ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD Security

ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD Security

ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD SecurityA 53% majority of organizations acknowledge that they are unprepared to deal with security breaches to their corporate and employee-owned Bring Your Own Device (BYOD) notebooks, tablets and smart phones. And this despite the fact that 50% of businesses say their BYOD devices may have been hacked in the last year.

The findings are part of a joint study conducted by ITIC, a research and consulting firm based in the Boston area specializing in conducting independent surveys tracking crucial trends and KnowBe4, a security awareness training firm. The ITIC/KnowBe4 “2014 State of Security” survey, polled 250 companies worldwide in February 2014. The survey found that 55% of organizations are not increasing or fortifying their existing security measures despite the recent spate of high profile security attacks against companies like Target, Skype, Snapchat and others.

The survey results indicate that a 65% majority of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organizational data including email, applications and sensitive data. BYOD usage enables businesses to reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. The rise in BYOD, mobility and remote/telecommuting users potentially increases the risk of security breaches.

Approximately half or 50% of survey respondents said that their employee and company-owned BYOD devices had not been hacked compared to about 10% that indicated that desktop devices and smart phones were penetrated. However, in a disconcerting trend, 40% of businesses admitted they were “unsure,” “had no way of knowing” or “do not require employees to inform them” if their desktops or BYOD devices have been hacked.

KnowBe4’s Chief Hacking Officer, Kevin Mitnick, said, “Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes [of the PC era] that resulted in untold system downtime and billions of dollars in economic loss.”

BYOD can render corporations extremely vulnerable to security breaches. Unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.

Among the other ITIC/KnowBe4.com survey highlights:

  • Organizations remain divided on who bears responsibility for BYOD device security. More than four-out-of-10 businesses – 43% -- currently have no designated BYOD security policies.
  • Some 45% of businesses indicated they are taking additional security measures. The top three most popular security mechanisms include: installing the latest security fixes and patches (49%); conducting security audits and vulnerability testing (36%) and initiating computer security training for IT and end users.  
  • Only 13% of respondents said their firms have specific policies in place to deal with BYOD deployments, while another nine percent indicated they were in the process of developing BYOD procedures.
  • An 80% majority of firms consider strong anti-virus, intrusion detection and firewalls the most important/critical element and most effective mechanism to safeguard their networks followed by endpoint security (65%). Some 60% of survey participants cited physically limiting access to the server room/datacenter and providing end-user security awareness training as also being crucial to maintaining security.

ITIC principal analyst Laura DiDio added, “These survey findings should galvanize corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack.”

For necessary and vital security measures, every firm regardless of size should conduct a risk assessment review, adopt the ‘defense-in-depth’ strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training to deal with server and desktop deployments, including BYOD.

Featured

  • The Key to Wellbeing in the Office

    A few years ago, all we saw in the news was the ‘great resignation.’ Now we have another ‘great’ to deal with. According to CBRE, 2023 was the start of the ‘great return’ as office workers returned to their normal offices after working from home. The data shows that two-thirds of all U.S office buildings were more than 90% leased as of Q2 2023. Read Now

  • Failed Cybersecurity Controls Costing U.S. Businesses $30 Billion Yearly

    Panaseer recently released ControlWatch and the Continuous Controls Battle: Panaseer 2025 Security Leaders Report examining the cost of cybersecurity control failures and the impact of growing personal liability for security failings on security leaders. The report analyzes the findings of a survey of 400 security decision makers (SDMs) across the US and UK. It shows that security leaders feel under increasing pressure to provide assurances around cybersecurity, exposing them to greater personal risk – yet many lack the data and resources to accurately report and close cybersecurity gaps. Read Now

  • The Business Case for Video Analytics: Understanding the Real ROI

    For security professionals who may be hesitant to invest in video analytics, now's the time to reconsider. In a newly released Omdia report commissioned by BriefCam (now Milestone Systems), the research firm uncovered a compelling story: more than 85% of North American and European organizations that use video analytics achieve a return on investment within just one year. The study, which surveyed 140 end users across multiple industries, demonstrates that security technology is no longer just for security — it's a cross-organizational tool that delivers measurable business value far beyond traditional safety applications. Read Now

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

Featured Cybersecurity

Webinars

New Products

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation. 3

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3