prev
next
out of 5

Global Study on Mobility Risks - Singapore

Embed Size (px)

Citation preview

  • 8/2/2019 Global Study on Mobility Risks - Singapore

    1/5Ponemon Institute Research Report

    Sponsored by Websense, Inc.

    Independently conducted by Ponemon Institute LLC

    Publication Date: February 2012

    Global Study on Mobility RisksSurvey Results for: Singapore

    Ponemon Institute Private & Confidential Document

  • 8/2/2019 Global Study on Mobility Risks - Singapore

    2/5

    Global Study on Mobility RisksSurvey of IT & IT Security Practitioners in Singapore

    Executive SummaryFebruary 2012

    Part 1: Introduction

    Mobile devices area mixed blessing for employees, and a mixed blessing for organizations, but fordifferent reasons. Smartphones allow workers much more flexibility in managing their schedules,but at the cost of always finding themselves at work. Who among us has not answered work emailsfrom the dinner table, waiting in line at a store, even from the car, and probably every room of thehouse?

    And organizations reap huge benefits from having near-instant responses even outside of workhours, but they simultaneously open the door to unprecedented loss of sensitive data. As laptops,iPhones, Androids, iPads, and USB drives increase in sophistication, they can do more and more,and they become more and more popular, but they also greatly increase the risk to anorganizations networks, sensitive data, and ultimately, profits and reputation.

    And so it is little wonder that quite a few security experts1

    have designated smartphones and othermobile devices as one of themost serious threat vectors for an organization. This is partiallydue tothe nomadic work life of employees. Sensitive data on mobile devices travelsphysically andelectronicallyfrom the office to home and other off-site locations. According to a previousPonemon Institute study of 116 organizations, 62 percent of mobile data-bearing devices that werelost or stolen contained sensitive or confidential information.2

    IT has years of experience locking down desktops and encrypting laptop hard drives. Now thatmobile devices are proliferating as corporate tools, the huge new exposure to data theft and losscannot be ignored. According to a previous Ponemon Institute survey, IT respondents said 63percent of breaches occurred as a result of mobile devices. And only 28 percent said employeedesktop computers were the cause.3

    On the electronic front, mobile attacks are getting more sophisticated and effective. In the comingyear, we expect to see targeted device attacks from malware, spyware, maliciousdownloads/mobile apps, phishing, and spam. Because of their ubiquity and disruptive growth,

    Androids and iPhones have emerged as particularly popular platforms for attack.

    To help IT security professionals plan for an increasingly mobile electronic workforce, Websense,Inc. and Ponemon Institute have created thisGlobal Study on Mobility Risks. We define mobiledevices as laptops, USB drives, smartphones and tablets.

    We surveyed 4,640 IT and IT security practitioners in the United States, United Kingdom, Australia,Brazil, Canada, France, Germany, Hong Kong, Italy, India,Mexico, and Singapore. Fifty-fourpercent are supervisors or above, 42 percent are employed by organizations with more than 5,000employees, and they have an average tenure of 10 years. In this report we feature a summary offindings from the 259 respondents who participated in the Singapore study.

    1Dr. Larry Ponemon and Stanton Gatewood, Ponemons Predictions: Trends in IT Security, Webinar sponsored by ArcSight,

    May 17, 20112

    Ponemon Institutes security tracking study of 116 global companies with a special carve-out on mobile-connected devices

    used by employees, conducted September 2010 through March 20113Ponemon Institute, Perceptions about Network Security, Sponsored by Juniper Networks, June 2011

    Ponemon Institute Research Report Page 2

    2

  • 8/2/2019 Global Study on Mobility Risks - Singapore

    3/5

    Part 2. Key Findings

    Due to the importance of mobile devices for business reasons, more organizations needto have the necessary security controls in place.Seventy-five percent of respondents say

    that employee use of mobile devices is essential or very important to their organizations abilityto meet its business objectives.

