The balance between encouraging mobility for business purposes and controlling it for security remains as tricky today as ever. Ninety-three percent of organizations are now somewhat or very concerned that the mobile workforce is presenting an increasing number of security challenges. Of these, 47% are ‘very concerned’; a figure that has grown from 36% a year ago.
These figures come from the iPass 2017 Mobile Security Report (PDF), published today. iPass is a global provider of always-on, secure Wi-Fi; with more than 60 million hotspots in more than 120 countries.
Vanson Bourne surveyed 500 CIOs and senior IT decision makers from the US (200), UK (100), Germany (100) and France (100). While the results are broadly consistent across all regions, there are nevertheless some surprising differences. For example, while there is acknowledgement that security is needed, there is apparent recognition that control is difficult — and the extent of the problem and ways to solve it differ by geographic region.
Less than a third of companies ban the use of public Wi-Fi at all times, while a further 37% ban their use ‘sometimes’. More surprising, however, is the regional difference: 44% of UK organizations do not, and do not plan to introduce a ban; but only 10% of US companies are similar. Eight percent of UK companies have no concern over mobile security, while only 1% of US companies have no concerns.
Coffee shops are unsurprisingly a major cause of concern. “Wherever there is an unsecured public Wi-Fi network,” notes the report, “there is the threat of attack. However, coffee shops are seen as the most dangerous public Wi-Fi venue of all.” In all regions surveyed, 42% of respondents cited coffee shops as their major concern over public wi-Fi. “Cafes and coffee shops are everywhere and offer both convenience and comfort for mobile workers, who flock to these venues for the free high speed internet as much as for the coffee,” comments Raghu Konka, vice president of engineering at iPass. “However, cafes invariably have lax security standards, meaning that anyone using these networks will be potentially vulnerable.”
Cafes are followed by airports (30%) and hotels (16%) as the locations giving most concern over public Wi-Fi.
Man-in-the-middle (MitM) attacks are considered the greatest threat, cited by 69% of respondents. This is followed by lack of encryption (63%), hotspot spoofing (58%), and unpatched devices (55%).
The greatest risk, however, comes not from mid-level or even junior staff — it is the CEO and other C-level executives. “The grim reality,” explains Konka, “is that C-level executives are by far at the greatest risk of being hacked outside of the office. They are not your typical 9-5 office worker. They often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data imaginable. They represent a dangerous combination of being both highly valuable and highly available, therefore a prime target for any hacker.”
The respondents agreed. Overall, 40% of respondents named the C-Suite. It was as low as 29% in the UK (possibly because there are fewer C-level executives), and as high as 49% in Germany. It was 40% in the US. Senior management came in as presenting the second most serious threat, at 34% overall. Not surprisingly, it was higher in the UK at 42%; and lower in the US at 26%.
The simple reality is that mobile working is an essential part of modern business despite security concerns about it. In many cases, the survey suggests that total bans on public Wi-Fi are increasingly adopted. “Sadly, in response to this growing threat, the majority of organizations are choosing to ban first and think later,” comments Konka. “They ignore the fact that, in an increasingly mobile world, there are actually far more opportunities than threats. Rather than give in to security threats and enforce bans that can be detrimental or even unenforceable, businesses must instead ensure that their mobile workers have the tools to get online and work securely at all times.”