Report: Unauthorized Mobile Access Fueling More Data Breaches

Research finds less than half of security professionals are confident in their mobile device security.

Smart Phone In Industrial

Imprivata, a digital identity company, and Ponemon Institute have released new research that the consequences associated with existing enterprise-owned mobile device programs. The findings, detailed in a new report titled Unlocking the Cost of Chaos: The State of Enterprise Mobility in Life- and Mission-Critical Industriesshows that without effective tools or a unified strategy, organizations experience significant challenges when implementing mobile devices.

While mobile devices have become crucial for advancing modern business operations, the findings indicate that just 28 percent of IT and IT security practitioners believe their programs and strategies can secure mobile devices and access to sensitive and confidential data. Moreover, employee usability has notable room for improvement, with 31 percent citing ease of access to applications and data on shared devices.

Repetitive, manual authentication is a common challenge, as is employee downtime due to devices that are unusable - with an average of 872 hours lost each week.

โ€œAnd while all organizations are vulnerable to breaches that disrupt productivity and lead to financial loss, those in high-stakes industries often suffer dire consequences such as poor patient outcomes or the inability to deliver critical goods and services. This research comes at a crucial time for increasingly mobile industries like healthcare, retail, and manufacturing, to understand the challenges and optimize their significant investments in mobile technology," said Fran Rosch, CEO at Imprivata.

One of the more costly challenges revealed in the report involves dealing with lost mobile devices. Of the nearly 40,000 used by employees represented in this research, an average of 16 percent are lost each year, costing organizations an approximate $5.45 million annually. This does not factor in the costs of IT security and help desk support, or diminished productivity and idle time, which adds another $1.4 million, on average, every year.

Other key findings indicate:

  • Less than half (46 percent) of all manufacturing organizations can maintain control over who has access to what devices and when, while only 39 percent can enable secure access to devices without the use of shared pins.
  • Manufacturing organizations spend $162,650 on overageโ€”the most out of industries surveyedโ€”on IT help desk support for dealing with lost mobile devices.
  • User productivity could improve with remote mobile management. The process for maintaining and managing mobile devices takes place onsite all, or part of the time, for 67 percent of respondents - an inefficiency that needs addressing in the age of hybrid and remote work.
  • Many organizationsโ€™ strategies are failing to secure devices without creating usability issues. Sensitive data on mobile devices is vulnerable, with less than half (47 percent) of respondents citing their organizations secure vulnerable apps and 40 percent saying they can protect data and privacy by locking down devices between each use. Moreover, 40 percent say their programs enable quick access to mobile applications without repetitive, manual authentication.
  • No single industry is leading the charge on access management. 45 percent of respondents say their organizations are highly effective in protecting sensitive data on lost devices. Of all industries, healthcare spends the most on IT security support, totaling $750,270 annually. 
  • All countries consider it very difficult to maintain access controls on shared devices. Sixty percent of IT and IT security practitioners in the UK and Germany cite a high degree of difficulty with access management, while 59 percent of those in the U.S. agree.

โ€œTodayโ€™s workforce demands flexibility and untethered access to data and tools from anywhere, at any time. However, this research shows current enterprise mobility strategies may be more of a hindrance than a help to many organizations and their employees,โ€ said Joel Burleson-Davis, Senior Vice President of Worldwide Engineering, Cyber at Imprivata. โ€œOrganizations should start by conducting a readiness audit, designating responsibility of their mobile device strategies and programs to a key stakeholder such as the CIO or CTO, and then move ahead with implementing a robust access management strategy that optimizes security with usability.โ€

The complete findings in the report can be found here

More in Cybersecurity