    Seventy-eight percent acknowledge that employee use of these devices represents a seriousrisk to their organizations.Because of their many benefits, mobile devices will continue to beubiquitous in the workplace. Restricting their use is not an option, so organizations need toaddress the risk through policies, processes, and enabling technologies.

    Insecure mobile devicesincluding laptops, smartphones, USB devices, and tabletsincrease rates of malware infections. Sixty-four percent of respondents say that over thepast 12 months, their organizations experienced an increase in malware infections as a resultof insecure mobile devices in the workplace, with another 7 percent unsure.

    Forty-nine percent of respondents say that mobile devices are responsible for an increase ofmore than 50 percent in malware infections. Two percent does not know.

    Many organizations had data loss or serious exploits resulting from employee use ofinsecure mobile devices. Forty-five percent of respondents say that their organizationsexperienced a data breach due to insecure mobile devices, and 22 percent are unsure.We alsoasked respondents to indicate the consequences of mobile data breaches. Forty-three percentsay it was theft, removal, or loss of information and/or other resources and 35 percent say itwas disclosure of private or confidential information.

    Many organizations have a policy that addresses the acceptable or unacceptable use ofmobile devices by employees.Fifty-two percent of respondents say that their organizationshave a policy that addresses the acceptable or unacceptable use of mobile devices byemployees and 73 percent say the policy is enforced. Fourteen percent are unsure.

    If there is no enforcement of these policies, it is due to lack of governance and oversight (64percent) orother security issues are a priority (45 percent).Forty-one percent cite insufficientresources to monitor compliance.

    Security settings and controls at the device level are required in many organizations butare often turned off. Sixty percent of organizations require mobile devices used in theworkplace to have appropriate security settings and controls at the device level. Thirty-sevenpercent do not require security settings and 3 percent are unsure. Fifty-five percent say thattheir employees circumvent or disengage security features such as passwords and key locks.Only 38 percent say employees are compliant and do not engage in this practice. Sevenpercent are unsure.

    Diminished bandwidth followed by a decrease in employee productivity are consideredthe most negative consequences of insecure mobile devices.Seventy-three percent saythat keeping up with the need to increase bandwidth, as a result of insecure mobile devices,has already occurred or is very likely to occur.This is likely due to the explosion in mobile mediaand the sharing of videos, music, and applications.

    Seventy percent of respondents say atop negative consequence of mobile devices is adiminishment in employee productivity. Sixty-three percent of respondents believe that a

    Ponemon Institute Research Report Page 3

    3

  • 8/2/2019 Global Study on Mobility Risks - Singapore

    4/5

    negative consequence that has already happened or is likely to happen is the loss ofconfidential information or violation of confidentiality policy.

    To mitigate the risks created by mobile devices, certain technologies are preferred.The technologies considered essential or very important by respondents are: device levelencryption, anti-malware and identity and access management.

    According to Websense, many companies make significant investments in encryption andendpoint security to protect sensitive data, but they often dont know how/what data is leavingthrough insecure mobile devices. Traditional static security solutions such as antivirus,firewalls, and passwords are not effective at stopping advanced malware and data theft threatsfrom malicious or negligent insiders. To safely permit corporate use of mobile devices,organizations need data loss prevention technology that knows where critical data is saved,who is accessing it, how its attempting to leave, and where its going.

    Real-time malware intelligence is also necessary because cybercriminals change their tacticsfaster than traditional security updates are pushed out. Websense recommends thatorganizations proactively deploy real-time anti-malware technology via cloud services thatcontinually analyzes and re-analyzes websites and mobile applications. Using cloud securityservices enables organizations to protect remote users anytime and anywhere. For more

    information, read A 3-Step Plan for Mobile Security.

    The use of personal mobile devices is putting organizations at risk. Ninety-three percentof respondents say that their organizations allow employees to use their personal devices toconnect to corporate email. Seventy-one percent permit access to personal (web-based) emailand 68 percent allow access to business applications.

