Unauthorised access via mobile phones set to rise

(22/10/2009)

According to Goode Intelligence, 89 percent of security professionals surveyed in its 2009 Mobile Security Survey feel that the current level of awareness for mobile phone security is not adequate. In addition, 46 percent of the organisations surveyed do not have a documented, specific security policy for mobile phones.

This survey, carried out in partnership with Acumin Consulting during September 2009 is the most comprehensive vendor-independent survey on mobile phone security to date and provides a snapshot of the current state of mobile security within organisations across the globe.

“Mobile phone security is an emerging discipline within information security” said Alan Goode, Managing Director, Goode Intelligence. “Mobility and convergence will be two of the biggest challenges for information security professionals over the coming years. Employees and customers alike are using high-powered smartphones, such as the iPhone and Google’s Android devices that can access data over high-speed radio networks and WiFi. They can store gigabytes of data on internal flash memory and removable storage media and run enterprise applications. In short, they have the opportunity to transform the way that we carry out business and access enterprise information.

“However, transformational technology can also be a potential security ‘headache’. More and more organisations are allowing mobile phones to access the enterprise network. 30 percent of the organisations we surveyed currently enable access and this figure is set to rise to 42 percent by the end of 2010. To support these devices, organisations must have effective and relevant information security policy and procedures and adequate technology controls to manage them. Just under half of the organisations we surveyed do not have a specific documented security policy for mobile phones. This needs to be addressed by the policy makers and the policy enforcers.”

The survey discloses that while 46 percent of security professionals currently believe the risk of an unauthorised user using a mobile phone to gain access to an enterprise network is low in 2009, the perception of risk rises dramatically with only 27 percent believing it will remain low by 2011. Significantly, 40 percent of the organisations surveyed believe that the risk will be high or very high by 2011.

The survey shows that there are important challenges ahead for resourcing. Gemma Paterson, Marketing Manager, Acumin Consulting said “With 40 percent of organisations planning on recruiting for mobile security roles in the next two years and just under 30 percent already having one or more resources allocated, it is easy, and reassuring, to see that mSecurity is being taken seriously and becoming more of a priority for the IT and Security functions. It is essential to make organisations aware of this developing challenge and IT Security Managers will need to consider advancing their team’s skill set in this emerging area to ensure they are prepared for the risks arising from this transformation in the way we carry out business.”

Goode Intelligence research shows that the introduction of mobile Two-Factor Authentication (2FA) is achieving two exciting developments: new markets are being opened up and mobile-only 2FA vendors are taking market share away from the current two dominant 2FA hardware token vendors. The survey supports this research and shows that while none of the organisations surveyed currently use a mobile phone as an authentication device some 40 percent plan to deploy it by the end of 2011.

“This is an exciting and growing market for the security industry” said Alan Goode. “The mobile phone is the perfect user-centric device for authenticating employees, internet banking customers and citizens into a network and will replace the hardware token as the de-facto 2FA device.”

The GI mSecurity 2009 Survey findings are published in three separate reports to cover the distinct areas that the survey investigates. All three reports will include the results of the generic areas covered.

The titles of the three survey reports are:
Part 1 - mSecurity 2009 Survey Report - Network Access and Authentication
Part 2 - mSecurity 2009 Survey Report - Anti-Virus
Part 3 - mSecurity 2009 Survey Report - Protection (data and voice), to include encryption, data backup and recovery and anti-theft

All three survey reports will be available to download free of charge from the Goode Intelligence website. Part 1 is available for download since 19 October 2009, Parts 2 and 3 will be available early in 2010.

Related topics:  Mobile and Wireless Security 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources