A new report from Verizon found that organizations across multiple industries compromised mobile data security due to a lack of awareness about threats - or by placing a higher priority on getting products to market. The first annual Verizon Mobile Security Index 2018 seeks to raise awareness of the current mobile security landscape, and provide recommendations for protecting the mobile enterprise
More than 60 percent of respondents said a "lack of understanding of threats and solutions" was a barrier to mobile security, but nearly one-third "admitted to sacrificing mobile security to improve business performance."
"Think about that. One in three organizations that we work with, buy from, turn to for healthcare, and that govern the communities in which we live, have put speed and profit before the safety of their data — and our data," wrote Verizon Senior Vice President, Thomas Fox.
“As mobility becomes more integral to business operations in today’s digital economy – from supply chain management to IoT-enabled sensors to customer-facing mobile apps – protecting mobile platforms is critical,” continued Fox. “Securing the multitude of mobile devices that connect to public and private networks and platforms is paramount for protecting corporate assets and brand integrity.”
The Mobile Security Index report provides an in-depth look at the scale of the threats and what organizations are doing to improve their mobile security. Here are a few key findings from the report:
- Companies are sacrificing mobile security for expediency and business performance. And those that said they knew their organization did this were 2.4x more likely to have experienced data loss or downtime.
- Almost all respondents (93%) agreed that mobile devices present a serious and growing security threat. And 39% of organizations that allow employees to use their own devices for business purposes (known as BYOD) ranked this as their top concern.
- Despite this, many were failing to take basic precautions. Only one in seven organizations surveyed (14%) had implemented the most basic cybersecurity practices.
- Only 38% use strong two-factor authentication on their mobile devices; and, only 59% restrict which apps employees can download from the Internet to their mobile devices. Only 39% said they change all default passwords and over half (51%) didn’t have a public Wi-Fi policy.
- 79% said that disruption of their business operations is an even greater threat than the theft of data.
- 14% of respondents said they use public Wi-Fi for work tasks despite it being officially prohibited.
- Healthcare and the public sector were the two industries hit especially hard. 35% of healthcare organizations and 33% of public sector entities said they had suffered data loss or downtime due to a mobile device security incident.
As the use of mobile devices for business purposes continues to grow, so do the security threats to these devices. So how can you better secure your mobile enterprise? Verizon’s Mobile Security Index 2018 offered a comprehensive set of recommendations; including:
- Reduce the risk of malicious applications. Implement policies that dictate what apps can, and cannot, be downloaded. Also consider deploying application management software that scans apps for security vulnerabilities.
- Improve device management. Develop a formal Bring Your Own Device (BYOD) policy that implements device segmentation, deploys mobile endpoint security and threat detection to all devices, and ensures that all default passwords are changed.
- Increase user awareness. Include mobile device security training in your current cybersecurity training and awareness program. Regularly review employee access to systems and data; and, create an incident response plan to help reduce damage caused by a security incident.
- Reduce the use of less secure connections. Create and educate employees on your public Wi-Fi use policy. Change procurement policies to favor devices with 4G LTE over Wi-Fi. Consider deploying a VPN solution to all employee devices.
The survey, commissioned by Verizon, was conducted by an independent research company in the second half of 2017. It included more than 600 professionals involved in procuring or managing mobile devices for their organizations.
Additional information on mobile enterprise security practices is available on verizonenterprise.com.
Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.