SlideShare ist ein Scribd-Unternehmen logo

“The Impact of Mobile Devices on Information Security: A Survey of IT and Security Professionals”.

Thierry Labro
Thierry Labro

“The Impact of Mobile Devices on Information Security: A Survey of IT and Security Professionals”.

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS October 2014 Sponsored by
© 2014 Dimensional Research. All Rights Reserved. www.dimensionalresearch.com Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information is easily transported outside of managed environments, while the Bring Your Own Device (BYOD) movement has dramatically increased the number of expensive security incidents. In recent months, we have seen several highly visible, high-impact corporate hacks. These highly publicized breaches have significant financial impact as well as risk to the company’s reputation. Mobile security is of utmost concern as the number of personal devices connecting to corporate networks continues to grow. The following report, sponsored by Check Point, is based on a global survey of 706 IT and security professionals conducted in the United States, Canada, Germany, United Kingdom, Australia and New Zealand. The goal of the survey was to capture data on current attitudes and trends with mobile devices and IT security. This is the third survey on this topic sponsored by Check Point and this report evaluates differences in responses to similar questions asked over the past two years. Executive Summary 1. Number of personal mobile devices connecting to corporate networks continues to grow 2. The cost of remediating mobile security incidents continues to increase 3. Employee behavior is a significant factor in mobile security Key Findings • Number of personal devices connecting to corporate networks continues to grow --75% allow personal devices to connect to corporate networks, an increase from 67% in 2013 and 65% in 2012 --91% say the number of personal devices connecting to corporate networks is growing --72% more than doubled the number of connected personal mobile devices in the past two years • Mobile security incidents are on the rise, and so is the cost of fixing them --82% of security professionals expect mobile security incidents to increase this year --98% have concerns about the impact of a mobile security incident --95% face challenges with the security of BYOD --64% say cost of remediating mobile security incidents is increasing --42% of executives say a mobile security incident costs more than $250,000 --64% cite Android as the mobile platform with the greatest risk, up from 49% in 2013 and 30% in 2012 • Employee behavior is a significant factor in information security --87% say careless employees are a greater threat to security than cybercriminals, up from 72% in 2012 --Employee actions have the highest impact on vulnerability of mobile data --63% say employees likely contributed to recent high-profile security breaches --92% say employee behaviors could have made a difference in preventing high-profile security breaches --56% are managing business data on employee-owned personal devices, up from 37% in 2013 THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 Sponsored by
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 3 All Rights Reserved. Detailed Findings Continued growth in the number of companies with mobile devices connecting to corporate networks IT professionals were asked if mobile devices, such as smartphones or tablets, were allowed to connect to their corporate networks. Most reported broad use of mobile devices within their organizations, with 95% saying that they had mobile devices connecting to corporate networks, including 74% who allowed both personal and company owned devices, 20% who allowed only company-owned mobile devices, and 1% that had only personal mobile devices. The 1% all worked at small companies. This is a slight increase in the number of companies that allow mobile devices on their corporate networks compared to 93% in 2013. More corporate networks include personal devices If we consider only personally-owned mobile devices connecting to corporate networks, 2014 has seen a more significant growth rate than in the past. In 2014, 75% of IT professionals reported that devices owned personally by employees, contractors, or others connect to their corporate networks, up from 67% in 2013 and 65% in 2012. Yes 95% No 5% Mobile devices connect to corporate networks 65% 67% 75% 35% 33% 25% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2012 2013 2014 Companies allowing personal mobile devices to connect corporate networks Yes No
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 4 All Rights Reserved. Companies have an increasing number of personal mobile devices connecting to their networks IT professionals whose companies do allow personally-owned mobile devices were asked how much growth there has been in the number of personal devices on their corporate networks. The vast majority, 91%, have seen an increase in the number of mobile devices connecting to corporate networks over the past two years. For most participants, the increase was very dramatic with 72% saying they more than doubled the number of personal mobile devices in this timeframe. Mobile security incidents expected to grow With the high rate of growth of mobile devices, particularly personal mobile devices connecting to corporate networks, it is unsurprising that the number of security incidents is also expected to grow. Among all IT professionals, about two-thirds (64%) expected to see an increase in the number of mobile security incidents. Interestingly, IT professionals in general were more optimistic than the IT professionals who focus exclusively on security as their entire job. Among the security professionals who spend all their time thinking about securing corporate data and systems, a shocking 82% expect the number of security incidents to increase. Not a single dedicated security professional (0%) indicated that they expected the number of mobile security incidents to decrease this year, although among all IT professionals, including those for whom security was only part of their job, 7% felt that the steps they were taking to ensure security would decrease the number of security incidents. No increase 9% Less than twice as many 19% Between 2 and 5 8mes 46% More than 5 8mes 26% Increase in number of personal devices connec3ng to corporate networks Increase 64% Decrease 7% No change 29% Expected change in number of security incidents in coming year (All IT professionals) Increase 82% Decrease 0% No change 18% Expected change in number of security incidents in coming year (Dedicated security professionals only)
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 5 All Rights Reserved. IT professionals are concerned about the business impact of mobile security incidents Nearly all IT professionals (98%) have concerns about the impact of a mobile security incident. When asked about their greatest concerns, lost or stolen information topped the list with 82% of IT professionals citing this as an issue, followed by 61% who worried about introducing security weaknesses for future attacks. Participants who took the time to write in “Other” answers specifically called out worries about reputation and bad press, loss of productivity while correcting problems, and costs to stay within security standards and compliance. Securing corporate information remains greatest challenge in adopting BYOD BYOD or “Bring Your Own Device” continues to cause challenges for corporate IT. The majority of participants, 95%, reported that when employees use their own smartphones, tablets, or other devices to work with business information, it creates security challenges. IT professionals report that the most common challenge faced by IT organizations in adopting a BYOD policy is securing corporate information (72%), followed by managing personal devices that contain corporate and personal data and applications (67%), and tracking and controlling access to corporate and private networks (59%). 2% 3% 31% 43% 61% 82% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% No concerns Other Cost of replacing lost or stolen devices Compliance violaAon and fines IntroducAon of security weakness for future aHacks Lost or stolen informaAon Mobile security incident concerns 5% 2% 42% 46% 59% 67% 72% 0% 10% 20% 30% 40% 50% 60% 70% 80% We have no challenges with BYOD Other Finding agnosBc security soluBons (i.e. managing all OSes) Keep device operaBng system and applicaBons updated Tracking and controlling access to corporate and private networks Managing personal devices that contain both corporate and personal data and applicaBons Securing corporate informaBon BYOD security challenges
