ITIC and KnowBe4 Latest Study Reveals Companies Lack “BYOD” Security


New ITIC/KnowBe4 Independent Survey Reveals 53% of businesses are unprepared to deal with hacked or stolen BYOD devices even though 50% indicated company-owned tablets, notebooks & smartphones may have been hacked in last 12 months

(Boston, MA)  February 18, 2014 – A 53% majority of organizations acknowledge that they are unprepared to deal with security breaches to their corporate and employee-owned Bring Your Own Device (BYOD) notebooks, tablets and smart phones. And this despite the fact that 50% of businesses say their BYOD devices may have been hacked in the last year.

The findings are part of a joint study conducted by ITIC, a research and consulting firm based in the Boston area specializing in conducting independent surveys tracking crucial trends and KnowBe4, a security awareness training firm. The ITIC/KnowBe4 “2014 State of Security” survey, polled 250 companies worldwide in February 2014.  The survey found that 55% of organizations are not increasing or fortifying their existing security measures despite the recent spate of high profile security attacks against companies like Target, Skype, Snapchat and others.

The survey results indicate that  a 65% majority of businesses now allow end users to BYOD and use them as corporate desktop or mobile devices to access organizational data including email, applications and sensitive data. BYOD usage enables businesses to reduce expenditures and lower the administrative burdens of IT departments as end users manage, maintain and in many cases pay for their own devices. The rise in BYOD, mobility and remote/telecommuting users potentially increases the risk of security breaches.

Approximately half or 50% of survey respondents said their employee and company-owned BYOD devices had not been hacked compared to about 10% that indicated that desktop devices and smart phones were penetrated. However in a disconcerting trend, 40% of businesses admitted they were “unsure,” “had no way of knowing” or “do not require employees to inform them” if their desktops or BYOD devices have been hacked.

Kevin Mitnick (world’s ‘most-wanted’ hacker), KnowBe4’s Chief Hacking Officer said: “Mobile devices are the new target-rich environment. Based on lessons learned in the early days of the personal computer, businesses should make it a top priority to proactively address mobile security so they avoid the same mistakes [of the PC era] that resulted in untold system downtime and billions of dollars in economic loss.”

BYOD can render corporations extremely vulnerable to security breaches. Unless the corporation has strong, effective policy, procedure and security awareness training in place to govern BYOD usage, the company and its sensitive corporate data could be put in a precarious position in the event that a mobile device is lost, stolen or more likely, hacked, a real possibility in recent times.

Among the other ITIC/KnowBe4.com survey highlights:

·         Organizations remain divided on who bears responsibility for BYOD device security. More than four-out-of-10 businesses – 43% -- currently have no designated BYOD security policies.

·         Some 45% of businesses indicated they are taking additional security measures. The top three most popular security mechanisms include: installing the latest security fixes and patches (49%); conducting security audits and vulnerability testing (36%) and initiating computer security training for IT and end users.  

·         Only 13% of respondents said their firms have specific policies in place to deal with BYOD deployments, while another nine percent indicated they were in the process of developing BYOD procedures.

·         An 80% majority of firms consider strong anti-virus, intrusion detection and firewalls the most important/critical element and most effective mechanism to safeguard their networks followed by endpoint security (65%). Some 60% of survey participants cited physically limiting access to the server room/datacenter and providing end-user security awareness training as also being crucial to maintaining security.

ITIC principal analyst Laura DiDio added, “These survey findings should galvanize corporations to proactively safeguard data in advance of an expensive and potentially crippling loss or hack.”

For necessary and vital security measures, every firm regardless of size should conduct a risk assessment review, adopt the ‘defense-in-depth’ strategy and create a strong first layer that includes up-to-date security policies, procedures and security awareness training to deal with server and desktop deployments, including BYOD.

About Laura DiDio and ITIC

Laura DiDio is the founder and principal analyst of ITIC, which conducts primary research and surveys and tracks crucial high technology products and business trends. DiDio has over 20 years experience covering the high technology industry as both an analyst and a reporter.

 

About Stu Sjouwerman

Stu Sjouwerman is the Founder and CEO of KnowBe4, LLC.  An IT Security expert with 30+ years in the industry, Sjouwerman (pronounced shower-man) co-founded of Inc. 500 Company Sunbelt Software, an award-winning anti-malware software company, acquired by GFI Software in 2010. Realizing the end-user is the weak link in IT security and this being seriously neglected, Stu partnered with the world’s “most wanted” hacker Kevin Mitnick to help IT pros tackle cybercrime utilizing New School Security Awareness Training combined with regular simulated phishing attacks. Sjouwerman is the author of four IT books, with his latest being Cyberheist: The Biggest Financial Threat Facing American Businesses Since the Meltdown of 2008.

About KnowBe4: KnowBe4, LLC provides Kevin Mitnick Security Awareness Training to small and medium-sized enterprises and services well over 400 customers in a variety of industries, including highly-regulated fields such as banking, finance, healthcare, insurance and high-tech.

 

 

Get the latest about social engineering

Subscribe to CyberheistNews