    According to respondents, personal devices are posing just as much risk as insecure corporatemobile devices. Fifty-six percent say that their organization has experienced an increase inmalware infections as a result of personallyowned mobile devices used in the workplace. Fifty-four percent say that more confidential data has been lost as a result of these devices, while 22percent are unsure.

    Organizations worry about employees using their mobile device to take photos or videosin the workplace. Sixty-two percent of respondents say that this practice is frowned upon bytheir organizations and is considered unacceptable. Other unacceptable practices includedownloading and using internet apps (45 percent) and downloading confidential data onto thedevice (42 percent).

    Part 3:Summary and recommendations

    In every part of the globe, IT and IT security practitioners recognize the positive impact that mobilitybrings to productivity. Benefits include 24/7 access to email, corporate documents, and otheressential information. The challenge is how to ensure that mobile device use does not jeopardizethe security of sensitive and confidential information.

    Here are five recommendations on how to effectively manage security technology and enjoy thebusiness benefits of mobile devices:

    Understand the risk that mobile devices create in the workplace. Conduct a risk assessment tounderstand what practices may be putting your organization at risk, such as storing largeamounts of confidential data that are at high risk for data leakage and loss.

    Educate employees about the importance of safeguarding their mobile devices. Risky behaviorincludes downloading apps and free software from unsanctioned online stores that may contain

    Ponemon Institute Research Report Page 4

    4

    http://www.websense.com/assets/white-papers/MobileSecurity_WhitePaper_Final.pdfhttp://www.websense.com/assets/white-papers/MobileSecurity_WhitePaper_Final.pdfhttp://www.websense.com/assets/white-papers/MobileSecurity_WhitePaper_Final.pdf

  • 8/2/2019 Global Study on Mobility Risks - Singapore

    5/5

    malware, turning off security settings, not encrypting data in transit or at rest, and not promptlyreporting lost or stolen devices that may contain confidential and sensitive information.

    Create a comprehensive mobile device policy (including detailed guidelines) for all employeesand contractors. The policy should address the risks and the security procedures that shouldbe followed.

    Use enabling technologies to detect and prevent data theft and mobile malwaredanger.Implement layers of security where device management capabilities are supplementedby advanced secure access controls, threat protection provided by cloud services, and datatheft protection at the endpoint to identify valuable intellectual property and protect it.

    Usepolicy controls to keep productivity and resource utilization in check.

    Ponemon InstituteAdvancing Responsible Information Management

    Ponemon Institute is dedicated to independent research and education that advances responsibleinformation and privacy management practices within business and government.Our mission is to conducthigh quality, empirical studies on critical issues affecting the management and security of sensitiveinformation about people and organizations.

    As a member of the Council of American Survey Research Organizations (CASRO), we uphold strictdata confidentiality, privacy and ethical research standards.We do not collect any personally identifiableinformation from individuals (or organization identifiable information in our business research).Furthermore, we have strict quality standards to ensure that subjects are not asked extraneous, irrelevantor improper questions.

    Ponemon Institute Research Report Page 5

    5


Future Mobility in Singapore Turning Disruptions into ... · Corporation and ST Kinetics signed an agreement in April 2017 to develop and trial 4 mobility-on-demand vehicles (MODVs)

Future Mobility in Singapore Turning Disruptions into ... · Corporation and ST Kinetics signed an agreement in April 2017 to develop and trial 4 mobility-on-demand vehicles (MODVs)

Documents
Social Insurance: Pooling Risks for a More Inclusive … Insurance.pdf · Social Insurance: Pooling Risks for a More Inclusive Singapore Donald Low Vice President, ... It is defined

Social Insurance: Pooling Risks for a More Inclusive … Insurance.pdf · Social Insurance: Pooling Risks for a More Inclusive Singapore Donald Low Vice President, ... It is defined

Documents
Macro outlook 2017 - Moore Stephens...Macro outlook 2017: Global recovery underway, but there are downside risks Private Banking Singapore July 2013 Private Banking Singapore Song

