Comprehensive iPass study unearths CEOs as “greatest risk” posed to enterprise security

Four-in-ten organisations believe that C-Level executives – including CEOs – are most at risk of being hacked when working outside of the office. That’s according to the findings of a new study conducted by iPass. Cafes and coffee shops were ranked as the highest risk venues by 42% of respondents from a list that also included airports (30%), hotels (16%), exhibition centres (7%) and aeroplanes (4%).

Compiling the responses of 500 organisations from the UK, the US, Germany and France, the annual iPass Mobile Security Report provides an overview of how companies are dealing with the ‘trade-off’ between security and the need to enable a mobile workforce.

The majority (93%) of respondents said they were concerned about the security challenges posed by a growing mobile workforce. Almost half (47%) suggested that they were ‘very’ concerned, up from 36% in 2016.

Furthermore, more than two thirds of organisations (68%) have chosen to ban employee use of free public Wi-Fi ‘hotspots’ to some degree (compared with a result of 62% in 2016), while 33% of organisations now ban employee use of such ‘hotspots’ at all times (which is up from 22% in 2016).

“The grim reality is that C-Level executives are at by far the greatest risk of being hacked outside of the office,” said Raghu Konka, vice-president of engineering at iPass. “They’re not your typical 9-5 office worker. They often work long hours, are rarely confined to the office and have unrestricted access to the most sensitive company data imaginable. They represent a dangerous combination of being both highly valuable and highly available. That being so, they’re a prime target for any cyber hacker.”

Konka added: “Cafes and coffee shops are everywhere and offer both convenience and comfort for mobile workers who flock to these venues for the free high-speed Internet as much as they do for the coffee. However, cafes invariably have lax security standards, meaning that anyone using these networks will be potentially vulnerable.”

Man-in-the-Middle attacks, whereby an attacker can secretly relay and even alter communications without the mobile user knowing, were identified by 69% of organisations as being of concern when their employees use public Wi-Fi. However, more than half of respondents also chose a lack of encryption (63%), unpatched operating systems (55%) and ‘hotspot’ spoofing (58%) as chief concerns.

BCI Cyber Security Report

The dangers that using public Wi-Fi creates was an issue raised in the Business Continuity Institute’s Cyber Security Report. Published during Business Continuity Awareness Week 2017, this document highlights several other areas in which users can leave their organisations vulnerable to a cyber attack.

Some of the other findings of the iPass report and regional trends include the following:

*US respondents (98%) are most concerned by the increasing number of mobile security challenges compared to France (88%), Germany (89%) and the UK (92%)

*nearly one-in-ten of UK organisations (8%) said that they have no security concerns when employees use public Wi-Fi ‘hotspots’ (in contrast, this figure is 1% in the US and Germany and 2% in France)

*UK organisations are the least likely to ban the use of public Wi-Fi (44% of UK respondents said that they have no plans to do so, as opposed to 8% in Germany, 10% in the US and 15% in France)

*75% of enterprises worldwide still allow or otherwise encourage the use of MiFi devices, although in France 29% of businesses have banned their usage due to security concerns

“Organisations are more aware of the mobile security threat than ever, but they still struggle to find the balance between security and productivity,” continued Konka. “While businesses understand that free public Wi-Fi ‘hotspots’ can empower employees to do their job and be more productive, they’re also fearful of the potential security threat. Man-in-the-Middle attacks were identified as the primary threat, but it must be recognised that the entire mobile attack surface is growing larger. Organisations must do their best to ensure that their mobile workers are securely connected at all times.”

Konka concluded: “Sadly, in response to this growing threat, the majority of organisations are choosing to ban first and think later. They ignore the fact that, in an increasingly mobile world, there are actually far more opportunities than threats. Rather than give in to security threats and enforce bans that can be detrimental or even unenforceable, businesses must instead ensure that their mobile workers have the tools to be online and work securely at all times.”

About the Author

Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications)

Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting.

In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector.

In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute’s George van Schalkwyk Award.

An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award.

Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site.

Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media.

Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014.

Related Posts