ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD Security

ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD Security

ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD SecurityA 53% majority of organizations acknowledge that they are unprepared to deal with security breaches to their corporate and employee-owned Bring Your Own Device (BYOD) notebooks, tablets and smart phones. And this despite the fact that 50% of businesses say their BYOD devices may have been hacked in the last year.

The findings are part of a joint study conducted by ITIC, a research and consulting firm based in the Boston area specializing in conducting independent surveys tracking crucial trends and KnowBe4, a security awareness training firm. The ITIC/KnowBe4 “2014 State of Security” survey, polled 250 companies worldwide in February 2014. The survey found that 55% of organizations are not increasing or fortifying their existing security measures despite the recent spate of high profile security attacks against companies like Target, Skype, Snapchat and others.

The survey results indicate that a 65% majority of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organizational data including email, applications and sensitive data. BYOD usage enables businesses to reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. The rise in BYOD, mobility and remote/telecommuting users potentially increases the risk of security breaches.

Approximately half or 50% of survey respondents said that their employee and company-owned BYOD devices had not been hacked compared to about 10% that indicated that desktop devices and smart phones were penetrated. However, in a disconcerting trend, 40% of businesses admitted they were “unsure,” “had no way of knowing” or “do not require employees to inform them” if their desktops or BYOD devices have been hacked.

KnowBe4’s Chief Hacking Officer, Kevin Mitnick, said, “Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes [of the PC era] that resulted in untold system downtime and billions of dollars in economic loss.”

BYOD can render corporations extremely vulnerable to security breaches. Unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.

Among the other ITIC/KnowBe4.com survey highlights:

  • Organizations remain divided on who bears responsibility for BYOD device security. More than four-out-of-10 businesses – 43% -- currently have no designated BYOD security policies.
  • Some 45% of businesses indicated they are taking additional security measures. The top three most popular security mechanisms include: installing the latest security fixes and patches (49%); conducting security audits and vulnerability testing (36%) and initiating computer security training for IT and end users.  
  • Only 13% of respondents said their firms have specific policies in place to deal with BYOD deployments, while another nine percent indicated they were in the process of developing BYOD procedures.
  • An 80% majority of firms consider strong anti-virus, intrusion detection and firewalls the most important/critical element and most effective mechanism to safeguard their networks followed by endpoint security (65%). Some 60% of survey participants cited physically limiting access to the server room/datacenter and providing end-user security awareness training as also being crucial to maintaining security.

ITIC principal analyst Laura DiDio added, “These survey findings should galvanize corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack.”

For necessary and vital security measures, every firm regardless of size should conduct a risk assessment review, adopt the ‘defense-in-depth’ strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training to deal with server and desktop deployments, including BYOD.

Featured

  • Live From ISC West: Day 2 Recap

    If it’s even possible, Day 2 of ISC West in Las Vegas, Nevada, was even busier than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Venetian, because there’s more news coming out than anyone could be expected to keep track of. Our Live From sponsors—NAPCO Security, Alibi Security, Vistacom, RGB Spectrum, and DoorKing—kept the momentum from Day 1 going with packed booths, happy hours, giveaways, product demonstrations, and more. Read Now

    • Industry Events
    • ISC West
  • Visiting Sin City

    I’m a recovering alcoholic, ten years sober this June. I almost wrote “recovered alcoholic,” because it’s a problem I’ve long since put to bed in every practical sense. But anyone who’s dealt with addiction knows that that part of your brain never goes away. You just learn to tell the difference between that insidious voice in your head and your actual internal monologue, and you get better at telling the other guy to shut up. Read Now

  • On My Way Out the Door

    To answer that one question I always get, at every booth visit, I have seen amazing product technology, solutions and above all else, the people that make it all work. Read Now

    • Industry Events
    • ISC West
  • Return to Form

    My first security trade show was in 2021. At the time, I was awed by the sheer magnitude of the event and the spectacle of products on display. But this was the first major trade show coming out of the pandemic, and the only commentary I heard was how low the attendance was. Two representatives from one booth even spent the last morning playing catch in the aisle with their giveaway stress balls. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

New Products

  • PDK IO Access Control Software

    PDK.IO Access Control Software

    ProdataKey now allows for "custom fields" within the interface of its pdk.io software. Custom fields increase PDK's solutions' overall functionality by allowing administrators to include a wide range of pertinent data associated with each user. 3

  • Tyco Kantech EntraPass security management software

    Tyco Kantech EntraPass security management software

    Johnson Controls, the global leader in smart, healthy and sustainable buildings, and architect of the Open Blue digital connected platforms, has released the newest version of the Tyco Kantech EntraPass security management software. 3

  • Unique Oversized ID Card Printer

    Unique Oversized ID Card Printer

    Idesco Corp. is announcing its card printer – the XCR100 2.0 printer- that allows customers to personalize oversized ID cards on demand. The printer is ideal for assisting healthcare organizations find the right badging solution. As healthcare facilities continue to combat the spread of COVID-19, issuing oversized ID cards has helped identify staff clearly while adding an extra layer of security. The XCR100 2.0 printer is the only dye-sublimation printer on the market that can personalize CR100 cards (3.88" x 2.63"). The cards that are 42% larger than the standard credit card size. The printer can produce up to 180 full cards per hour in color, and up to 1,400 cards per hour in monochrome. An optional flipper is available to print dual-sided badges in one pass. Contactless encoding comes as an option to help healthcare facilities produce secure access badges on demand and the card printer features a 2-year warranty. 3