Mobile security concerns soar among IT managers

Survey also finds advanced persistent threats are top of mind for IT professionals

Security concerns about mobile devices in the enterprise have soared among IT managers over the last three years, according to an annual endpoint security survey of IT managers conducted by the Ponemon Institute and security firm Lumension.

In 2010, only 9 percent of IT managers said that mobile devices were a rising security threat for the enterprise. This year, that number has rocketed to 73 percent.

"The mindset of our respondents definitely changed. They now recognize that this is potentially a huge problem," said Larry Ponemon, chairman and founder of the Ponemon Institute.

"Part of that risk factor is BYOD because someone's personal device may be difficult or nearly impossible to secure, or it certainly requires the right tools," Ponemon told FierceMobileIT. "BYOD is definitely one of the reasons why mobility threats and risks are on the rise," he added.

The 2012 survey of 671 IT professionals found that 80 percent believe that mobile devices pose a significant security risk to their enterprise's networks and system because of their lack of security. While three-quarters of respondents expect mobile device use in the workplace to increase next year, only 52 percent of respondents said that their enterprises are working to secure mobile devices.

More than half of respondents said that their enterprises receive more than 25 malware attacks every month, and another 20 percent said they do not know how many malware attacks they have per month.

Paul Zimski, vice president for solution marketing at Lumension, added that the advanced persistent threat attacks are increasingly targeting mobile endpoints as a way into the corporate network and system.

"In general, there is a lack of control of endpoints, particularly the mobile ones, [in the enterprise]. And you combine that with the fact that APTs don't seem to be going after the servers, but targeting the endpoints and moving laterally to their ultimate goal. You are seeing a perfect storm coming together" with BYOD and APTs, he told FierceMobileIT.

IT managers are not always in control of mobile devices in the enterprise, especially when employees bring their own devices. This lack of control is fueling security anxiety among IT teams, anxiety that will like grow in the coming year.

For more:
- see the Ponemon/Lumension study

Related Articles:
Despite IT managers' worries, smartphone users do not consider security when choosing carriers
Poor BYOD strategy could result in enterprise data loss, warns ISF