Smartphones have become so convenient, so feature-rich, and so easily portable that most smartphones now carry more personal information than do PCs, a fact that has not eluded the world's cybercriminals.
Yet, despite daily headlines of rogue smartphone apps and snooping sensors, smartphone vulnerabilities are not compelling smartphone owners to rush out and seek added protection for their devices.
A recent Juniper Research survey on mobile security released this month has triggered increased concern among security watchers and IT that smartphone security is everybody's business, including, well, business.
Currently, 80 percent of smartphones are running without any type of malware protection, according to the Mobile Security report from Juniper Research, mobile research specialists.
No Action in 2013
It is small wonder, then, that cybercriminals are unleashing their creative juices and computer skills to see what they can achieve on mobile platforms, hitting consumers and businesses alike. Interestingly, Juniper researchers said the number of unprotected devices in the enterprise and consumer base will not change through the year, even though more security products for mobile devices are on the market. This cannot be great news for IT.
CEOs championed the "bring your own device" phenomenon as a smart way to increase productivity and sales by allowing users to deploy their phones and tablets to get work done in the office or on the move.
Today, though, businesses are waking up to a flip side of BYOD as an area of potential risk. IT managers, in particular, are concerned about protecting confidential business information that is now residing on workers' mobile devices. Repercussions of doing nothing amount to allowing attack vectors and vulnerabilities that could cause mayhem on corporate networks. IT also worries about employees using unsecured file sync services that the IT managers may not know about.
Get a Grip and a Balance
Security experts generally recommend that a company, large or small, implement a set of rules to establish just how the business is to handle PCs, smartphones and tablets carrying business information. The key, they say, is to adopt policies that not only address risks but make employees feel comfortable about compliance while still leveraging their devices to get work done.
Some companies have no policy in place, while other companies post informal suggestions for safe practice; others have highly recommended, if not mandatory, practices. One poll of policy making by myITforum.com, an online community for IT professionals, found that half of respondents said they had not even thought about implementing a policy, while other answers ranged from recommended but not required to required, to having thought about it but with no policy in place.
The train has already left the station, though, with the proliferation of mobile devices in the workplace. In a survey last year, researchers at Decisive Analytics, a business intelligence company, found that out of IT executives and CEOs of larger companies surveyed, nearly all companies (76.7 percent) allowed employees to use their personal devices such as laptops, netbooks, smartphones, and tablets for work-related activities. However, nearly half of companies allowing BYOD reported experiencing a data or security breach as a result of an employee-owned device accessing the corporate network (46.5 percent).
Brighter Outlook Ahead
Juniper Research predicts, meanwhile, that nearly 1.3 billion mobile devices including smartphones and tablets will have mobile security software installed by 2018, up from around 325 million this year.
A number of stakeholders will need to get involved. While IT managers will cope with placing mobile malware under scrutiny and best-practice policies for BYOD, security and device vendors will also need to do their homework on how to offer protection in a user-friendly way.