Almost three-quarters of businesses believe that the proliferation of mobile devices has contributed to an increase in the number of security events in their organisation in the past two years.
According to a survey of 100 UK IT professionals by Check Point, 74 per cent believe that the number of mobile devices has increased security events, while 66 per cent said the number of mobile devices used in their organisation had more than doubled in the past two years.
A lack of security awareness among employees was cited as the biggest risk to mobile data, followed by mobile web browsing (61 per cent), insecure WiFi connectivity (59 per cent), lost or stolen devices (58 per cent) and malicious mobile application downloads (57 per cent).
Juliette Sultan, head of global marketing at Check Point, said: “The consumerisation of IT is among the top concerns for CIOs this coming year and we wanted to assess from IT administrators the current security challenges they face when it comes to mobile computing.
“The explosion of mobile devices connecting to the corporate network often creates greater opportunities for data loss and increased security management complexity. We anticipate this trend will continue to rise in 2012, encouraging enterprises to enforce the proper remote access policies to minimise the frequency, risk and costs associated with securing the mobile enterprise.”
The survey also found that personal devices often store and access a variety of sensitive information, including email (79 per cent), customer data (47 per cent) and login credentials (38 per cent) for internal databases or business applications.
Andy Jacques, EMEA general manager at Good Technology, told SC Magazine this week that the issue of mobile-related data risks would come to the fore this year.
He said: “If you lose a laptop or suffer a cloud security breach, then it belongs to the company. This is about bringing in your own phone with very little due diligence and support, and applications connecting that the IT team don't know anything about.
“If there is a breach then you can say that you applied best practice or prepared for the scenario, but if it is a breach and the CISO says that they did not know anything about it, that is when it is a problem.”