With more and more employees getting work done on the go, mobile devices are quickly becoming a huge security risk for companies, new research shows.

A study by the Ponemon Institute, a security research center, and Lumension, a provider of end-point management and security, revealed that 75% of IT security professionals said mobile devices will pose the biggest threat to companies' security in 2014, up from just 9% who said the same in 2010. Additionally, 68% of respondents said their mobile devices have been targeted by malware in the last 12 months.

Larry Ponemon, chairman and founder of the Ponemon Institute, said he has seen the threat landscape fundamentally change over the last five years.

"Trending data shows increasing concern, year over year, over the explosion of mobile devices on the network," Ponemon said. "It's now IT's greatest risk."

Despite that finding, nearly half of the IT security professionals surveyed don't manage employee-owned mobile devices.

While they might pose the biggest risk, mobile devices aren't the only security threat organizations are facing. The study found that advanced persistent threats (APTs), which occur when a cybercriminal accesses a company's network in an attempt to steal data or cause damage, are also becoming a concern for IT professionals. This year, 39% of those surveyed said APTs, also known as targeted attacks, are one of the risks they're most worried about, up 55% in 2009.

Overall, 40% of IT security professionals reported that they were victims of a targeted attack in the last year. Among those, spear phishing emails sent to employees were identified as the No. 1 attack entry point.

The volume of malware also continues to be an escalating problem. The research found that 41% of IT professionals said they experience more than 50 malware attacks per month, up 15% from three years ago. In addition, nearly 70% said malware attacks are contributing significantly to rising operating costs.

C. Edward Brice, senior vice president of worldwide marketing for Lumension, said that as the end-point environment evolves, IT security strategy must evolve, too. He said rubber-stamping the security portfolio of years past shouldn't be an option, given how fluid organizations' data have become.

"Security technologies should be reviewed for this emerging threat landscape," Brice said. "User education is also critical."

The study was based on surveys of 676 IT and IT security practitioners with involvement in end-point security.

Image: Flickr, Jhaymesisvi Photography

This article originally published at BusinessNewsDaily here