Mobility has rapidly moved into the mainstream of the enterprise and changed IT and business processes in profound ways. Today, it's next to impossible to find an organization that doesn't incorporate at least some mobile devices—smartphones, tablets and laptops—into the fabric of the business. In fact, according to various industry statistics, somewhere in the neighborhood of 90 percent of companies have adopted some form of bring your own device (BYOD). Yet, despite rapid adoption and a growing focus on mobility, many business and IT executives cling to myths and misconceptions. In many cases, organizations are adopting strategies and security protections that aren't in the best interests of the organization, points out Bill Conner, CEO of security firm Entrust. He believes that it's critical to understand the current state of mobility and to build a strategy and protections around actual risks. To clarify things, Entrust has provided the following common myths about mobile security, along with a fact-based explanation of the true situation.

Crisis management will get you through the initial impact of a disaster, but you need a comprehensive business continuity program to sustain you beyond 48 hours.

An effective executive risk council can help reduce the impact of a potentially devastating cyber-attack, and maintain that ever-important bond of trust.

Two themes emerge from Verizon's "2013 Data Breach Investigations Report." First, a substantial increase in the number of partners that contributed threat data—18 cyber-enforcement entities from around the world, up from just four a year earlier—appears to have brought more balance to the findings. Second, there are stronger patterns behind security breaches than previous reports had indicated. Specifically, more than two-thirds of all breaches investigated by Verizon fell into one of three categories: physical attacks on automated teller machines (ATMs); penetration techniques such as phishing, malware and hacking; and point-of-sale "smash-and-grab" attacks. "While some may argue that we are dealing with an intelligent and adaptive adversary, the data tells us that adaptation isn't necessary for many of these attackers," the report's authors write. "Treating our adversaries as random and unpredictable is counterproductive. We may be able to reduce the majority of attacks by focusing on a handful of attack patterns." The data set for this year's report represents more than 47,000 reported security incidents in 27 countries, including 621 confirmed data disclosures, 421 of which fell into one of the above-mentioned categories.