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 6 All Rights Reserved. The specific challenges and importance of the challenges did not change significantly from year to year, but the overall number of IT professionals facing security concerns as well as the number concerned about particular items, has increased across the board. The overall number of IT professionals who face security challenges rose from 93% in 2013 to 95% in 2014. Most challenges saw a slight in increase in number of IT professionals experiencing them, for example concerns about securing corporate information rose from 67% in 2013 to 72% in 2014. Interestingly, there was a dramatic increase in the ability to finding agnostic security solutions that can manage all operating systems across the wide range of mobile devices used. In 2013 only 14% listed finding agnostic security solutions as a top concern, but in 2014 that number rose dramatically to 42%. Cost of remediating security incidents is increasing The costs of remediating a security incident can be wide-ranging once you include staff time, legal fees, fines, resolution processes, and other expenses for each incident where corporate information has been lost or stolen from a mobile device. Most IT professionals (64%) report that the costs of remediating mobile security incidents is increasing, with only a small number (6%) reporting these costs are decreasing. 7% 14% 38% 59% 63% 67% 5% 42% 46% 59% 67% 72% 0% 10% 20% 30% 40% 50% 60% 70% 80% We have no challenges with BYOD Finding agnosAc security soluAons (i.e. managing all OSes) Keep device operaAng system and applicaAons updated Tracking and controlling access to corporate and private networks Managing personal devices that contain both corporate and personal data and applicaAons Securing corporate informaAon BYOD security challenges (2013 vs. 2014) 2014 2013 Increasing 64% Decreasing 6% No change 30% Changing costs of remedia1ng mobile security incidents
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 7 All Rights Reserved. Because of this wide range of possible expenses, the actual cost of a mobile security incident can be challening to calculate. IT executives had the most visibility into these costs, which can be substantial. Three-quarters (75%) of IT executives reported that a mobile security incident costs their company more than $10,000, including 42% who said it cost more than $250,000. This is an increase from 2013 where only 37% reported a mobile security incident cost more than $250,000. Perception of Android security risks grew again in 2014 IT professionals were asked which of the most common mobile platforms they viewed as being the greatest risk to their corporate security. The number of IT professionals saying Android was the riskiest increased and was by far the most frequent platform indicated (64%), followed by Apple/iOS (16%) and Windows Mobile (16%) and Blackberry (4%). Perception of Android security problems continued to grow dramatically as the platform perceived to have the greatest security risk (up from 49% in 2013 and 30% in 2012). Apple/iOS decreased in perception as the riskiest mobile platform for the first time since this survey began, to 16% from 25% in both of the prior years. Windows Mobile saw about the same results after dropping considerably from 2012 to 2013. Blackberry dropped for the 2nd year in a row as the number of IT professionals who viewed this as the most risky platform decrease by more than a half. 28% 25% 35% 33% 37% 42% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 Cost of mobile security incidents (Execu'ves) Less than $10,000 $10,000 -­‐ $250,000 More than $250,000 Mobile platform perceived as greatest security risk (2012 vs. 2013 vs. 2014) 25% 25% 16% 30% 49% 64% 29% 17% 16% 16% 9% 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2012 2013 2014 Apple/iOS Android Windows Mobile Blackberry
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 8 All Rights Reserved. Concern about careless employees is growing Employee behavior was found to have significant impacts on mobile security in this year’s survey. IT professionals were asked which group of individuals was considered the greatest security risk —careless employees or cybercriminals who intentionally try to steal corporate information. Careless employees continued to be reported as a greater security threat than cybercriminals with 87% of participants citing careless employees as the greatest security risk as opposed to only 13% citing cybercriminals. This is a notable increase from 2012 when the same question was asked and 72% cited careless employees. This reinforces the importance of implementing a strong combination of technology and security awareness throughout an organization. Employee actions have highest impact on vulnerability of mobile data Mobile security incidents can have a wide range of impacts. IT professionals were presented with a list of possible impacts and asked to rank them from first to last with the first being the factor that was the most impactful and the last being the factor that was the least impactful. Last year, lost or stolen devices was ranked first among IT professionals as the factor that had the greatest impact on the vulnerability of mobile data, followed by malicious applications downloaded to the mobile device. In 2014, the role of employees rose significantly and is now represented in all the biggest impacts on the vulnerability of mobile data. This includes employees accidentally accessing malicious sites or downloading malicious content, lack of employee awareness about security policies, and employees intentionally ignoring security policies all surpassing lost or stolen mobile devices with corporate data. 72% 87% 28% 13% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2012 2014 Greater security threat to mobile devices Careless employees Hackers 6. High rate of users changing or upgrading their mobile device 5. Security updates not kept current 4. Lost or stolen mobile devices with corporate data 3. Employees intenAonally ignoring security policies 2. Lack of employee awareness about security policies 1. Employees accidentally accessing malicious sites or downloading malicious content Impact on the vulnerability of mobile data
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 9 All Rights Reserved. Employee behavior can make a difference in preventing security reputation events Employee adherence to corporate security policies whether it be lack of awareness of security policies or employees intentionally ignoring security policies were ranked among the highest impacts on the vulnerability of mobile data. Recent months have seen a large number of very high profile customer data breaches. IT professionals were also asked if they felt employee behavior could have made a difference in preventing these embarrassing and customer-impacting issues. Two-thirds of participants (63%) indicated that it is likely employee carelessness contributed to recent high-profile breaches of customer data. The vast majority (92%) said that in their opinion employee behaviors could have made a difference. More companies are managing employee-owned devices Once corporate data is on personal devices, it becomes a security risk point if those are not managed properly. In 2014 there was a significant increase in the number of IT organizations managing business data on the personal devices that employees use for work. More than half of organizations (56%) are managing the business data that exists on personal devices, up significantly from just over one-third (37%) in 2014. 5% 58% 30% 8% 0% 10% 20% 30% 40% 50% 60% 70% Employee carelessness caused these problems It is likely employee carelessness contributed It’s possible it might have made a difference It wouldn’t have made a difference Likelihood recent high-­‐profile breaches could have been prevented if employees followed security policies 63% 44% 37% 56% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 Manage business data on personal devices No Yes
THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 10 All Rights Reserved. Survey Methodology An independent database of IT and security professionals was invited to participate in a web survey on the topic of mobile devices and information security sponsored by Check Point. A total of 706 respondents across the United States, Canada, United Kingdom, Germany, Australia and New Zealand completed the survey. Each respondent had responsibility for securing company systems. Participants included IT executives, IT managers, and hands-on IT professionals, and represented a wide range of company sizes and industry verticals. This survey is the third in a series of surveys on this topic sponsored by Check Point. This report compares certain results to the results of similar questions asked in the past two years. About Dimensional Research Dimensional Research® provides practical marketing research to help technology companies make their customers more successful. Our researchers are experts in the people, processes, and technology of corporate IT and understand how IT organizations operate. We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business. For more information visit www.dimensionalresearch.com. About Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point’s award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft. 5 to 100 17% 100 to 1,000 29% 1,000 to 5,000 23% 5,000 to 15,000 15% More than 15,000 16% Company size IT execu(ve 26% IT team manager 34% Front-­‐line IT professional 40% Job func)on IT security is my en.re job 27% IT security is part of my job 73% Responsibility for IT security

