Companies of all sizes are scrimping on mobile security, failing to use mobile device management, antivirus and anti-malware and practically inviting attacks, according to Verizon's Mobile Security Index report.
The report, based on 700 respondents from companies of all sizes, has a host of conflicting data points, but the common theme is that mobile security is lax. IBM MaaS360, MobileIron, Wandera and Lookout provided data and research for the report.
"The mobile security risk has grown in the last year or so," said Matt Montgomery, associate director at Verizon Enterprise Solutions. "As we have moved closer to the mobile device the same level of security you'd see with a laptop hasn't followed."
Indeed, enterprise tools such as firewalls, virtual private networks and encryption haven't found their way to the mobile device, said Montgomery. While bring your own device policies are one wrinkle to mobile security issues, enterprises simply aren't focused as much as they are on defending laptops, desktops and corporate networks from malware, ransomware, phishing and state actors.
Free PDF download: A Winning Strategy for Cybersecurity | How to write a good security policy for BYOD or company-owned mobile devices | Download now: Mobile device computing policy (Tech Pro Research) | Employees are the biggest risk to enterprise mobile device security, report says (TechRepublic)
"There's not as much discipline around mobile security," said Montgomery.
This snippet from the report tells the tale. A third of respondents said they have experienced a compromise involving a mobile device and many of those events have been serious and expensive to fix.
In addition, 63 percent of respondents said they were notified by a third party that they were compromised.
Verizon's data, compiled with various partners, found the following:
While Verizon found that respondents viewed mobile security a bit different than how they defend the overall enterprise, the motives and threats were no different. Employees were cited by 38 percent of the biggest security worries followed by organized crime, hactivists and state affiliated actors.
App threats, phishing and out-of-date operating systems were all big issues.
Verizon didn't break out mobile security incidents by mobile operating systems. Respondents managed a bevy of devices and had a split of mobile operating systems.
What to do: