The current pandemic has increased the vulnerability of firms relying heavily on bring-your-own-device work arrangements that are fraught with cyber perils
The rapid adoption of unmanaged personal devices connecting to work-related resources (also called Bring Your Own Device or BYOD) is putting organizations at risk if the latter are ill-equipped to deal with growing security threats such as malware and data theft.
In a recent study of BYOD threats by cloud security firm Bitglass of 271 cybersecurity professionals in April this year, enterprises were more or less settled in their shift to remote work or hybrid work models. However, this also meant allowing more external devices to connect to the corporate network and thereby expanding the attack surface.
The data showed organizations in the survey had not been paying enough attention when securing unmanaged personal devices. Other key findings include:
- BYOD is here to stay
47% of respondents reported an increase of personal devices being used for work. As a result, 82% said they now actively enable BYOD to some extent. Challenges associated with managing device access and mobile security remain.
- Securing BYOD to prevent data loss/theft was a top concern
62% of respondents expressed concern over data leakage. Other apprehensions included users downloading unsafe apps or content (54%), lost or stolen devices (53%), and unauthorized access to company data and systems (51%).
- Respondents were running blind when securing BYOD devices
Some 22 % of organizations in the survey indicated that unmanaged devices have downloaded malware in the past 12 months. However, 49% indicated they were not sure or could not disclose whether the same could be said for them.
- Many respondents were securing BYOD with old tools
41% of respondents reported relying on endpoint malware protection for BYOD. Some 30% of respondents indicated that they did not protect against malware for BYOD at all.Some11% of respondents were using cloud-based malware protection measures.
Said the firm’s CTO, Anurag Kahol: “As enterprises begin to shift to hybrid work environments, personal devices will provide the flexibility and remote access that employees require. This new way of working, however, will undoubtedly stretch the resources of security teams. This is why enterprises (should) seriously rethink their approach to secure all forms of communication amongst users, devices, apps, or web destinations.”