ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD Security

ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD Security

ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD SecurityA 53% majority of organizations acknowledge that they are unprepared to deal with security breaches to their corporate and employee-owned Bring Your Own Device (BYOD) notebooks, tablets and smart phones. And this despite the fact that 50% of businesses say their BYOD devices may have been hacked in the last year.

The findings are part of a joint study conducted by ITIC, a research and consulting firm based in the Boston area specializing in conducting independent surveys tracking crucial trends and KnowBe4, a security awareness training firm. The ITIC/KnowBe4 “2014 State of Security” survey, polled 250 companies worldwide in February 2014. The survey found that 55% of organizations are not increasing or fortifying their existing security measures despite the recent spate of high profile security attacks against companies like Target, Skype, Snapchat and others.

The survey results indicate that a 65% majority of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organizational data including email, applications and sensitive data. BYOD usage enables businesses to reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. The rise in BYOD, mobility and remote/telecommuting users potentially increases the risk of security breaches.

Approximately half or 50% of survey respondents said that their employee and company-owned BYOD devices had not been hacked compared to about 10% that indicated that desktop devices and smart phones were penetrated. However, in a disconcerting trend, 40% of businesses admitted they were “unsure,” “had no way of knowing” or “do not require employees to inform them” if their desktops or BYOD devices have been hacked.

KnowBe4’s Chief Hacking Officer, Kevin Mitnick, said, “Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes [of the PC era] that resulted in untold system downtime and billions of dollars in economic loss.”

BYOD can render corporations extremely vulnerable to security breaches. Unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.

Among the other ITIC/KnowBe4.com survey highlights:

  • Organizations remain divided on who bears responsibility for BYOD device security. More than four-out-of-10 businesses – 43% -- currently have no designated BYOD security policies.
  • Some 45% of businesses indicated they are taking additional security measures. The top three most popular security mechanisms include: installing the latest security fixes and patches (49%); conducting security audits and vulnerability testing (36%) and initiating computer security training for IT and end users.  
  • Only 13% of respondents said their firms have specific policies in place to deal with BYOD deployments, while another nine percent indicated they were in the process of developing BYOD procedures.
  • An 80% majority of firms consider strong anti-virus, intrusion detection and firewalls the most important/critical element and most effective mechanism to safeguard their networks followed by endpoint security (65%). Some 60% of survey participants cited physically limiting access to the server room/datacenter and providing end-user security awareness training as also being crucial to maintaining security.

ITIC principal analyst Laura DiDio added, “These survey findings should galvanize corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack.”

For necessary and vital security measures, every firm regardless of size should conduct a risk assessment review, adopt the ‘defense-in-depth’ strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training to deal with server and desktop deployments, including BYOD.

Featured

  • Choosing the Right Solution

    Today, there is a strong shift from on-prem installations to cloud or hybrid-cloud deployments. As reported in the 2024 Genetec State of Physical Security report, 66% of end users said they will move to managing or storing more physical security in the cloud over the next two years. Read Now

  • New Report Reveals Top Security Risks for U.S. Retail Chains

    Interface Systems, a provider of security, actionable insights, and purpose-built networks for multi-location businesses, has released its 2024 State of Remote Video Monitoring in Retail Chains report. The detailed study analyzed over 2 million monitoring requests across 4,156 retail locations in the United States from September 2023 to August 2024. Read Now

  • Gaining a Competitive Edge

    Ask most companies about their future technology plans and the answers will most likely include AI. Then ask how they plan to deploy it, and that is where the responses may start to vary. Every company has unique surveillance requirements that are based on market focus, scale, scope, risk tolerance, geographic area and, of course, budget. Those factors all play a role in deciding how to configure a surveillance system, and how to effectively implement technologies like AI. Read Now

  • 6 Ways Security Awareness Training Empowers Human Risk Management

    Organizations are realizing that their greatest vulnerability often comes from within – their own people. Human error remains a significant factor in cybersecurity breaches, making it imperative for organizations to address human risk effectively. As a result, security awareness training (SAT) has emerged as a cornerstone in this endeavor because it offers a multifaceted approach to managing human risk. Read Now

Featured Cybersecurity

Webinars

New Products

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation. 3