Empfohlen

The impact of mobile devices on information security
The impact of mobile devices on information securityThe impact of mobile devices on information security
The impact of mobile devices on information security
Bee_Ware
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
SelectedPresentations
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016
Samir Kotarwar
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
Enterprise Management Associates
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
IBM Security
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey Report
Symantec
 
Top Risks of Enterprise Mobility
Top Risks of Enterprise MobilityTop Risks of Enterprise Mobility
Top Risks of Enterprise Mobility
Symantec
 

Empfohlen

The impact of mobile devices on information security
The impact of mobile devices on information securityThe impact of mobile devices on information security
The impact of mobile devices on information security
Bee_Ware
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
SelectedPresentations
 
Wireless survey-report-saa-2016
Wireless survey-report-saa-2016Wireless survey-report-saa-2016
Wireless survey-report-saa-2016
Samir Kotarwar
 
EMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-SecurityEMA Megatrends in Cyber-Security
EMA Megatrends in Cyber-Security
Enterprise Management Associates
 
What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020What are top 7 cyber security trends for 2020
What are top 7 cyber security trends for 2020
TestingXperts
 
Mobile Vision 2020
Mobile Vision 2020Mobile Vision 2020
Mobile Vision 2020
IBM Security
 
Norton Mobile Apps Survey Report
Norton Mobile Apps Survey ReportNorton Mobile Apps Survey Report
Norton Mobile Apps Survey Report
Symantec
 
Top Risks of Enterprise Mobility
Top Risks of Enterprise MobilityTop Risks of Enterprise Mobility
Top Risks of Enterprise Mobility
Symantec
 
Va\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutionsVa\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutions
iansadler
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
Blueboxer2014
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
Camilo Fandiño Gómez
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study
Tam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - final
SelectedPresentations
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
Arrow ECS UK
 
Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015
Symantec
 
INFOGRAPHIC: The Evolution of Data Privacy
INFOGRAPHIC: The Evolution of Data PrivacyINFOGRAPHIC: The Evolution of Data Privacy
INFOGRAPHIC: The Evolution of Data Privacy
Symantec
 
Exploring Consumer Attitudes & Actions on Key Tech Policy Issues 2014
Exploring Consumer Attitudes & Actions on Key Tech Policy Issues 2014Exploring Consumer Attitudes & Actions on Key Tech Policy Issues 2014
Exploring Consumer Attitudes & Actions on Key Tech Policy Issues 2014
Edelman
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
Symantec
 
