Organisations are lacking skilled staff to secure mobile environments and deal with threats, despite growing security attacks.
SANS Institute instructor Raul Siles said that there is still a lack of awareness of the risks posed by mobile devices.
Siles, founder and senior security analyst at DinoSec, said: "The number of mobile devices in use at some organisations is starting to overtake fixed desktop PCs and laptops, yet budgets for mobile InfoSec training has not kept pace.
"This is a major issue although we are seeing some improvement especially as examples such as DarkHotel and others come to light."
Siles added that despite organisations using MDM systems to secure their networks, most are facing an ‘install and forget’ situation, which hampers the network despite taking security measures.
Siles said that organisations are also unable to enforce management and security policies on devices that are not completely under their control.
According to the security expert, many organisations are using security enhancements embedded within mobile device platforms, such as sandboxed applications, remote management and built-in encryption, but they are overlooking some of the most important issues which includes malicious and vulnerable applications that can compromise the devices.
Siles said: "The rapid pace of change within the mobile space is both a blessing and a security curse."
"With roughly 1.5 million applications for both Android and iOS, the amount of applications with malicious or unexpected behaviours or even applications that contain basic vulnerabilities is growing and many of the devices are lacking in features to effectively manage significant areas of risk."
He pointed out the weakness of mobile devices by saying that the lack of functionality to manage IPv6 and personal firewalls is where mobile devices lack credibility, and the second problem is the lack of experts who do not have the skill sets within organisations to secure mobile environments.
