A Kaspersky Lab survey of global IT security professionals has found that as the rate of stolen mobile devices has increased, the average time for IT departments to respond to this security threat has also grown. The cause of this delay is employees becoming slower to notify their employers of missing devices, with only half of employees reporting theft quickly. Across businesses that experienced mobile device theft, 19% said the device theft resulted in the loss of business data, meaning businesses have approximately a one-in-five chance of losing data if a corporate mobile device is stolen.
After receiving input from thousands of IT security managers around the world as part of the company’s 2014 IT Security Risks survey, Kaspersky Lab can report that more than one-third of employees (38%) take up to two days to notify their employers of stolen mobile devices, and 9% of employees wait three – five days. The percentage of employees who notified their employers the same day the incident occurred decreased from 60% to 50% from 2013 to 2014. This delay can create a significant window of vulnerability and makes the loss of sensitive business data more likely.
The survey also found that the rate of mobile device theft overall has continued to climb over the years, with 25% of companies experiencing the theft of a mobile device in 2014, a significant increase from the 14% reported in 2011. However, as stolen devices become more common, employees appear to be responding more slowly, with only half of employees in 2014 reported a stolen device on the same day the incident occurred. The growing prevalence of stolen mobile devices may be a contributing factor to employee apathy, since a stolen smartphone might now be seen as a somewhat common occurrence, and not a rare crisis that demands attention.
The rate of mobile device theft varied significantly across regions. The Middle-East reported the lowest rate of mobile device theft by far, with 8% of businesses reporting an incident, followed by 15% in Japan and Russia.
When looking at behaviors of employees in specific regions, North American employees are the slowest to respond based on 2014 survey data, with only 43% of North American employees reporting a stolen device on the same day as the incident. The Asia-Pacific region saw the biggest change year-over-year with only 47% of employees reporting same-day notification in 2014, a drop from 74% in 2013.
Given this rising rate of device and data theft surrounding mobile devices, it should come as no surprise that 52% of survey respondents indicated they are “more concerned about mobile” than in previous years. In fact, 43% went further, saying that mobile working patterns introduce too much risk,” despite the obvious productivity benefits these devices can bring to the business. Another 42% believe that “BYOD (Bring Your Own Device) mobile policies present an increased security risk” for businesses.
Despite these IT department concerns, mobile device usage shows no signs of slowing down. More than one-third 34%) of survey respondents listed “the integration of mobile devices” as one of their top concerns during the past 12 months, a higher rate than managing hardware upgrades or even the deployment of virtualization technology.
This leaves IT managers dealing with multiple security challenges associated with a mobile workforce, and as the demand for mobility increases, users appear to be less engaged in helping secure mobile platforms. This is a tough set of circumstances that requires a well-planned security policy and the right security technology. A mobile device management (MDM) policy that integrates within existing endpoint security software can be a huge value to IT managers trying to stay ahead of mobile security challenges. By keeping an MDM policy managed through the same console as businesses other endpoint security software, IT managers can enforce policies customized to each individual employee, including “containerization” that keeps business information on mobile devices encrypted and separated from personal data on employee-owned devices. Fully-equipped MDM software also provides a variety of anti-theft measures, including the ability to remotely delete business data from stolen devices. To learn more about Kaspersky Lab’s mobile security solutions, please the Kaspersky Security for Mobile product page, and read our “Dummies Guide” for mobile security and BYOD.