2013 byod mobile index
2013 byod mobile index2013 byod mobile index
2013 byod mobile index
Prayukth K V
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
Silicon Valley Bank
 
The State of IT Security for 2019
The State of IT Security for 2019The State of IT Security for 2019
The State of IT Security for 2019
Precisely
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
Silicon Valley Bank
 
Mobility Index Report за 2 квартал 2015
Mobility Index Report за 2 квартал 2015Mobility Index Report за 2 квартал 2015
Mobility Index Report за 2 квартал 2015
AppTractor
 
2010 GISS EY
2010 GISS EY2010 GISS EY
2010 GISS EY
Vladimir Matviychuk
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
 
The consumerization of it
The consumerization of itThe consumerization of it
The consumerization of it
Daniel J Delaney
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017
Ir. Indin Hasan ST, MT, IPM, ASEAN Eng
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
Lumension
 
Infosecurity Europe - Infographic
Infosecurity Europe - InfographicInfosecurity Europe - Infographic
Infosecurity Europe - Infographic
Synopsys Software Integrity Group
 
2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report
DImension Data
 

Weitere ähnliche Inhalte

Was ist angesagt?

2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study
Tam Nguyen
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - final
SelectedPresentations
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
Arrow ECS UK
 
Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015
Symantec
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
nooralmousa
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
Lumension
 

Was ist angesagt? (20)

Va\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutionsVa\\lue of e-safebusiness solutions
Va\\lue of e-safebusiness solutions
 
Mobile Security Trends in the Workplace
Mobile Security Trends in the WorkplaceMobile Security Trends in the Workplace
Mobile Security Trends in the Workplace
 
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYODIBM Seguridad Móvil - Acompaña tu estrategia BYOD
IBM Seguridad Móvil - Acompaña tu estrategia BYOD
 
2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study2013-ISC2-Global-Information-Security-Workforce-Study
2013-ISC2-Global-Information-Security-Workforce-Study
 
Prof m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - finalProf m01-2013 global information security workforce study - final
Prof m01-2013 global information security workforce study - final
 
Symantec Mobile Security
Symantec Mobile SecuritySymantec Mobile Security
Symantec Mobile Security
 
Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015Symantec Intelligence Report: May 2015
Symantec Intelligence Report: May 2015
 
INFOGRAPHIC: The Evolution of Data Privacy
INFOGRAPHIC: The Evolution of Data PrivacyINFOGRAPHIC: The Evolution of Data Privacy
INFOGRAPHIC: The Evolution of Data Privacy
 
Exploring Consumer Attitudes & Actions on Key Tech Policy Issues 2014
Exploring Consumer Attitudes & Actions on Key Tech Policy Issues 2014Exploring Consumer Attitudes & Actions on Key Tech Policy Issues 2014
Exploring Consumer Attitudes & Actions on Key Tech Policy Issues 2014
 
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
The Stand Against Cyber Criminals Lawyers, Take The Stand Against Cyber Crimi...
 
2013 byod mobile index
2013 byod mobile index2013 byod mobile index
2013 byod mobile index
 
SVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - OverviewSVB Cybersecurity Impact on Innovation Report - Overview
SVB Cybersecurity Impact on Innovation Report - Overview
 
The State of IT Security for 2019
The State of IT Security for 2019The State of IT Security for 2019
The State of IT Security for 2019
 
SVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation ReportSVB Cybersecurity Impact on Innovation Report
SVB Cybersecurity Impact on Innovation Report
 
Mobility Index Report за 2 квартал 2015
Mobility Index Report за 2 квартал 2015Mobility Index Report за 2 квартал 2015
Mobility Index Report за 2 квартал 2015
 
2010 GISS EY
2010 GISS EY2010 GISS EY
2010 GISS EY
 
Meraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless worldMeraj Ahmad - Information security in a borderless world
Meraj Ahmad - Information security in a borderless world
 
The consumerization of it
The consumerization of itThe consumerization of it
The consumerization of it
 
Ics white paper report 2017
Ics white paper report 2017Ics white paper report 2017
Ics white paper report 2017
 
State of endpoint risk v3
State of endpoint risk v3State of endpoint risk v3
State of endpoint risk v3
 

Ähnlich wie “The Impact of Mobile Devices on Information Security: A Survey of IT and Security Professionals”.

Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Capgemini
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
Matthew Rosenquist
 
White paper balance between embedded operating system security features and a...
White paper balance between embedded operating system security features and a...White paper balance between embedded operating system security features and a...
White paper balance between embedded operating system security features and a...
Javier Gonzalez
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
Matthew Rosenquist
 

Ähnlich wie “The Impact of Mobile Devices on Information Security: A Survey of IT and Security Professionals”. (20)

Infosecurity Europe - Infographic
Infosecurity Europe - InfographicInfosecurity Europe - Infographic
Infosecurity Europe - Infographic
 
2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report2014 Secure Mobility Survey Report
2014 Secure Mobility Survey Report
 
Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014Weathering mobile-storm-report-october-2014
Weathering mobile-storm-report-october-2014
 
Segurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago CavannaSegurinfo2014 Santiago Cavanna
Segurinfo2014 Santiago Cavanna
 
Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022) Global Cybersecurity Market (2017 - 2022)
Global Cybersecurity Market (2017 - 2022)
 
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
Cyber Security Conference - A deeper look at Microsoft Security Strategy, Tec...
 
