As Mobile Threats Rise, Business Security Falls Down on the Job
August 05, 2016
By Steve Anderson
Contributing Writer
It's well-known by now that security mechanisms for businesses are absolutely vital to ensuring ongoing operations. Protecting data for its own sake or to prevent customers from having to bear the brunt of data theft is just a cost of doing business. A new MobileIron study—released recently at the 2016 U.S. Black Hat conference—revealed that businesses' security measures against mobile-based threats aren't up to snuff, leaving businesses sorely exposed.
The numbers paint a stark picture. Just 8 percent of companies are enforcing updates to operating systems (OS)—generally a good way to patch any security holes that might exist at the OS level—and not even 5 percent are using some kind of mobile threat detection or app reputation software.
Many common threats aren't even addressed, and some are on the rise. Missing devices were a problem for 40 percent of companies, which is up from 33 percent just in the fourth quarter of 2015. Out-of-date policies were a problem for 27 percent of firms from 20 percent in that fourth quarter period. Only two fields actually stayed roughly the same; 8 percent of companies enforced app updates, which was about the same as the 2015 period, and less than 5 percent turned to app reputation tools, which about matched the fourth quarter of 2015.
Companies are making moves in blacklisting certain apps, and most of these have some direct impact on business operations. Dropbox, for example, was the most blacklisted, as well as social media mainstays Facebook (News - Alert) and Twitter. The game Angry Birds came in third on the list, and some newcomers included Line and Evernote.
Businesses weren't the only ones affected by this; governments were also having troubles keeping up. Missing devices, for example, were an even bigger problem for governments, which reported 48 percent of organizations having a device missing, compared to businesses' 40 percent average. Outdated polices were a problem for just over a third—34 percent—and 61 percent of operations had at least one non-compliant device.
The security measures discussed in this report are hard to quibble over. After all, we're talking about some of the most basic security measures, like up-to-date policies and actually keeping devices where devices are supposed to be kept. This isn't a matter of someone not having two-factor authentication, or passwords being too weak for someone's taste; this is basic security at stake here. Taking these indices seriously should generate a net positive effect in rapid fashion, and prevent some of the biggest breaches around.
With some simple new security measures, businesses and governments alike can prevent a lot of major problems from taking place. This study makes it clear just how easy it can be to see big improvements just by protecting against some very basic issues.
Edited by Alicia Young