ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD Security

ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD Security

ITIC and KnowBe4 Latest Study Reveals Companies Lack BYOD SecurityA 53% majority of organizations acknowledge that they are unprepared to deal with security breaches to their corporate and employee-owned Bring Your Own Device (BYOD) notebooks, tablets and smart phones. And this despite the fact that 50% of businesses say their BYOD devices may have been hacked in the last year.

The findings are part of a joint study conducted by ITIC, a research and consulting firm based in the Boston area specializing in conducting independent surveys tracking crucial trends and KnowBe4, a security awareness training firm. The ITIC/KnowBe4 “2014 State of Security” survey, polled 250 companies worldwide in February 2014. The survey found that 55% of organizations are not increasing or fortifying their existing security measures despite the recent spate of high profile security attacks against companies like Target, Skype, Snapchat and others.

The survey results indicate that a 65% majority of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organizational data including email, applications and sensitive data. BYOD usage enables businesses to reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. The rise in BYOD, mobility and remote/telecommuting users potentially increases the risk of security breaches.

Approximately half or 50% of survey respondents said that their employee and company-owned BYOD devices had not been hacked compared to about 10% that indicated that desktop devices and smart phones were penetrated. However, in a disconcerting trend, 40% of businesses admitted they were “unsure,” “had no way of knowing” or “do not require employees to inform them” if their desktops or BYOD devices have been hacked.

KnowBe4’s Chief Hacking Officer, Kevin Mitnick, said, “Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes [of the PC era] that resulted in untold system downtime and billions of dollars in economic loss.”

BYOD can render corporations extremely vulnerable to security breaches. Unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.

Among the other ITIC/KnowBe4.com survey highlights:

  • Organizations remain divided on who bears responsibility for BYOD device security. More than four-out-of-10 businesses – 43% -- currently have no designated BYOD security policies.
  • Some 45% of businesses indicated they are taking additional security measures. The top three most popular security mechanisms include: installing the latest security fixes and patches (49%); conducting security audits and vulnerability testing (36%) and initiating computer security training for IT and end users.  
  • Only 13% of respondents said their firms have specific policies in place to deal with BYOD deployments, while another nine percent indicated they were in the process of developing BYOD procedures.
  • An 80% majority of firms consider strong anti-virus, intrusion detection and firewalls the most important/critical element and most effective mechanism to safeguard their networks followed by endpoint security (65%). Some 60% of survey participants cited physically limiting access to the server room/datacenter and providing end-user security awareness training as also being crucial to maintaining security.

ITIC principal analyst Laura DiDio added, “These survey findings should galvanize corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack.”

For necessary and vital security measures, every firm regardless of size should conduct a risk assessment review, adopt the ‘defense-in-depth’ strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training to deal with server and desktop deployments, including BYOD.

Featured

  • Allegion, Comfort Technologies Implement Mobile Credentials at the Artisan Apartment Homes in Florida

    Artisan Apartment Homes, a luxury apartment complex in Dunedin, Florida, recently transitioned from mechanical keys to electronic locks and centralized system software with support from Allegion US, a leading provider of security solutions, technology and services, and Florida-based Comfort Technologies, which specializes in deploying multifamily access control, IoT devices and software management solutions. Read Now

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.