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
Securing the Internet of Things Opportunity: Putting Cybersecurity at the Hea...
 
Securing the internet of things opportunity putting cybersecurity at the hear...
Securing the internet of things opportunity putting cybersecurity at the hear...Securing the internet of things opportunity putting cybersecurity at the hear...
Securing the internet of things opportunity putting cybersecurity at the hear...
 
Juniper Trusted Mobility Index 2012
Juniper Trusted Mobility Index 2012Juniper Trusted Mobility Index 2012
Juniper Trusted Mobility Index 2012
 
Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013 Data Protection Maturity Survey Results 2013
Data Protection Maturity Survey Results 2013
 
2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity2014 the future evolution of cybersecurity
2014 the future evolution of cybersecurity
 
Why Cybersecurity is a Data Problem
Why Cybersecurity is a Data ProblemWhy Cybersecurity is a Data Problem
Why Cybersecurity is a Data Problem
 
White paper balance between embedded operating system security features and a...
White paper balance between embedded operating system security features and a...White paper balance between embedded operating system security features and a...
White paper balance between embedded operating system security features and a...
 
White Paper: Balance Between Embedded Operating System Security Features and ...
White Paper: Balance Between Embedded Operating System Security Features and ...White Paper: Balance Between Embedded Operating System Security Features and ...
White Paper: Balance Between Embedded Operating System Security Features and ...
 
Cybersecurity in the Age of Mobility
Cybersecurity in the Age of MobilityCybersecurity in the Age of Mobility
Cybersecurity in the Age of Mobility
 
Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0Mobile malware and enterprise security v 1.2_0
Mobile malware and enterprise security v 1.2_0
 
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert CaliforniaBring Your Own Device 2014 TeamMate User Conference Palm Desert California
Bring Your Own Device 2014 TeamMate User Conference Palm Desert California
 
Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2Idge dell reignite2014 qp #2
Idge dell reignite2014 qp #2
 
2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance2018 State of Cyber Resilience for Insurance
2018 State of Cyber Resilience for Insurance
 
Future of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.RosenquistFuture of Cybersecurity 2016 - M.Rosenquist
Future of Cybersecurity 2016 - M.Rosenquist
 

Mehr von Thierry Labro

Pwc real-estate-2020-building-the-future
Pwc real-estate-2020-building-the-futurePwc real-estate-2020-building-the-future
Pwc real-estate-2020-building-the-future
Thierry Labro
 
Tracking clean energy_progress_2014
Tracking clean energy_progress_2014Tracking clean energy_progress_2014
Tracking clean energy_progress_2014
Thierry Labro
 
Tracking clean energy_progress_2014
Tracking clean energy_progress_2014Tracking clean energy_progress_2014
Tracking clean energy_progress_2014
Thierry Labro
 
Thionville - le plan de transport
Thionville - le plan de transportThionville - le plan de transport
Thionville - le plan de transport
Thierry Labro
 
Dtt en wp_techtrends_10022014
Dtt en wp_techtrends_10022014Dtt en wp_techtrends_10022014
Dtt en wp_techtrends_10022014
Thierry Labro
 

Mehr von Thierry Labro (20)

TER convention lorraine 2007-2016
TER convention lorraine 2007-2016TER convention lorraine 2007-2016
TER convention lorraine 2007-2016
 
Pwc real-estate-2020-building-the-future
Pwc real-estate-2020-building-the-futurePwc real-estate-2020-building-the-future
Pwc real-estate-2020-building-the-future
 
Most innovative companies
Most innovative companiesMost innovative companies
Most innovative companies
 
Technology, media and Telecommunications predictions for 2015
Technology, media and Telecommunications predictions for 2015Technology, media and Telecommunications predictions for 2015
Technology, media and Telecommunications predictions for 2015
 
The Boom in Global Fintech Investment
The Boom in Global Fintech InvestmentThe Boom in Global Fintech Investment
The Boom in Global Fintech Investment
 
High-frequency trading activity in EU equity markets
High-frequency trading activity in EU equity marketsHigh-frequency trading activity in EU equity markets
High-frequency trading activity in EU equity markets
 
Taxe: l'évolution du Luxembourg
Taxe: l'évolution du LuxembourgTaxe: l'évolution du Luxembourg
Taxe: l'évolution du Luxembourg
 
Mobilise luxembourg
Mobilise luxembourgMobilise luxembourg
Mobilise luxembourg
 
Les jeunes entreprises doivent devenir une priorité
Les jeunes entreprises doivent devenir une prioritéLes jeunes entreprises doivent devenir une priorité
Les jeunes entreprises doivent devenir une priorité
 
Tracking clean energy_progress_2014
Tracking clean energy_progress_2014Tracking clean energy_progress_2014
Tracking clean energy_progress_2014
 
Tracking clean energy_progress_2014
Tracking clean energy_progress_2014Tracking clean energy_progress_2014
Tracking clean energy_progress_2014
 
Gfci15 15 march2014
Gfci15 15 march2014Gfci15 15 march2014
Gfci15 15 march2014
 
Le tableau de bord de l'innovation de l'Union européenne
Le tableau de bord de l'innovation de l'Union européenneLe tableau de bord de l'innovation de l'Union européenne
Le tableau de bord de l'innovation de l'Union européenne
 
