Who is the weak link in mobile security? This study suggests it's the C-suite

A survey of IT pros and top execs found that IT is worried about the lax attitude their bosses have toward security.

5 things developers should know about data privacy and security

MobileIron has released a report that paints a troubling picture of tension between C-suite executives and IT decision makers when it comes to mobile device security. 

The findings, the report states, suggest "that C-suite executives often bypass their organization's mobile security protocols, putting businesses around the world at significant risk of a data breach and highlighting the need for newer technologies to allow employees to be secure and productive at the same time."

Why the C-suite feels above mobile security

The report describes the problem plainly, "C-level executives often view themselves as above their organization's security protocols." 

It found that 68% of executives surveyed claimed that IT security compromises their security, 62% said policies restrict device usability, and 42% said that IT security is a low priority for them. 

SEE: Security Awareness and Training policy (TechRepublic Premium)

Those beliefs have led to 76% of C-suite occupants bypassing their organization's security protocols to get something done faster in the past year, while at the same time saying (88% of respondents) that IT security is an essential part of protecting the reputation of their organizations. 

Further, 47% requested network access for unsupported devices, 45% asked to bypass multifactor authentication, and 37% wanted to access business data on an unauthorized app.

These attitudes are held by executives despite 84% saying that they were targeted by at least one cyberattack in the past year, with more than half of those attacks being phishing attempts. 

How IT sees the C-suite

The self-reported numbers from business executives don't put them in a positive light, at least from a cybersecurity perspective, and IT leaders seem to be picking up on that. 78% of IT professionals who responded to the survey said that the C-suite is most likely to be targeted by phishing attacks, and 71% say those same executives are the most likely in their organizations to fall for such an attack.

SEE: VPN: Picking a provider and troubleshooting tips (free PDF) (TechRepublic)

74% of IT respondents also say that C-suite executives are the most likely to ask for relaxed mobile security for themselves; all of these numbers combine to create a tense environment between IT and executives, said Brian Foster, MobileIron's SVP for product management.

"In today's modern enterprise, cybersecurity can't be an optional extra. Businesses need to ensure they have a dynamic security foundation in place that works for everyone within the organization," Foster said. 

What organizations need to do to fix mobile device security

C-suite executives have concerns that need to be addressed: Feeling like privacy is compromised by mobile security isn't a new complaint, after all, but neither is the idea that executives are bigger risks to organizational security.

Mobile security, the report concludes, needs to be a seamless experiences that's " easy to use,
ensuring that employees across the whole business can achieve maximum productivity without interruption, and without feeling that their own personal privacy is being compromised." 

MobileIron is a zero trust security provider that specializes in securing mobile devices, so it's no surprise that the report suggests implementing a zero trust approach, which can "significantly reduce the level of risk to [an] organization by taking complete control of data as it flows across devices, applications, networks and cloud services – no matter who in the business is trying to access it."

Also see

cxoistock000030494882small.jpg