ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > Resources > Articles > ZDNet UK Research

Research: The lowdown on mobile security

Rhetorik ZDNet.co.uk

Published: 25 Oct 2007 13:48 BST

Mobile-security threats
Having explored company policies, we went on to look at the type of security threats and the specific threats that were considered most important by the research base.

Importance by type of threat
In order of priority, data and information security was clearly of greatest concern to our respondents, followed closely by security of the company network and then, of somewhat less importance, security of the mobile devices themselves.

Particularly notable was the trend in response for those considering each type of threat "very important" to their organisation. This highest level of importance was attributed to data and information loss by almost two-thirds of the research base, whereas this fell to a little over half for security of the network and to a lower two-fifths for the devices themselves.

However, all types of security threat were taken seriously, with more than 85 percent of respondents considering each to be of importance.

All threats increased in perceived importance with increasing size of respondent organisation, probably due to the higher levels of investment and hence business importance of the losses that might be incurred.

Figure 6: Security threats — importance by type

Q37 How important do you consider each of the following types of mobile security threat? Please rate on a scale of 1 to 5, where 1 is "very important" and 5 is "very unimportant"
Base: All respondents; Total: 371
Source: Rhetorik 2007

Importance by specific threat
Interestingly, although we saw that physical loss of the devices themselves is considered the least important of the three main types of threat, the resultant loss of data/information when a device containing company-sensitive data or emails is lost or stolen is of great concern. This was rated the most important specific threat of all those considered.

Next in importance, but still in the area of data loss, was the threat of unauthorised access by third parties to company-sensitive communications or data. Clearly this could arise through access to devices without adequate authentication or other security.

This was followed by loss or theft of mobile devices providing access to data on the company network.

Vulnerability of the network to virus infiltration or other malware introduced by mobile devices is also of considerable concern. This malware could be picked up by mobile devices also used to access sources outside the company firewall and virus control software.

Also network related, almost half of all respondents consider the threat of data corruption on the network, which could be introduced through access by mobile devices, to be very important.

With the high cost of many modern handhelds, loss or theft of the devices themselves is considered of importance, but only a little over a third of our research base rate this in itself as a very important threat.

Inappropriate access or theft of company data by staff is a concern, but generally of much less significance than similar access by third parties through these means.

Perceptions of the importance of each threat were generally lower for respondents in the SOHO sector, although interestingly the importance of loss of the devices was largely consistent across all sectors.