Thionville - le plan de transport
Thionville - le plan de transportThionville - le plan de transport
Thionville - le plan de transport
 
Dtt en wp_techtrends_10022014
Dtt en wp_techtrends_10022014Dtt en wp_techtrends_10022014
Dtt en wp_techtrends_10022014
 
Panorama sur la grande distribution en France
Panorama sur la grande distribution en FrancePanorama sur la grande distribution en France
Panorama sur la grande distribution en France
 
Le rapport sur la corruption en France
Le rapport sur la corruption en FranceLe rapport sur la corruption en France
Le rapport sur la corruption en France
 
Jean-Claude Biver: le maître du temps
Jean-Claude Biver: le maître du tempsJean-Claude Biver: le maître du temps
Jean-Claude Biver: le maître du temps
 
Les Roumains et les Bulgares apportent plus qu'ils ne coûtent
Les Roumains et les Bulgares apportent plus qu'ils ne coûtentLes Roumains et les Bulgares apportent plus qu'ils ne coûtent
Les Roumains et les Bulgares apportent plus qu'ils ne coûtent
 
Cargolux chambresalaries
Cargolux chambresalariesCargolux chambresalaries
Cargolux chambresalaries
 

Kürzlich hochgeladen

Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Kürzlich hochgeladen (20)

Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 

“The Impact of Mobile Devices on Information Security: A Survey of IT and Security Professionals”.

