When you hear about major corporate breaches in the news, they don’t always originate from the same threat vector. Sony was allegedly hacked through PCs, Target through point of sale systems, J.P. Morgan likely through unprotected server infrastructure, the IRS through its “Get Transcript” app.
According to a new report from IDG Research, mobile is an important vector for attack. Seventy-four percent of IT leaders from global enterprises report that their organizations have experienced a data breach as a result of a mobile security issue.
Data breaches can have wide-reaching, damaging effects, and unfortunately, too many organizations are finding this out only after suffering an attack. One of the IDG survey respondents, the IT leader of a mid-sized professional services organization, says his company was quite surprised at how its breach came about. Although it initially appeared that a rogue employee within the business was leaking sensitive information to unauthorized parties, they eventually discovered the culprit was a compromised mobile device with high-level access to a company database.
“It took a little over a month to pinpoint exactly where the breach transpired,” he says. “However, after a significant amount of effort, we were able to find malware installed on a company-owned mobile device assigned to one of our executives. We are still going through the due diligence process to determine the particulars around how the malware ended up on this device. However, it definitely opened our eyes to the dangers of allowing users to access data from their mobile devices.”
When employees carry around or are able to access massive amounts of corporate data on their mobile devices, IT and security leaders need visibility into the potential security risks that may be present on those devices.
The good news is that the IT leaders surveyed by IDG recognize the risks and are making it a priority to invest in security solutions that protect mobile devices and in turn, the data they access and store.
With mobility, even corporate owned devices have become personal ones. Employees may download a free game or connect to the free WiFi at a local coffee shop, both seemingly benign activities that may actually put corporate data at risk. Now, it’s more important than ever to supplement mobile security technology with employee education around the mobile device behaviors that may be risky.
October is Cybersecurity Awareness Month and throughout the month, Lookout will be sharing actionable mobile security advice that will teach readers about the risks and what can be done to keep information and accounts safe. Follow our blog to stay informed
Download the full report from IDG.