John mentioned CSI Sticks in the Network World article. Worth reading more on to educate yourself a bit about what they do:
Available here: http://www.csistick.com/. Note the list of devices isn't that large.
Even better (or worse, depending on your viewpoint) is this: http://www.cellebrite.com/.
So, the onus is more and more on the people implementing and supporting mobile phones in the enterprise to educate your users.
The greatest risk is, imo, human. Social engineering is a long-standing practice which gets used a lot for the simple reason that it works.
If I'm sitting next to you in the airport and ask to borrow your cellphone to let my wife know that my flight is delayed, the probability is really high that you'd agree. Where's the harm, eh?
If, however, you're not educated to the risks and make the simple mistake of not treating a corporate resource appropriately - exactly as you would, or rather should do with a laptop - you're opening the door to the bad guys.