Why It’s So Hard to Reduce Enterprise Mobile Security Risks

A recent study looks at the shockingly high costs companies can incur as a result of mobile data breaches–and why the problem will only get bigger.

According to the survey data, “many organizations” still believe that they are in the “early days in their mobile deployments.” However, the study found that employee mobile device use is rampant in the enterprise. In fact, the only thing that is “early days” right now is how the enterprise handles mobile security. The study shows that mobile security is weak in many organizations.

There is a worrisome disconnect in what IT thinks employees can do with their mobile devices and reality. The study finds that IT staff believes 19 percent of employees are capable of accessing customer records on mobile devices. In reality, 43 percent of employees have access to that data. Even worse, IT says just 8 percent of employees can access confidential or classified documents. In reality, that figure stands at 33 percent.

Unfortunately for IT, the chances of companies protecting mobile access to data are slim. In the next two years alone, companies and employees agree that mobile access to data will increase by “at least 50 percent.” That suggests that approximately half of all employees will be able to access confidential data by 2018.

Despite believing it’s the “early days” of mobile in the enterprise, 67 percent of companies confirmed that they’ve been the victims of a mobile hack. All of those hacks resulted from employees accessing sensitive data and hackers targeting those individuals to steal the information.

The study shows another harsh reality: Mobile malware is currently running on company networks. On average, 3 percent of all employee mobile devices are currently running malware that’s capable of stealing sensitive information. In major enterprises, that could mean that more than 1,700 malware-ridden mobile devices are connecting to corporate networks each day.

Getting malware is one thing, but not fixing it is another. According to the data, only 26 percent of mobile devices running on corporate networks are scanned for malware. That leaves approximately three-quarters of all smartphones and tablets that can be infected with malware and causing havoc on corporate networking without IT being aware of what’s going on.

Despite these findings, the IT side doesn’t appear to be proactively seeking out malware. In fact, the study found that just 36 percent of IT decision-makers said that they were “vigilant in protecting sensitive or confidential data” that might be running or accessible on employee mobile devices. In other words, more than six in 10 companies simply aren’t doing enough to combat mobile malware and security flaws.

IT policies have become the backbone of data access and security. Yet, they don’t necessarily extend to smartphones and tablets, the survey shows. The researchers found that nearly two-thirds of companies have no policies directing employees on how corporate data may be stored on mobile devices. For most companies, employees can grab whatever they want off corporate networks and no one is any the wiser.

The costs associated with a mobile data breach should be enough to worry the IT side. The average enterprise will spend nearly $9,500 per infected mobile device to find malware, contain it on the network and fix it. That mobile triage alone could cost a major enterprise $16.3 million per year, and that’s only on the devices they’re currently inspecting, which so far isn’t a large number. If every infected device was analyzed, companies could expect to spend $26.4 million per year addressing mobile hacks.

All of these issues may be disturbing, but at least they haven’t been ignored by most IT decision-makers. In fact, IT respondents said that they expect their mobile security budgets to grow 37 percent in the next year. Mobile security budgets will likely continue to grow in the coming years as hackers increasingly target iOS and Android.