Back to all blog posts
Jun 6, 2017
Mobile Data Breaches – Is Your Organization Truly Prepared?
Mobile devices have become an integral component of IT infrastructure for virtually all businesses. However, a recent report by Dimensional Research (the “Report”) shows that most security professionals feel unprepared to defend against a mobile data breach. The Report is based on the results of a global survey conducted by Dimensional Research of 410 security professionals with leadership and frontline responsibilities, including representatives from each continent of both large and small companies.
According to the Report:
- 94% of security professionals expect the frequency of mobile cyberattacks to increase rapidly;
- 64% of security professionals are doubtful that their organization is prepared to defend against such attacks; and
- 79% of security professionals predict that effective mobile security will become more difficult in the near future.
While only 20% of businesses surveyed reported having experienced a mobile security breach, an additional 24% were not aware (or were otherwise unable to determine) if they had fallen victim to such a breach. This indicates that there is a significant blindspot in the risk monitoring strategies implemented by organizations, specifically as it relates to mobile security.
The Report suggests that potential threat actors view mobile security as one of the “weakest links” for organizations. As the threat continues to grow, it is necessary that those charged with a company’s data security mandate understand the risks associated in order to properly allocate resources and develop sufficient mobile security measures.
Understand the Risk
As previously reported on The Spotlight, the average cost of a data breach for a Canadian company exceeds $6 million. On a global scale, data theft is estimated to cost organizations an aggregate of $2 trillion per year, a number that could potentially reach as high as $90 trillion by 2030 if trends continue.
The cost of a mobile data breach can be similarly staggering. The results of such a breach might be just as damaging as a breach from a laptop or desktop. However, according the Report, more than one in three security professionals surveyed regard the risk of data loss as higher on mobile devices.
The perception of increased risk may be attributable to a number of concerns, such as the high incidence of loss and theft of mobile devices. It may also simply be another expression of security professionals’ lack of confidence in existing mobile security measures.
Regardless, it is imperative that organizations identify vulnerabilities associated with the use of mobile devices and implement targeted defensive strategies to mitigate those risks.
The Report shows a striking lack of confidence among security professionals with regard to mobile device security capabilities. Many factors may contribute to this lack of confidence, including a lack of visibility, capability and the rapid rate at which mobile cyberattacks are likely to increase. The key, however, might be that organizations have not implemented dedicated mobile device security solutions.
Only 38% of respondents indicated that their organization had a mobile security solution to protect smartphones and tablets from advanced mobile cyberattacks. Only a fraction of respondents had made an assessment and determined there was not enough risk to warrant a dedicated solution. According to the Report, insufficient resources, budgets and experience were the key drivers behind this shortfall.
The Report demonstrates a consensus among security professionals on a global scale that the mobile data breach threat is growing. Those charged with a corporate cybersecurity mandate may be wondering how to survive in this increasingly risky landscape.
In order to be properly prepared, organizations should carefully consider the risks associated with mobile security in order to make a calculated assessment regarding appropriate solutions. See our earlier post on The Spotlight for practical data breach prevention strategies.
Aird & Berlis LLP’s privacy and data security experts can also provide support and legal guidance to help your organization implement these best practices to protect your organization’s data.
*This article was co-authored by Amy Marcen-Gaudaur. She was a 2016/2017 articling student at Aird & Berlis LLP.