New Delhi, India, November 17, 2014: A global study released today revealed a significant gap between what enterprises understand is putting them at risk with their mobile deployment and how actively they are taking steps to combat those risks, according to BlackBerry Limited, a global leader in mobile communications.
The gap in understanding how inadequately managed mobile devices in the workplace can contribute risk — yet not taking action to mitigate that risk is evident, as 66 percent of those surveyed acknowledge they find it difficult to keep up with current and emerging mobile threats, while 70 percent of the same respondents say they know they are more tolerant of risk than they should be with their enterprise mobility. This increases to 76 percent in BYOD environments.
For organizations with governance, risk and compliance (GRC) demands, this gap leaves them vulnerable to attacks or industry regulation breaches that put them at financial and reputational risk. The survey found that only 35 percent of executives, risk compliance officers and IT managers within large organizations are very confident that their organization’s data assets are fully protected from unauthorized access via mobile devices. In fact, more than two-thirds believe that mobile devices are the weakest link in their enterprise security framework.
Respondents indicated that they have been too lax in assessing and guarding against risks such as lost or stolen devices, unapproved apps and cloud services, as well as inadequate separation of work and personal use of devices. Consequences in mishandling these issues could lead to immeasurable reputational damage, significant financial penalties and loss of revenue through the loss of trade secrets, or misappropriated customer data. These threats are so critical that 75 percent of those surveyed believe that their organization’s GRC groups should be more involved in developing enterprise mobility strategy.
“Deloitte’s clients face a wide range of complex issues when assessing the adoption of new technology. From Deloitte’s own research, we know that Digital Risk and in particular mobile technologies are of growing concern,” said Kieran Norton, Principal, Security & Privacy, Deloitte & Touche LLP. “As the technical capabilities of connected devices increase exponentially, so do the threats to devices, data and infrastructure as well as wider risks around issues such as regulatory compliance and operational support. While clients recognize the potential upside of mobile driven innovation, at this time we still see many companies grappling with the implications of mobile technologies and finding the ‘sweet spot’ where new business opportunities are exploited while managing risk and balancing the tradeoff between control and user experience.”
“It’s startlingly clear that mobile technology has transformed daily business faster than most businesses have been able to adapt,” said John Sims, President of Global Enterprise Services, BlackBerry. “Leaders at all levels of organizations around the world are realizing the very real gaps that exist in their technology infrastructure – and the potentially devastating consequences of a breach. As workforces become ever more mobile, BlackBerry leads the industry in developing solutions that provide flexibility without sacrificing security.”
The findings raise serious concerns about the risk exposure faced by enterprises at a time when mobile challenges are growing. Nearly two-thirds of respondents reported the number of data breaches their organization has experienced via mobile devices has increased in the last year, and 66 percent said that it is difficult for their organizations to keep up with emerging mobile trends and security threats.
Additional mobile security trends emerging from survey respondents and their organizations included:
- Increasing need for Enterprise Mobility Management (EMM). Seventy-six percent of study participants said the risk of legal liability and costly lawsuits will increase without concerted efforts to adopt comprehensive enterprise mobility management strategies.
- 61 percent say their organization miscalculates or underestimates risk by focusing on the device rather than the entire mobility landscape.
- The head of internal audit at a professional services company interviewed for the study said: “Attitudes are changing with regard to work and where you do it. The danger is that as the behavior changes and we use more mobile technologies, the controls do not keep up.”
- Reconsideration of bring-your-own-device (BYOD) policies. Fifty-seven percent said that they would consider curtailing policies that allow employees to use their personal mobile devices at work (BYOD) in favor of more secure end-to-end solutions such as corporate owned, personally enabled (COPE).
- 77 percent reported that it is increasingly difficult to balance the needs of the business and those of the end user when it comes to mobility.
- A vice president of technology at a financial services firm said: “As soon as someone is on the news there will be a backlash.”
- Mobility partners must provide secure, future-ready solutions. Sixty-nine percent said their methods for choosing mobility vendors need to be updated to reflect the current risk and mobility landscape.
- 73 percent said they want providers to have security credentials and certifications when determining how best to implement EMM solutions.
- 58 percent want their partners to have a clear mobility roadmap and solutions that adapt to changing technologies.