We have been laying out our Predictions for Mobile for a few years now, and as we head into a new year tomorrow, we set forth our Predictions for Mobile in 2015. Last year we predicted the growth in the number of devices supported in organizations. While not all organizations have responded to this fragmentation of devices with a shift in the focus of mobile device policies, we are seeing the shift slowly move from device-based to data and user-based policies. Many of our predictions have come true for 2014, and many of the same insights are intensified in 2015:
Mobile devices continue to be a key weak point in IT security. From malware to phishing, we are seeing cybercriminals increasingly targeting mobile devices as a means to exploit corporate security. The data on mobile devices, from saved passwords to network connections to stored data, are all extremely valuable of themselves and as a means to further cyber attack.
Right now, employees are acting free and lose with corporate data in order to facilitate their productivity. They are emailing files, uploading them to personal cloud accounts, and accessing this data from any device they can. Organizations that fail to address the sharing of data outside the organization risk data breaches. In fact, research earlier this year shows that there is a symbiotic relationship between cloud and mobile and that the use of cloud services, and mobile devices, increases the probability for a massive breach by as much as 3.1x.
Many organizations are struggling to even address this with policies, but we are seeing some organizations lead the way with the use of private clouds or other means of secure data transfer.
Organizations have faced the introduction of tablets and smartphones with specific policies and technologies, but there is a growing awareness that mobile devices is a more encompassing term, including laptops, smartphones, tablets and the growing market of Internet-enabled “things”, many of which will be BYOD. Already, there’s an average of 1.7 BYOD devices per user in the workplace on a global scale.
The Internet-of-things (IoT) is only in its infancy, but organizations need to understand the security implications of the IoT. Each device used in the organization creates a gateway that can be exploited. Preparing early for any change is the best way to be prepared for the IoT.
In 2015, there are more drivers to embracing EMM than ever before. Organizations are finding themselves encumbered by many “silo”-based solutions to managing and securing a variety of device types, including the management of apps, content, data security and more. With the emergence of even more devices, and the pressure of BYOD and IoT, organizations are looking for a unified way to manage and secure devices.
Device theft was the forefront of a lot of action in 2014, from manufacturers, regulators and organizations alike. Estimates of device theft for 2013 range from 1.2 million to 3.1 million, depending on estimation methods, but the reality is that even one device stolen can put organizations at risk. These devices may contain corporate data, but they also may be a conduit for risk even if they don’t; saved passwords (which likely are used in the organization as well), contacts, social media accounts, archived emails all provide a rich field of data that can be exploited for cyber attacks, both directly on the organization or through targeted phishing.
Organizations, whether they support BYOD or not, cannot ignore the risks that theft of devices pose. Organizations that support BYOD with policies and technologies for device tracking and remote data wipe are best prepared to meet these risks.
One of the key insights that is now being backed up by research is that employees are often tied to mobile security risks. User-negligence ranges from downloading malicious content, lack of awareness of the risks, loss of devices, or ignoring security policies. Our own research indicates that employees have a lax attitude toward security, believing both that it is not their responsibility and that the value of data on their device is negligible.
Organizations, realizing this tie between employees and data security risk, must re-enforce employee security training on an ongoing basis to ensure all employees are aware of their role in protecting corporate data compliant with organizational mobile security policies. Such training would include ongoing updates that respond to the shifting risk landscape. Policies and training would be supported by technology to secure devices and the data they contain.
We hope these predictions will prove helpful in your security planning. As with all trends, it’s important to perform regular risk assessments to identify and address the specific vulnerabilities of your organization.
Absolute Software is the industry standard in persistent endpoint security and management for computers, laptops, tablets and smartphones. We deliver state-of-the-art IT asset management—allowing organizations to reduce IT costs, address regulatory compliance, combat computer theft, and optimize the productivity of their computer, netbook, and smartphone devices. Learn more here.