| Executives February 14, 2018
February 14, 2018
Government agencies are being actively attacked on mobile, according to a new Lookout survey of 200 security and IT professionals. Today, 60.5% of government agencies have experienced a security incident on a mobile device*.
While many government agencies appear to believe that mobile attacks are a thing of the future, federal employees are increasingly using their mobile devices for work, introducing new risk into the workplace as we speak. In light of this new digital transformation, the main problem government agencies face is a misalignment between the security policies they set, and what they say their employees are actually doing.
As part of the survey, Lookout asked government IT and security leaders - specifically those involved with setting or implementing mobile policies - what policies they have enacted and what they believe their employees are actually doing. The results showed that while government agencies are actively thinking about how to protect mobile devices by setting up policies, they do not have a way to enforce them. They also often report that employees engage in behaviors contrary to their agency's policies.
The Federal government, like any organization, faces the Spectrum of Mobile Risk. Employees are enjoying the benefits of mobile work, including new productivity and flexibility, but it also opens agencies up to new vectors through which attackers could gain access to government systems.
The Spectrum of Mobile Risk outlines these vectors including:
Check out the Mobile Risk Matrix to get a visual look into Spectrum of Mobile Risk.
Mobile policies, and management solutions like EMM/MDM, are not enough to protect mobile devices. Employees will not always follow the rules, leaving open significant holes.
Government agencies need a mobile threat defense solution that will ensure that government data is remains secure even when employees fail to follow policies or mistakenly encounter a malicious website, app, or network.
Capabilities should include:
With incidents such as John Kelly's mobile compromise, and the subsequent ban, it's clear that the government is thinking about how to handle mobile. A mandate is coming. Good preparation will both protect agencies from the mobile attacks that are actively happening to peer agencies and prevent the inevitable scramble when the mandate arrives.
Download the new report "Policies and misconceptions: How government agencies are handling mobile security in the age of breaches" to learn more.
*Methodology: The survey was conducted on the behalf of Lookout by Market Cube between October 20, 2017 and November 8,2017 among 200 United States federal IT and security employees.