International IT governance body ISACA has released a study detailing the increasing potential for mobile devices to pose a significant threat to data loss. Pointing to information leakage over wireless and poorly secured wired networks, Securing Mobile Devices is intended as a wake-up call for companies who refuse to close backdoors leading to confidential enterprise information and intellectual property.
Recent discussion on anti-virus company AVG's corporate blogs has suggested that the reason we are still repeatedly discussing the same security issues over and over, is that obvious data threats are still not properly managed. Mobile devices are progressively more likely to be the target of a malware attack now than at any time in the past -- and as employees carry them beyond the protection of their company's network, the risk is multiplied exponentially.
According to the Michigan-based Ponemon Institute's Global 2009 Annual Study on the Cost of a Data Breach, 32 percent of all data breach cases analyzed involved lost or stolen laptop computers or other mobile data-bearing devices. While the average organizational cost of a data breach was $3.4 millionUS, all countries in the study reported noticeably higher data breach costs associated with mobile incidents.
"Ironically, many of the risks associated with mobile devices exist because of their biggest benefit: portability," said ISACA project development team member Mark Lobel.
ISACA recommends a governance framework such as COBIT or Risk IT to help IT managers ensure that process and policy changes are implemented and understood and that appropriate levels of security are applied to prevent data loss.