My role at IBM is to focus on the mobile security market. As a result, I consume a steady diet of mobile-related white papers, articles, news reports and other materials on the topic. I see the good, the bad and the ugly of the mobile environment and hear from a wide range of companies regarding how they are deploying and securing mobile.

With all that I see and hear, it’s somewhat easy for me to fall into the fallacy of believing my exposure is consistent with that of others. In late 2015, I decided to test that belief. I sponsored a survey to see if the mobile phenomenon was impacting the masses to the extent that I thought or if it was simply much ado about nothing.

About the Mobile Security Study

My goal for the study was to identify if and how mobile was transforming the enterprise and what companies were doing to secure their mobile initiatives. We had approximately 30 questions that were answered by more than 200 global organizations of various sizes in a number of different industries.

Six months later, the results are in. Key findings of our survey were as follows:

  • Mobile is growing and is present in virtually every organization.
  • Many of the organizations that have embraced mobile are seeing measurable productivity gains.
  • Security has been a bigger issue than anticipated and it is impacting deployment.

The full report and results are available in the “2016 Mobile Security and Business Transformation Study,” but I will share some highlights.

The fact that mobile is growing and present in almost every organization really came as no surprise to us. The survey revealed that 99 percent of companies have employees using mobile in some manner to perform their jobs. Mobile prevalence has created an environment where employees can work from wherever they are and whenever they want, gaining access to the resources they need to perform their jobs.

Enterprises Are Embracing the Benefits of Mobile

In addition, 63 percent of respondents said they support a bring-your-own-device (BYOD) program that allows end users to select their own device and/or OS. This is the type of freedom that leads to happier employees. These steps are likely increasing productivity for these associates, but it is very hard to quantify the real benefits.

While the benefits of associate satisfaction may be hard to quantify, a number of survey respondents said they were seeing measurable gains as a result of their mobile initiatives. Being able to tie hard numbers to any initiative is critical because when you ask for additional funding, it will be a much easier request for management to approve.

So often we execute initiatives and then struggle to measure the results, but in this case, our study respondents indicated they have measurable results they can attribute to their mobile enablement. About 26 percent of companies reported increased revenue, while 23 percent saw cost savings. Companies also reported improved customer service metrics and employee satisfaction as key benefits.

It’s Not All Good News

With the good there is also the not so good or even downright bad. Sixty-three percent of companies indicated that there were a greater number of security risks than expected. When asked what security incidents they had experienced in the last year, 23 percent said they had identified malware on a device and another 23 percent said data loss due to a lost or stolen device.

These concerns and incidents contributed to our respondents indicating that in 2016 they would focus their spending on mobile device management (42 percent) and virus/malware detection tools (45 percent). While it’s great that they’re planning to step up their game in these areas, our data shows that many are already taking these security measures.

Simply doing more of the same is not a good strategy. The focus needs to be much broader and should take into account all threat vectors and how to address them. Mobile security is a broad topic and needs to be addressed holistically.

So what’s the net of all of this? Mobile is growing and so are security threats. If end users are accessing your corporate resources through mobile, you must embrace it and get ahead of threats.

Mobile is here. It’s happening and you need a mobile security strategy. Are you wondering how you measure up to the companies in our survey? Download the full ISMG report and see all the questions and responses as well as our analysis of the results.

Read the ISMG Study to Learn How Mobility Has Changed How Enterprises Conduct & Secure Business

More from Endpoint

X-Force Prevents Zero Day from Going Anywhere

This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

When the Absence of Noise Becomes Signal: Defensive Considerations for Lazarus FudModule

In February 2023, X-Force posted a blog entitled “Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers” that details the capabilities of a sample attributed to the Lazarus group leveraged to impair visibility of the malware’s operations. This blog will not rehash analysis of the Lazarus malware sample or Event Tracing for Windows (ETW) as that has been previously covered in the X-Force blog post. This blog will focus on highlighting the opportunities for detection of the FudModule within the…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…