  • 1. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS October 2014 Sponsored by
  • 2. © 2014 Dimensional Research. All Rights Reserved. www.dimensionalresearch.com Introduction Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information is easily transported outside of managed environments, while the Bring Your Own Device (BYOD) movement has dramatically increased the number of expensive security incidents. In recent months, we have seen several highly visible, high-impact corporate hacks. These highly publicized breaches have significant financial impact as well as risk to the company’s reputation. Mobile security is of utmost concern as the number of personal devices connecting to corporate networks continues to grow. The following report, sponsored by Check Point, is based on a global survey of 706 IT and security professionals conducted in the United States, Canada, Germany, United Kingdom, Australia and New Zealand. The goal of the survey was to capture data on current attitudes and trends with mobile devices and IT security. This is the third survey on this topic sponsored by Check Point and this report evaluates differences in responses to similar questions asked over the past two years. Executive Summary 1. Number of personal mobile devices connecting to corporate networks continues to grow 2. The cost of remediating mobile security incidents continues to increase 3. Employee behavior is a significant factor in mobile security Key Findings • Number of personal devices connecting to corporate networks continues to grow --75% allow personal devices to connect to corporate networks, an increase from 67% in 2013 and 65% in 2012 --91% say the number of personal devices connecting to corporate networks is growing --72% more than doubled the number of connected personal mobile devices in the past two years • Mobile security incidents are on the rise, and so is the cost of fixing them --82% of security professionals expect mobile security incidents to increase this year --98% have concerns about the impact of a mobile security incident --95% face challenges with the security of BYOD --64% say cost of remediating mobile security incidents is increasing --42% of executives say a mobile security incident costs more than $250,000 --64% cite Android as the mobile platform with the greatest risk, up from 49% in 2013 and 30% in 2012 • Employee behavior is a significant factor in information security --87% say careless employees are a greater threat to security than cybercriminals, up from 72% in 2012 --Employee actions have the highest impact on vulnerability of mobile data --63% say employees likely contributed to recent high-profile security breaches --92% say employee behaviors could have made a difference in preventing high-profile security breaches --56% are managing business data on employee-owned personal devices, up from 37% in 2013 THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 Sponsored by
  • 3. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 3 All Rights Reserved. Detailed Findings Continued growth in the number of companies with mobile devices connecting to corporate networks IT professionals were asked if mobile devices, such as smartphones or tablets, were allowed to connect to their corporate networks. Most reported broad use of mobile devices within their organizations, with 95% saying that they had mobile devices connecting to corporate networks, including 74% who allowed both personal and company owned devices, 20% who allowed only company-owned mobile devices, and 1% that had only personal mobile devices. The 1% all worked at small companies. This is a slight increase in the number of companies that allow mobile devices on their corporate networks compared to 93% in 2013. More corporate networks include personal devices If we consider only personally-owned mobile devices connecting to corporate networks, 2014 has seen a more significant growth rate than in the past. In 2014, 75% of IT professionals reported that devices owned personally by employees, contractors, or others connect to their corporate networks, up from 67% in 2013 and 65% in 2012. Yes 95% No 5% Mobile devices connect to corporate networks 65% 67% 75% 35% 33% 25% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2012 2013 2014 Companies allowing personal mobile devices to connect corporate networks Yes No
  • 4. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 4 All Rights Reserved. Companies have an increasing number of personal mobile devices connecting to their networks IT professionals whose companies do allow personally-owned mobile devices were asked how much growth there has been in the number of personal devices on their corporate networks. The vast majority, 91%, have seen an increase in the number of mobile devices connecting to corporate networks over the past two years. For most participants, the increase was very dramatic with 72% saying they more than doubled the number of personal mobile devices in this timeframe. Mobile security incidents expected to grow With the high rate of growth of mobile devices, particularly personal mobile devices connecting to corporate networks, it is unsurprising that the number of security incidents is also expected to grow. Among all IT professionals, about two-thirds (64%) expected to see an increase in the number of mobile security incidents. Interestingly, IT professionals in general were more optimistic than the IT professionals who focus exclusively on security as their entire job. Among the security professionals who spend all their time thinking about securing corporate data and systems, a shocking 82% expect the number of security incidents to increase. Not a single dedicated security professional (0%) indicated that they expected the number of mobile security incidents to decrease this year, although among all IT professionals, including those for whom security was only part of their job, 7% felt that the steps they were taking to ensure security would decrease the number of security incidents. No increase 9% Less than twice as many 19% Between 2 and 5 8mes 46% More than 5 8mes 26% Increase in number of personal devices connec3ng to corporate networks Increase 64% Decrease 7% No change 29% Expected change in number of security incidents in coming year (All IT professionals) Increase 82% Decrease 0% No change 18% Expected change in number of security incidents in coming year (Dedicated security professionals only)
  • 5. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 5 All Rights Reserved. IT professionals are concerned about the business impact of mobile security incidents Nearly all IT professionals (98%) have concerns about the impact of a mobile security incident. When asked about their greatest concerns, lost or stolen information topped the list with 82% of IT professionals citing this as an issue, followed by 61% who worried about introducing security weaknesses for future attacks. Participants who took the time to write in “Other” answers specifically called out worries about reputation and bad press, loss of productivity while correcting problems, and costs to stay within security standards and compliance. Securing corporate information remains greatest challenge in adopting BYOD BYOD or “Bring Your Own Device” continues to cause challenges for corporate IT. The majority of participants, 95%, reported that when employees use their own smartphones, tablets, or other devices to work with business information, it creates security challenges. IT professionals report that the most common challenge faced by IT organizations in adopting a BYOD policy is securing corporate information (72%), followed by managing personal devices that contain corporate and personal data and applications (67%), and tracking and controlling access to corporate and private networks (59%). 2% 3% 31% 43% 61% 82% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% No concerns Other Cost of replacing lost or stolen devices Compliance violaAon and fines IntroducAon of security weakness for future aHacks Lost or stolen informaAon Mobile security incident concerns 5% 2% 42% 46% 59% 67% 72% 0% 10% 20% 30% 40% 50% 60% 70% 80% We have no challenges with BYOD Other Finding agnosBc security soluBons (i.e. managing all OSes) Keep device operaBng system and applicaBons updated Tracking and controlling access to corporate and private networks Managing personal devices that contain both corporate and personal data and applicaBons Securing corporate informaBon BYOD security challenges
  • 6. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 6 All Rights Reserved. The specific challenges and importance of the challenges did not change significantly from year to year, but the overall number of IT professionals facing security concerns as well as the number concerned about particular items, has increased across the board. The overall number of IT professionals who face security challenges rose from 93% in 2013 to 95% in 2014. Most challenges saw a slight in increase in number of IT professionals experiencing them, for example concerns about securing corporate information rose from 67% in 2013 to 72% in 2014. Interestingly, there was a dramatic increase in the ability to finding agnostic security solutions that can manage all operating systems across the wide range of mobile devices used. In 2013 only 14% listed finding agnostic security solutions as a top concern, but in 2014 that number rose dramatically to 42%. Cost of remediating security incidents is increasing The costs of remediating a security incident can be wide-ranging once you include staff time, legal fees, fines, resolution processes, and other expenses for each incident where corporate information has been lost or stolen from a mobile device. Most IT professionals (64%) report that the costs of remediating mobile security incidents is increasing, with only a small number (6%) reporting these costs are decreasing. 7% 14% 38% 59% 63% 67% 5% 42% 46% 59% 67% 72% 0% 10% 20% 30% 40% 50% 60% 70% 80% We have no challenges with BYOD Finding agnosAc security soluAons (i.e. managing all OSes) Keep device operaAng system and applicaAons updated Tracking and controlling access to corporate and private networks Managing personal devices that contain both corporate and personal data and applicaAons Securing corporate informaAon BYOD security challenges (2013 vs. 2014) 2014 2013 Increasing 64% Decreasing 6% No change 30% Changing costs of remedia1ng mobile security incidents
