Small and midsize businesses (SMBs) are increasingly exposed to security risks from mobile devices, such as smartphones, tablet computers and notebooks, that employees use to access and download company data, according to the findings of a survey by Mobilisafe, a Seattle-based mobile risk management company.
As part of a private beta program, participants in the survey evaluated a product that assesses the security risk of mobile devices accessing their companys network. Over four months, Mobilisafes mobile security product mapped pre-existing and newly discovered vulnerabilities to devices. The study included an analysis of more than 134 mobile operating system and application vulnerabilities, segmented by degree of severity from low to high.
The analysis showed that SMB IT managers cannot keep up with the rate of discovery of severe vulnerabilities these devices bring to their corporate networks. In addition, SMB IT departments lack a standardized approach to mitigating the risks from different types of mobile devices, as they do with laptops, desktops and servers. Although they feel exposed to mobile device security risk, SMBs do not feel they have the adequate tools to assess and mitigate these risks at a granular level, the survey found.
Increasingly, application and operating system vulnerabilities are being exploited to compromise security models that isolate and protect company data. Company data is at risk of being leaked from the device, and company servers are at risk of being attacked by mobile devices already authenticated to access company resources. As IT managers have learned from security risk management in the desktop, laptop and server ecosystem, proactively addressing vulnerabilities preempts exploits from jeopardizing company data.
The survey also found 71 percent of devices in the study contained high-severity operating system and application vulnerabilities, and a new high-severity vulnerability was mapped on average to mobile devices every 1.6 days, which is four times faster than in 2011, according to Mobilisafe. In addition, 38 different operating system versions in the study contained high-severity vulnerabilities, but there would be a large drop in the percentage of devices with severe vulnerabilities if the devices were updated to the latest available firmware.
The risks extend beyond the devices used in the workplace; the accelerating adoption of smart devices and the growing number of available products is creating a large reseller market for replaced devices, many of which are not properly cleared of personal information. For example, Motorola recently revealed that approximately 100 out of a batch of 6,200 Xoom WiFi tablets that were refurbished by Motorola Mobility may not have been completely cleared of the original owners data, including passwords, prior to resale.
Half the mobile devices sold on eBay still contain personal information on them, according to an informal survey by mobile and forensics specialist Disklabs.