HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Majority of Organizations Failing to Protect Against Mobile Device Security Breaches

A recent report published by Dimensional Research has highlighted the growing threat of mobile device security breaches and how little organizations are doing to mitigate risk.

Cybercriminals may view employees as one of the weakest links in the security chain, but mobile devices are similarly viewed as an easy way of gaining access to data and corporate networks.

According to the report, the threat of mobile cyberattacks in growing. Two out of ten companies have already experienced a mobile device cyberattack, although in many cases, organizations are not even aware that a cyberattack on a mobile device has occurred.

The survey, which was conducted on 410 security professionals, found that two thirds of respondents were doubtful they would be able to prevent a cyberattack on mobile devices and 51% believed the risk of data theft/loss via mobile devices was equal to or greater than the risk of data theft/loss from PCs and laptops. Yet, a third of respondents said they did not adequately protect mobile devices.

Please see the HIPAA Journal Privacy Policy

3 Steps To HIPAA Compliance

Please see HIPAA Journal
privacy policy

  • Step 1 : Download Checklist.
  • Step 2 : Review Your Business.
  • Step 3 : Get Compliant!

The HIPAA Journal compliance checklist provides the top priorities for your organization to become fully HIPAA compliant.

94% of respondents said cyberattacks on mobile devices will become more frequent while 79% said the already difficult task of securing mobile devices will become harder.

A broad range of attack methods are used to gain access to mobile devices and the networks and accounts to which they connect. Malware infections are most common cause of mobile device security breaches, being involved in 58% of attacks. Text message phishing attacks were reported by 54% of organizations as were man-in-the-middle attacks and connections to malicious Wi-Fi networks. Intercepted calls and text messages (43%) and keylogging and credential theft (41%) made up the top five attack methods.

Even though mobile device security breaches are occurring with increasing frequency, 38% of companies have yet to implement a dedicated mobile device security solution.

Virtually all staff members carry mobile phones at work. Many employees use them for work communications and to access sensitive data. While laptop computers are frequently lost or stolen and are often protected, the risk of mobile devices being lost or stolen is greater yet the devices are poorly protected.

When asked about the reasons why a mobile device security solution was not used, a lack of budget (53%) and shortage of resources (41%) were the primary reasons. For 37% of respondents, the perceived risk of a data breach or security incident did not justify the cost a dedicated security solution. However, 62% of companies are aware of the increasing risk of mobile device security breaches and are dedicating more funds to securing mobile devices.

Since the devices are likely to store far less data than desktops, the perceived cost of a mobile device breach may be lower. However, the survey revealed that IT security professionals did not believe that to be the case. 37% of respondents said a mobile data breach would likely cost the company more than $100,000 to resolve, with 23% expecting the cost to be in excess of $500,000.

David Gehringer, Principal at Dimensional Research said, “The research consistently revealed that the overall focus and preparedness of security for mobile devices is severely lacking,” and pointed out that “security professionals identified the risk of mobile devices, but focus and resources assignment seem to be waiting for actual catastrophes to validate the need to properly prepare their defenses.”

As we have already seen on countless occasions, such a strategy can prove costly. That cost is likely to be much higher than the cost of implementing a security solution to protect mobile devices.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.