Organizations Must Evaluate and Enforce Mobile Policies, BlackBerry Study Finds

Esther Shein

Although extensive resources have been dedicated to mobile security, many IT decision-makers remain highly concerned about the number of vulnerabilities that persist, according to a just-released study by mobile device and security services provider BlackBerry. 

A mobile security strategy is in place in 73 percent of organizations, but only three percent have implemented “the highest levels of security possible,” the survey found. User attitudes is one reason for the low figure. Some 82 percent of the executives acknowledge that employees are frustrated by mobile security precautions and they potentially hinder productivity. Overall, 44 percent said they are concerned that too much mobile security will prevent employees from doing their job. 

One of the more significant findings was that 86 percent of executives believe they will experience more security breaches through mobile devices as a result of the growing trend of BYOD (bring your own device). Although a critical element to a successful BYOD or COPE (corporate owned, personally enabled) mobile environment is ensuring the separation of personal and business mobile data, a process known as containerization, nearly 45 percent have no containerization technology in place, the Blackberry study found.

“The frequency and severity of malicious attacks have made mobile security the center of attention for CEOs and boards of directors, but doing enough to mitigate risk is still a persistent problem that needs to be solved, said David Kleidermacher, chief security officer at BlackBerry, in a statement. “This is especially true as the constant adoption of new technologies regularly brings the potential for new vulnerabilities, which can offset the benefits.”

The research also uncovered that nearly half of organizations do not have a Security Incident Response Team (SIRT) in place, even though it is considered an industry best practice to reduce the cost of data breaches. IT decision makers also utilize outside help when it comes to securing their mobile environments, according to the findings. Of those surveyed, 59 percent report that external expertise is the best option for reviewing mobile practices.  

Other vertical industry findings:

Only around four in 1o respondents’ organizations have a mobile device management (MDM) strategy in place. Of these respondents, many felt their organization’s mobile device security strategy is not good enough, specifically:

o   Financial services: 44 percent

o   Government: 52 percent

o   Healthcare: 37 percent

o   Legal: 54 percent

Overall, 47 percent believe that popular BYOD policies leave the company vulnerable to too many risks, and those concerns are reflected in different sectors:

o   Financial services: 55 percent

o   Healthcare: 50 percent

o   Government: 43 percent

o   Legal: 53 percent

Seventy-three percent see mobile security controls as either an “obstruction” or a “complete obstruction” and in some industries it’s even worse:  

o   Financial services: 78 percent 

o   Healthcare: 78 percent

o   Government: 85 percent

o   Legal: 94 percent

Executives generally believe, however, that a strong mobile security posture can offer significant benefits:

- 67 percent say their data is more secure

- 64 percent see increased mobility for employees

- 51 percent have experienced fewer security breaches

- 50 percent find it easier to comply with regulations

- Enhanced compliance is a benefit for financial services (55 percent), healthcare (54 percent) and IT/computer services (65 percent)

“All mobile security policies must be consistently evaluated and tweaked, but also regularly overhauled,” Kleidermacher stated. 

The study surveyed 1,000 executives from seven countries across a wide range of vertical industries, including financial services, government and healthcare in April and May, 2016.