VPN Articles and News

Most IT Users Do Not Comply With Company Mobile Security Policy

Tuesday, May 19th, 2015

A new study “2015 State of Endpoint Report: User Centric Risk” claims that a lot of IT employees are either too careless or negligent to follow their organization’s mobile security policies. The study was conducted by Ponemon Institute in association with Lumension to understand the emerging trends in risks associated with endpoints (computers, mobile and peripheral devices). As a part of the study, Ponemon interviewed over 700 IT security professionals who are responsible for enforcing IT security policies within their organizations.

Among the experts interviewed by Ponemon, a vast majority agreed that the risks associated with endpoints have increased significantly in the last few years. 71 percent of the survey participants claimed that managing endpoint risks has become a lot more difficult in the last 24 months while 68 percent were of the opinion that endpoint security has become one of the most critical components of their company’s overall IT security strategy.

While most participants agreed that endpoint risks have shot up significantly, there was some difference of opinion as to why the risks were increasing. While 73 percent of participants claimed that the risks have shot up due to use of commercial cloud applications, 68 percent were of the opinion that most risks emanate due to the use of personal Smartphones by the employees (under the Bring Your Own Device (BYOD) schemes) whereas 63 percent thought that working from home or offsite locations contributed the most to the endpoint risks.

The study also provides a startling insight into how the negligence and carelessness on the part of employees can contribute to the endpoint risks. 78 percent of survey participants agreed that negligent or careless employees not complying with organization’s security policies is the biggest reason why managing endpoint risks has become so difficult. Additionally, 38 percent respondents said that employees using insecure Wi-Fi or working from offsite locations contributed the most to security risks while 51 percent thought having a lot more personal devices connected to corporate networks was the main reason why the security risks have gone up.

Ponemon’s annual study also throws a light on how the use of mobile devices is increasing risks to IT security. 80 percent of the participants said that they considered Smartphones as threats to their organization’s security while 75 percent suspected that mobile endpoints have become the prime target for malwares in the last one year.

Among the tools and applications that apparently caused the most security risks, Adobe products (Reader, Flash) topped the list with 62 percent while Java was ranked second with 54 percent.

The survey even lists the reasons why it has become difficult to stop attacks on endpoints. The participants claimed that 28 percent of endpoint attacks cannot be stopped due to lack of technological or process expertise. What’s more, 71 percent of respondents claimed that it is extremely difficult to enforce their organization’s endpoint security policy.

Ponemon’s survey is a good reminder regarding how the increasing shift to BYOD is increasing security risks for the organizations. The study also proves that even if a particular organization has the best mobile security policy, enforcing it is difficult due to challenges associated with the use of BYOD and cloud technology.

May 19, 2015

Leave a Reply

Your email address will not be published. Required fields are marked *

6 + 2 =