Companies of all sizes are scrimping on mobile security, failing to use mobile device management, antivirus and anti-malware and practically inviting attacks, according to Verizon's Mobile Security Index report.
The report, based on 700 respondents from companies of all sizes, has a host of conflicting data points, but the common theme is that mobile security is lax. IBM MaaS360, MobileIron, Wandera and Lookout provided data and research for the report.
"The mobile security risk has grown in the last year or so," said Matt Montgomery, associate director at Verizon Enterprise Solutions. "As we have moved closer to the mobile device the same level of security you'd see with a laptop hasn't followed."
Indeed, enterprise tools such as firewalls, virtual private networks and encryption haven't found their way to the mobile device, said Montgomery. While bring your own device policies are one wrinkle to mobile security issues, enterprises simply aren't focused as much as they are on defending laptops, desktops and corporate networks from malware, ransomware, phishing and state actors.
Free PDF download: A Winning Strategy for Cybersecurity | How to write a good security policy for BYOD or company-owned mobile devices | Download now: Mobile device computing policy (Tech Pro Research) | Employees are the biggest risk to enterprise mobile device security, report says (TechRepublic)
"There's not as much discipline around mobile security," said Montgomery.
This snippet from the report tells the tale. A third of respondents said they have experienced a compromise involving a mobile device and many of those events have been serious and expensive to fix.
In addition, 63 percent of respondents said they were notified by a third party that they were compromised.
Verizon's data, compiled with various partners, found the following:
- 83 percent said their companies was at risk from a mobile threat with 29 percent citing a serious risk.
- 86 percent said mobile threats were growing more quickly than other attacks.
- 48 percent said they have put speed and profit above mobile security.
- Employee owned mobile devices were cited as the biggest enterprise concern followed by company-owned devices. It's worth noting that Internet of things devices also made a showing.
While Verizon found that respondents viewed mobile security a bit different than how they defend the overall enterprise, the motives and threats were no different. Employees were cited by 38 percent of the biggest security worries followed by organized crime, hactivists and state affiliated actors.
App threats, phishing and out-of-date operating systems were all big issues.
Verizon didn't break out mobile security incidents by mobile operating systems. Respondents managed a bevy of devices and had a split of mobile operating systems.
What to do:
- Research: Employee compliance is the main challenge to implementing cybersecurity strategy
- Five emerging cybersecurity threats you should take very seriously in 2019
- The hacking strategies that will dominate in 2019
- How AI and machine learning can help you defend the enterprise from cyberattacks
- Two cybersecurity myths you need to forget right now, if you want to stop the hackers
- Improve your cybersecurity strategy: Do these 2 things
- Cybersecurity in an IoT and mobile world: The key trends
- Free PDF download: Cybersecurity in an IoT and mobile world
- Infographic: Almost half of companies say cybersecurity readiness has improved in the past year
- Cyberweapons are now in play: From US sabotage of a North Korean missile test to hacked emergency sirens in Dallas
- Five nightmarish attacks that show the risks of IoT security
- Ten best practices for securing the Internet of Things in your organization
- Five pitfalls to avoid in mobile and IoT security