Macro outlook 2017 - Moore Stephens...Macro outlook 2017: Global recovery underway, but there are downside risks Private Banking Singapore July 2013 Private Banking Singapore Song

Documents
Rani Sakaya Johns Global Mobility Partner PwC Singapore

Rani Sakaya Johns Global Mobility Partner PwC Singapore

Documents
Transnational higher education in Singapore: Cultures of Education, Youth and Mobility

Transnational higher education in Singapore: Cultures of Education, Youth and Mobility

Documents
Managing Risks in Six Sigma Implementation - Axiom, Inc. · PDF fileManaging Risks in Six Sigma Implementation LSS IQPC Conference, Singapore 17-20 May 2010 ... Before Six Sigma, project

Managing Risks in Six Sigma Implementation - Axiom, Inc. · PDF fileManaging Risks in Six Sigma Implementation LSS IQPC Conference, Singapore 17-20 May 2010 ... Before Six Sigma, project

Documents
The Security Challenges · enterprise mobility altogether. However, that isn’t a good strategy, either. Enterprise mobility is now a fact of life, security risks and all. The good

The Security Challenges · enterprise mobility altogether. However, that isn’t a good strategy, either. Enterprise mobility is now a fact of life, security risks and all. The good

Documents
Talent Development and Mobility: The case of Singapore · Talent Development and Mobility: The case of Singapore ... entrepreneurial people from around the world. ... Ppt0000011.ppt

Talent Development and Mobility: The case of Singapore · Talent Development and Mobility: The case of Singapore ... entrepreneurial people from around the world. ... Ppt0000011.ppt

Documents
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility

Documents
ADVANCED AIR MOBILITY IN SINGAPORE

ADVANCED AIR MOBILITY IN SINGAPORE

Documents
Copyright ©2012 Infinitive 1 Governance of Social Media & E-Mobility Risks #CPESOX 1

Copyright ©2012 Infinitive 1 Governance of Social Media & E-Mobility Risks #CPESOX 1

Documents
Bian Guanxi Networks and Job Mobility China Singapore

Bian Guanxi Networks and Job Mobility China Singapore

Documents
Future Mobility in Singapore Turning Disruptions into

Future Mobility in Singapore Turning Disruptions into

Documents
Machinery All Risks Insurance...Machinery All Risks Insurance 3 Temasek Avenue #16-01 Centennial Tower Singapore 039190 +65 6804 6000 GAIC.com.sg We Protect. You Decide

Machinery All Risks Insurance...Machinery All Risks Insurance 3 Temasek Avenue #16-01 Centennial Tower Singapore 039190 +65 6804 6000 GAIC.com.sg We Protect. You Decide

Documents
Singapore Banking Review - PwC...Bucking the trend | Banking Review 2019 7What can Singapore banks do to mitigate downside risks? Scenario 1: Zero interest rates. There is unfortunately

Singapore Banking Review - PwC...Bucking the trend | Banking Review 2019 7What can Singapore banks do to mitigate downside risks? Scenario 1: Zero interest rates. There is unfortunately

Documents
TelAviv Nov2016 v6 - Fuelfuelchoicessummit.com/Portals/37/Ben Akiva.pdf · Smart&Mobilityin&Singapore& 2 Source: SMART Mobility 2030: ITS Strategic Plan for Singapore, Land Transport

TelAviv Nov2016 v6 - Fuelfuelchoicessummit.com/Portals/37/Ben Akiva.pdf · Smart&Mobilityin&Singapore& 2 Source: SMART Mobility 2030: ITS Strategic Plan for Singapore, Land Transport

Documents
CIGNEX Datamatics & Liferay roadshow in Singapore – Feb 27, 2014 - Powering Mobility and UXP with Liferay Enterprise Portal

CIGNEX Datamatics & Liferay roadshow in Singapore – Feb 27, 2014 - Powering Mobility and UXP with Liferay Enterprise Portal

