Security Experts:

Security Not Keeping Pace With Consumerization of IT, Forrester Research Finds

Consumerization may be one of the factors influencing enterprise IT, but for many organizations, security may not be keeping pace, according to a new paper by Forrester Research.

In a paper entitled, 'Understand The State Of Data Security And Privacy: 2012 To 2013', data loss and protection are listed as top concerns when it comes to mobile security. Based on a survey of 2,383 IT executives from five countries, Forrester reported that most organizations have security policies in place for smartphone, tablet and consumer-oriented tool use, but more than half admitted that either they don't have the tools to enforce the policy or the tools they do have are insufficient for the task.

BYOD Security RisksThis poses a serious problem if a study released in May is accurate. The study, commissioned by Check Point Software Technologies, fielded answers from more than 2,600 participants from the U.S., U.K., Hong Kong, Brazil and Germany. According to the study, 11 percent of the machines and mobile devices connecting to the networks of U.S. participants are infected with malware.

But the lack of tools isn't the only issue. Just 56 percent of the respondents to the Forrester study said they were aware of their organization's current security policies.

"Consider employee awareness to be another layer of security, and realize that educating employees is also internal PR outreach for the security group," Forrester analyst Heidi Shey wrote in the report. "S&R pros can show that, yes, they understand how employees work, what tools they use, and have taken measures to enable employees to get work done — and do it in a secure manner."

Most of the breaches that occur are the work of insiders as opposed to external attacks, according to the survey. In fact, only 25 percent of data breaches experienced by the respondents in the last 12 months were caused by outsiders. The largest percentage was due to the loss or theft of a corporate asset (31 percent).  Twenty-seven percent were due to unintentional misuse of data by employees, while 12 percent were related to acts by malicious insiders.

"Given all the media attention on data and privacy breaches, hacking, and advanced persistent threats today, it’s easy to assume that all the major threats to your organization come from external actors," Shey wrote. "Not completely true. Insiders and business partners also have access to data and information that they compromise. Whether their actions are intentional or unintentional, insiders cause their fair share of breaches. Other common sources of breach include loss or theft of corporate assets, such as laptops or USB drives, and external attacks that target corporate servers or users."

The full paper from Forrester Research is available here.