A new study demonstrates the prevalence of many data breaches caused by employee mobile devices. The report, conducted by The Ponemon Institute and Lookout, polled 588 information technology and security professionals at Global 2,000 companies, and found that the economic risk of mobile breaches can be as high as $26.4 million.
The report also noted a startling gap between the information that employees say they have access to on their mobile devices, compared to the information that IT security pros believe they can access on their devices.
The study showed that only 19 percent of IT professionals believed employees could access customer records (compared to 43 percent). Similarly, 18 percent of security pros said employees could access employees PII and only 8 percent of pros said employees could access classified documents on their mobile devices (compared to the percent of employees who said they could access the same information, at 52 and 33 percent, respectively).
“It’s a losing battle to think that you can successfully lock down a device that is used for productivity,” Lookout Principal Product Manager David Richardson told SCMagazine.com. “The employee will find a way.”
The report is only the latest indicator that employees have become the weakest link in the information security hierarchy. Increasingly, reports show attackers are forgoing complex malware campaigns and instead using simple phishing schemes to launch attacks.
While seventy-four percent of participants said employees’ access to sensitive or confidential data has increased significantly in the past two years, only 33 percent of these security pros said their company is careful to protect sensitive or confidential data from unauthorized employee access.
The report found that 3 percent of devices are infected with malware. This figure translates to an average of more than 1,700 infected devices at an enterprise connecting to a network.
Richardson said IT professionals need to begin thinking about mobile devices as fully functioning computers and manage devices accordingly – especially in terms of connecting to networks and downloading applications.