  • 7. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 7 All Rights Reserved. Because of this wide range of possible expenses, the actual cost of a mobile security incident can be challening to calculate. IT executives had the most visibility into these costs, which can be substantial. Three-quarters (75%) of IT executives reported that a mobile security incident costs their company more than $10,000, including 42% who said it cost more than $250,000. This is an increase from 2013 where only 37% reported a mobile security incident cost more than $250,000. Perception of Android security risks grew again in 2014 IT professionals were asked which of the most common mobile platforms they viewed as being the greatest risk to their corporate security. The number of IT professionals saying Android was the riskiest increased and was by far the most frequent platform indicated (64%), followed by Apple/iOS (16%) and Windows Mobile (16%) and Blackberry (4%). Perception of Android security problems continued to grow dramatically as the platform perceived to have the greatest security risk (up from 49% in 2013 and 30% in 2012). Apple/iOS decreased in perception as the riskiest mobile platform for the first time since this survey began, to 16% from 25% in both of the prior years. Windows Mobile saw about the same results after dropping considerably from 2012 to 2013. Blackberry dropped for the 2nd year in a row as the number of IT professionals who viewed this as the most risky platform decrease by more than a half. 28% 25% 35% 33% 37% 42% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 Cost of mobile security incidents (Execu'ves) Less than $10,000 $10,000 -­‐ $250,000 More than $250,000 Mobile platform perceived as greatest security risk (2012 vs. 2013 vs. 2014) 25% 25% 16% 30% 49% 64% 29% 17% 16% 16% 9% 4% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2012 2013 2014 Apple/iOS Android Windows Mobile Blackberry
  • 8. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 8 All Rights Reserved. Concern about careless employees is growing Employee behavior was found to have significant impacts on mobile security in this year’s survey. IT professionals were asked which group of individuals was considered the greatest security risk —careless employees or cybercriminals who intentionally try to steal corporate information. Careless employees continued to be reported as a greater security threat than cybercriminals with 87% of participants citing careless employees as the greatest security risk as opposed to only 13% citing cybercriminals. This is a notable increase from 2012 when the same question was asked and 72% cited careless employees. This reinforces the importance of implementing a strong combination of technology and security awareness throughout an organization. Employee actions have highest impact on vulnerability of mobile data Mobile security incidents can have a wide range of impacts. IT professionals were presented with a list of possible impacts and asked to rank them from first to last with the first being the factor that was the most impactful and the last being the factor that was the least impactful. Last year, lost or stolen devices was ranked first among IT professionals as the factor that had the greatest impact on the vulnerability of mobile data, followed by malicious applications downloaded to the mobile device. In 2014, the role of employees rose significantly and is now represented in all the biggest impacts on the vulnerability of mobile data. This includes employees accidentally accessing malicious sites or downloading malicious content, lack of employee awareness about security policies, and employees intentionally ignoring security policies all surpassing lost or stolen mobile devices with corporate data. 72% 87% 28% 13% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2012 2014 Greater security threat to mobile devices Careless employees Hackers 6. High rate of users changing or upgrading their mobile device 5. Security updates not kept current 4. Lost or stolen mobile devices with corporate data 3. Employees intenAonally ignoring security policies 2. Lack of employee awareness about security policies 1. Employees accidentally accessing malicious sites or downloading malicious content Impact on the vulnerability of mobile data
  • 9. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 9 All Rights Reserved. Employee behavior can make a difference in preventing security reputation events Employee adherence to corporate security policies whether it be lack of awareness of security policies or employees intentionally ignoring security policies were ranked among the highest impacts on the vulnerability of mobile data. Recent months have seen a large number of very high profile customer data breaches. IT professionals were also asked if they felt employee behavior could have made a difference in preventing these embarrassing and customer-impacting issues. Two-thirds of participants (63%) indicated that it is likely employee carelessness contributed to recent high-profile breaches of customer data. The vast majority (92%) said that in their opinion employee behaviors could have made a difference. More companies are managing employee-owned devices Once corporate data is on personal devices, it becomes a security risk point if those are not managed properly. In 2014 there was a significant increase in the number of IT organizations managing business data on the personal devices that employees use for work. More than half of organizations (56%) are managing the business data that exists on personal devices, up significantly from just over one-third (37%) in 2014. 5% 58% 30% 8% 0% 10% 20% 30% 40% 50% 60% 70% Employee carelessness caused these problems It is likely employee carelessness contributed It’s possible it might have made a difference It wouldn’t have made a difference Likelihood recent high-­‐profile breaches could have been prevented if employees followed security policies 63% 44% 37% 56% 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% 2013 2014 Manage business data on personal devices No Yes
  • 10. THE IMPACT OF MOBILE DEVICES ON INFORMATION SECURITY: A SURVEY OF IT AND SECURITY PROFESSIONALS Dimensional Research | October 2014 www.dimensionalresearch.com © 2014 Dimensional Research. Page 10 All Rights Reserved. Survey Methodology An independent database of IT and security professionals was invited to participate in a web survey on the topic of mobile devices and information security sponsored by Check Point. A total of 706 respondents across the United States, Canada, United Kingdom, Germany, Australia and New Zealand completed the survey. Each respondent had responsibility for securing company systems. Participants included IT executives, IT managers, and hands-on IT professionals, and represented a wide range of company sizes and industry verticals. This survey is the third in a series of surveys on this topic sponsored by Check Point. This report compares certain results to the results of similar questions asked in the past two years. About Dimensional Research Dimensional Research® provides practical marketing research to help technology companies make their customers more successful. Our researchers are experts in the people, processes, and technology of corporate IT and understand how IT organizations operate. We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business. For more information visit www.dimensionalresearch.com. About Check Point Software Technologies Ltd. Check Point Software Technologies Ltd. (www.checkpoint.com), the worldwide leader in securing the Internet, provides customers with uncompromised protection against all types of threats, reduces security complexity and lowers total cost of ownership. Check Point first pioneered the industry with FireWall-1 and its patented stateful inspection technology. Today, Check Point continues to develop new innovations based on the Software Blade Architecture, providing customers with flexible and simple solutions that can be fully customized to meet the exact security needs of any organization. Check Point is the only vendor to go beyond technology and define security as a business process. Check Point 3D Security uniquely combines policy, people and enforcement for greater protection of information assets and helps organizations implement a blueprint for security that aligns with business needs. Customers include tens of thousands of organizations of all sizes, including all Fortune and Global 100 companies. Check Point’s award-winning ZoneAlarm solutions protect millions of consumers from hackers, spyware and identity theft. 5 to 100 17% 100 to 1,000 29% 1,000 to 5,000 23% 5,000 to 15,000 15% More than 15,000 16% Company size IT execu(ve 26% IT team manager 34% Front-­‐line IT professional 40% Job func)on IT security is my en.re job 27% IT security is part of my job 73% Responsibility for IT security