Bitglass Report Shows Enterprises Increasingly at Risk from Enabling BYOD

A new Bitglass report shows that despite the surge in enterprises enabling bring your own device (BYOD), many are unprepared for the associated risks.

Bitglass’ 2021 BYOD Security Report show the rapid adoption of unmanaged personal devices connecting to work-related resources. It also highlights how organizations are ill-equipped to deal with growing security threats such as malware and data theft.

The Bitglass report is a joint venture with Cybersecurity Insiders. It surveyed hundreds of cybersecurity professionals across industries to better understand how COVID-19’s resulting surge of remote work has affected security and privacy risks introduced by the use of personal mobile devices.

The insights in this report are especially relevant. That’s because more enterprises are shifting to permanent remote work or hybrid work models. That means connecting more devices to corporate networks and, as a result, expanding the attack surface.

Enterprises Left Vulnerable

Anurag Kahol is CTO and co-founder of Bitglass.

Bitglass’ Anurag Kahol

“Despite 82% of enterprises enabling BYOD to some capacity, many are still highly unprepared for the risks associated with unmanaged devices,” he said. “Fifty-one percent of the surveyed organizations don’t have any means of identifying vulnerabilities associated with malicious Wi-Fi on personal devices. Even more surprisingly, 49% are unsure or unable to detect whether malware has been downloaded in the last 12 months.”

Key findings from the Bitglass report:

• BYOD is here to stay. Use of personal devices has helped businesses improve employee productivity and satisfaction, while also reducing costs. However, challenges associated with managing device access and mobile security remain.
• Securing BYOD to prevent data loss/theft is a top concern. Respondents are most concerned about data leakage. Other apprehensions included users downloading unsafe apps or content, lost or stolen devices, and unauthorized access to company data and systems.
• Enterprises are running blind when it comes to securing BYOD devices against modern security threats. For example, 22%  of organizations said they can confirm unmanaged devices downloaded malware in the past 12 months. However, nearly half said they aren’t sure or couldn’t disclose whether the same could be said for them. This lack of visibility can be detrimental to the overall business.
• Many organizations are securing BYOD with old tools versus modern threats. Some 41% of organizations reported relying on endpoint malware protection for BYOD. That approach isn’t ideal for personal devices, which are hard to control and manage.

Cybercriminals Targeting Remote Workers

“Without any security measures implemented to protect their remote workforce, organizations are vulnerable to data leakage or unauthorized access to corporate resources,” Kahol said. “Furthermore, criminals can easily take advantage of unsecured endpoints and conduct phishing attacks through email to infiltrate ransomware, which can result in data theft and disruption of business operations. This can lead to millions of dollars in damages and an irreparable brand reputation in the eyes of customers and consumers.”

It’s clear organizations lack full visibility and control across their multicloud enterprise network, he said.

“In fact, 45% are concerned with having no ability to control endpoint security,” Kahol said. “Enterprises must adopt flexible, robust security solutions that can offer a complete view of their resources without invading user privacy. Comprehensive cloud security platforms can help IT teams monitor for potential vulnerabilities and risks, while proactively preventing data leakage and unauthorized access by third parties — all from a single control point.”

The pandemic highlighted the inherent lack of cybersecurity among enterprises of all sizes, he said.

“Criminals are striking frequently, leveraging more sophisticated techniques to hack into corporate systems,” Kahol said. “Outdated security solutions, like firewalls, can no longer secure the hybrid workforce from emerging threats. As we embrace the new normal, companies that aren’t equipped with the appropriate security to safeguard their employee and enterprise data will continue to be susceptible to risks.”