Technology
The governance of risks in ridesharing: Lessons …2 The governance of risks in ridesharing: Lessons learned from Singapore Yanwei Li*, Araz Taeihagh**,1, * Nanjing Normal University,

The governance of risks in ridesharing: Lessons …2 The governance of risks in ridesharing: Lessons learned from Singapore Yanwei Li*, Araz Taeihagh**,1, * Nanjing Normal University,

Documents
Global Workforce and Mobility: Opportunities and Risks. ogletreedeakins.com Presented By: Bernhard Mueller (Columbia, SC)

Global Workforce and Mobility: Opportunities and Risks. ogletreedeakins.com Presented By: Bernhard Mueller (Columbia, SC)

Documents
Preventing security risks in real time - IBM - United States the emergence of cloud, mobility, social business, big ... As a result, risks posed to confidential or proprietary

Preventing security risks in real time - IBM - United States the emergence of cloud, mobility, social business, big ... As a result, risks posed to confidential or proprietary

Documents
HR legal risks - EY · HR legal risks In the globalized world of mobility, outsourcing and freelancing, do you know who your “employees” are? 26–29 October 2014

HR legal risks - EY · HR legal risks In the globalized world of mobility, outsourcing and freelancing, do you know who your “employees” are? 26–29 October 2014

Documents
Intergenerational Income Mobility In Singapore Articles/IG... · 2018-01-18 · 1 Intergenerational Income Mobility In Singapore Yip Chun Seng1 Ministry of Finance 1 I acknowledge

Intergenerational Income Mobility In Singapore Articles/IG... · 2018-01-18 · 1 Intergenerational Income Mobility In Singapore Yip Chun Seng1 Ministry of Finance 1 I acknowledge

Documents
A foresight study on urban mobility: Singapore in 2040

A foresight study on urban mobility: Singapore in 2040

Documents
Singapore bunkering updateclaims risks for bunker buyers, whether shipowners or charterers, against the highly regulated backdrop of bunkers supply in Singapore. The regulatory backdrop

Singapore bunkering updateclaims risks for bunker buyers, whether shipowners or charterers, against the highly regulated backdrop of bunkers supply in Singapore. The regulatory backdrop

Documents
Managing mobility in a world reshaped by BEPS - pwc.lu · managing the wider risks, such as corporate risks, immigration, social security managing costs, particularly whilst still

Managing mobility in a world reshaped by BEPS - pwc.lu · managing the wider risks, such as corporate risks, immigration, social security managing costs, particularly whilst still

Documents
RUPE, RACHEL, M.A. The Geography of Mobility and Aging in ... · Orcas Island, Washington attracts an increasing aging population that risks decreased mobility due to its limited

RUPE, RACHEL, M.A. The Geography of Mobility and Aging in ... · Orcas Island, Washington attracts an increasing aging population that risks decreased mobility due to its limited

Documents
Tackling future urban mobility demand in singapore

Tackling future urban mobility demand in singapore

Environment
Bangladesh to Saudi Arabia & Singapore · Bangladesh to Saudi Arabia & Singapore IOM workshop "Making Global Mobility a Catalyst for Development" A Migrant Worker Story ... The Destination

Bangladesh to Saudi Arabia & Singapore · Bangladesh to Saudi Arabia & Singapore IOM workshop "Making Global Mobility a Catalyst for Development" A Migrant Worker Story ... The Destination

Documents
SINGAPORE STANDARD ON AUDITING (REVISED) Identifying and ... · Singapore Standard on Auditing (SSA) 315 (Revised), “Identifying and Assessing the Risks of Material Misstatement

SINGAPORE STANDARD ON AUDITING (REVISED) Identifying and ... · Singapore Standard on Auditing (SSA) 315 (Revised), “Identifying and Assessing the Risks of Material Misstatement

Documents
Intergenerational Mobility in Singapore: Lessons from International Research

Intergenerational Mobility in Singapore: Lessons from International Research

Documents