of threats and solutions is a barrier to mobile security, with another 17% saying it was a “significant” barrier.
So the future is simple for enterprises falling behind the mobile security wave. Keep investing in the right solutions for your specific company; embrace new technologies, as they’re designed to make security hygiene better; and please, don’t leave your workforce out to dry. Train them, make them aware, and never stop pushing the issue.
Your company’s data and sensitive information is smartphone swipe away from falling into the wrong hands. But it doesn’t have to be.