Companies of all sizes are scrimping on mobile security, failing to use mobile device management, antivirus and anti-malware and practically inviting attacks, according to Verizon's Mobile Security Index report.
The report, based on 700 respondents from companies of all sizes, has a host of conflicting data points, but the common theme is that mobile security is lax. IBM MaaS360, MobileIron, Wandera and Lookout provided data and research for the report.
"The mobile security risk has grown in the last year or so," said Matt Montgomery, associate director at Verizon Enterprise Solutions. "As we have moved closer to the mobile device the same level of security you'd see with a laptop hasn't followed."
Indeed, enterprise tools such as firewalls, virtual private networks and encryption haven't found their way to the mobile device, said Montgomery. While bring your own device policies are one wrinkle to mobile security issues, enterprises simply aren't focused as much as they are on defending laptops, desktops and corporate networks from malware, ransomware, phishing and state actors.
"There's not as much discipline around mobile security," said Montgomery.
This snippet from the report tells the tale. A third of respondents said they have experienced a compromise involving a mobile device and many of those events have been serious and expensive to fix.
In addition, 63 percent of respondents said they were notified by a third party that they were compromised.
Verizon's data, compiled with various partners, found the following:
83 percent said their companies was at risk from a mobile threat with 29 percent citing a serious risk.
86 percent said mobile threats were growing more quickly than other attacks.
48 percent said they have put speed and profit above mobile security.
Employee owned mobile devices were cited as the biggest enterprise concern followed by company-owned devices. It's worth noting that Internet of things devices also made a showing.
While Verizon found that respondents viewed mobile security a bit different than how they defend the overall enterprise, the motives and threats were no different. Employees were cited by 38 percent of the biggest security worries followed by organized crime, hactivists and state affiliated actors.
App threats, phishing and out-of-date operating systems were all big issues.
Verizon didn't break out mobile security incidents by mobile operating systems. Respondents managed a bevy of devices and had a split of mobile operating systems.