From sm m artphones to tablets, mobile devices continue to cause ongoing concern for IT teams

responsible for information security. Sensitive corporate information can be easily transported,
leaked, or lost while the Bring Your Own Device (BYOD) movement has dramatically increased the
number of expensive security incidents. Even so, corporate information, including sensitive customer
information, are increasingly stored on personal mobile devices and not managed by corporate IT.
Based on a survey of nearly 800 IT professionals, the report quantifies the dramatic growth of BYOD,
exposes the frequency and cost of mobile security incidents, and identifies the main challenges faced
by businesses of all sizes. Key findings include:
Surge in Personal Mobile Devices Connecting to the Corporate Network Among
companies that allow personal mobile devices, 96 percent say the number of personal devices
connecting to their corporate networks is growing, and 45 percent have more than five times
as many personal mobile devices as they had two years ago.
Mobile Security Incidents Common and Costly for Businesses Large and Small More
than half (52%) of large businesses report mobile security incidents have amounted to more
than $500,000 in the past year. Even for 45 percent of SMBs with less than 1000 employees,
mobile security incidents exceeded $100,000 in the past year.
Mobile Platform with the Greatest Perceived Security Risks - Android was cited by 49
percent of businesses as the platform with greatest perceived security risk (up from 30
percent last year), compared to Apple, Windows Mobile, and Blackberry
Corporate Information Not Managed on Mobile Devices Despite costly mobile
incidents, 63 percent of businesses do not manage corporate information on personal devices,
and 93 percent face challenges adopting BYOD policies.
More Mobile Devices Store Sensitive Customer Information - More than half (53%) of
all businesses surveyed report there is sensitive customer information on mobile devices, up
from 47 percent last year.
As the modern workplace grows into an increasingly fluid and fast-paced space, many workers are
turning to portable and mobile devices to stay flexible and productive. Business has evolved from office
hours to an anytime, anywhere schedule. As workplaces focus more on virtualisation, connectivity
and cloud computing, it is integral for commercial success to engage with a fresh, more collaborative
way of working. Compared to two years ago, twice as many employees are logging onto corporate
systems with the same personal devices that they use to access their social networks. This may seem
like an encouraging sign of an increased work ethic but it also presents a massive security risk, as
the business network becomes only as secure as the device in question. Meaning, theoretically, that a
single lost phone could lead to confidential corporate information being accessed by multiple unknown
parties. According to Forbes magazine, mobile app development projects will outnumber native PC
projects by a ratio of 4-to-11 by 2015.Theoretically, a single lost phone could lead to confidential
corporate information being accessed by multiple unknown parties.
A global survey shows that almost 89% of IT professionals own mobile devices that connect to their
corporate networks2. With the number of employees who use personal devices to work on-the-move
increasing rapidly, the risk to company security continues to grow.
it is increasingly difficult for the enterprise IT manager to maintain a standardised IT security policy.
Often employees bring their own technology to the workplace, combining the personal and professional
on one device. This blurs the lines of IT control as personally-owned devices are not governed by the
same legal policies as standard-issue company technology.3 TThese increasingly common circumstances
only serve to highlight the numerous security challenges facing modern businesses. Threats to corporate
IT security can be posed by a variety of sources. These are not exclusive to employee use of personal
devices, but can also include:
Increased use of social media sites which increase the risk of data theft
Malware threat on unsecured user devices
Consumer cloud-computing services used for storage purposes
Jail-breaking rooting devices on personal mobile phones
Data being lost or damaged due to user error
Data falling into wrongs hands if devices are lost or stolen
Jailbreaking and rooting is the process of gaining unauthorized access or elevated privileges on a system. The terms
are different between operating system, and the differences in terminology reflect the differences in security models
used by the op erating systems vendors.
For iOS, Jailbreaking is the process of modifying iOS system kernels to allow file system read and write access.
Most jailbreaking tools (and exploits) remove the limitations and security features built by the manufacturer Apple (the
"jail") through the use of custom kernels, which make unauthorized modifications to the operating system. Almost all
jailbreaking tools allow users to run code not approved and signed by Apple. This allows users to install additional
applications, extensions and patches without the control of Apples App Store.
On Android, Rooting is the process of gaining administrative or privileged access for the Android OS. As the Android
OS is based on the Linux Kernel, rooting a device is analogous to gaining access to administrative, root user-
equivalent, permissions on Linux. Unlike iOS, rooting is (usually) not required to run applications outside from the
Android Market. Some carriers control this through operating system settings or device firmware. Rooting also
enables the user to completely remove and replace the device's operating system.

Mobility is going to impact businesses with the same force the Internet did in the 1990s, according to a study released
Monday by VAR500 solution provider Accenture. The study found that 67 percent of IT professionals said mobility will
influence their businesses as much as or more than the Internet did. In addition, 69 percent of the respondents would
allocate in excess of 20 percent of their discretionary budgets this year to mobility projects.
In 2011 the sale of devices such as smartphones andtablets beat those of PCs for the first time ever with
73 million additional units being sold. Many of these devices now have functionality that is equal to the
laptop or home computer of only a few years ago. These products have become an indispensable tool
for consumers enabling anytime access to social networking sites, GPS services, games and online baking
applications.
Mobile devices hold and access sensitive information including customer details, bank accounts, credit
card numbers and trade secrets. However, these devices are easily lost and are attractive to thieves,
enabling business data to fall into the wrong hands. Additionally, mobile devices are susceptible to
cyber-attacks targeting the device. In fact, Symantec found that there was a global increase of 42 per
cent in threats targeting mobile devices.
Mobile has been very disruptive for the enterprise, surmises Taylor. Most of these devices were not
ready for the IT infrastructures that were in place. Conversely, IT was not ready to handle the open
nature of these phones.
From a security standpoint, mobile technology has created a serious headache for IT. Whether its
employees using web mail to check work emails on their iPhones or working on their laptops at
Starbucks IT has been scrambling to find a way to protect the corporate information that these open
systems make vulnerable.
Everything that makes mobile devices fun and easy to use also makes them susceptible and easy to
attack, says Taylor. Wi-Fi networks are not secure; phones can be hacked, lost and outright stolen.
he problem of multiple devices connecting to the corporate network is not linear, its skyrocketing,
The Cost
Mobile incidents have a ripple effect. Add up the price of fines, legal fees, staff salaries and the result is
staggering. Throw in private lawsuits or court orders to pay for credit monitoring and the risk is
exponential 52% of large companies say the cost of mobile security incidents last year exceeded
$500,000. Forty five percent of businesses with less than 1,000 employees reported costs exceeded
$100,000.

A larger company might be able to absorb these amounts, but it could mean the end for a smaller
business.

Android Anxiety
Out of all the operating systems, Android was cited by 49% of businesses as the platform with greatest
perceived security risk.
Some people realize that wearing a seatbelt is just common sense. Some people, unfortunately, have to learn by having that
accident. You can either prepare for it, or take your chances,