Smartphones, tablets, and other mobile devices have become the target of malware and are even getting hit by highly targeted attacks known as “advanced persistent threats” that intended to steal sensitive data, according to a survey of 676 information technology and security professionals.
About two-thirds of the respondents said the mobile endpoints used in their organizations had been hit by malware and 40 percent also said these endpoints were the entry point for an APT-style attack aimed at specific individuals to gain access to corporate information. The Ponemon Institute’s survey, titled “2014 State of Endpoint Risk”, states that on average 63 percent of an organization’s employees are now using mobile devices, with IT managers anticipating the number of devices that have to be actively managed will rise from 5000 on average to 7000 in the next three years.
”Just when many IT security practitioners were hoping to get their endpoint security risks under control, the exploding growth of mobility platforms and public cloud resources has turned these dreams into a security nightmare,” the survey report asserts. The respondents perceive “mobile devices such as smartphones” to be the greatest potential security risk in the IT environment, more than PC desktops and laptops.
The survey, sponsored by Lumension, indicates that more than half of the IT security experts learned of APT attacks against endpoints when they found anomalous exfiltration traffic on the network. About a quarter said the endpoint security technology they use alerted them to a possible breach and 21 percent were notified by law enforcement directly. APT attacks often commence with phishing emails to employees, Web-based click-jacking, fraudulently signed code, or digital certificates, they said.
As far as the applications considered to have the highest IT risk, the top three choices were: Adobe, Google Docs, and Microsoft's operating systems and applications.
Personal gadgets in place at work
Just over half of the survey’s respondents say they have a “Bring Your Own Device” (BYOD) plan that lets employees use their own mobile devices for work purposes, and slightly over half of them are relying on “voluntarily installing the endpoint protection agent” for BYOD.
The survey also asked about perceived risks associated with third-party cloud services, and 54 percent of the respondents said their organization has a “centralized cloud security policy,” up from 40 percent that did the year before.
Having to focus more on endpoint security is putting pressure on IT security budgets, according to the report, with only 44 percent expecting their overall IT security budgets to increase in 2014.
The types of technologies the survey’s respondent expect to invest in over the next year include application control, data-loss prevention, mobile device management (MDM), device control and “big data analytics.” The most important capabilities considered for MDM by the respondents are malware detection and prevention, provisioning, and access management.
This story, "Mobile gadgets security called biggest challenge for business" was originally published by Network World.