Mobile security is one of those many things that tends to fall into the category of being out of sight means being out of mind. It’s often not until mobile devices connect to a corporate network that IT staff start to become concerned about what connections a user of a mobile device might have been making since the last time that device was attached to the corporate network.
A new Mobile Security Index Report published by Verizon details the extent of the challenge. A full 85 percent of respondents said their businesses face at least a moderate risk from mobile security threats; with over a quarter (26%) identifying mobile security as a significant risk.
Just under three quarters also say those risks have increased in the last year and 73 percent say they expect those risks to increase in the coming year. Over a quarter (27%) said that during the past year their company experienced a security incident resulting in data loss or system downtime where mobile devices played a key role. An additional eight percent said that while they hadn’t, one of their suppliers had.
At the same time, a full 83 percent of respondents agreed that organizations are complacent when it comes to mobile security. Reasons cited span the usual gamut of lack of funding to inattention of senior leaders. Almost a third (32%) also admit to having sacrificed mobile security to improve expediency and/or business performance
The Verizon report finds less than two fifths (39%) change all default passwords. Only 38 percent use strong/two-factor authentication on their mobile devices. Less than half (49%) have a policy regarding the use of public Wi-Fi, and even fewer (47%) encrypt the transmission of sensitive data across open, public networks. Only 59 percent restrict which applications employees can download, the report finds.
The report also finds that less than half (47%) said their organization uses device encryption. Only a third (33%) use mobile endpoint security and less than a third (31%) are employing mobile device or enterprise mobility management (MDM or EMM).According to a recent survey, less than 40% of companies change default #wireless and #mobile passwords. Click To Tweet
Progress when it comes to mobile security has been slow. The Verizon report notes 61% of the respondents said that spending on mobile security had increased in the past year. But only 10 percent said it had increased significantly at a time when usage of mobile computing devices is now pervasive.
Mobile devices are generally not the primary target of a cyberattack. Cybercriminals generally view them as a distribution mechanism. Once malware gets loaded on to a mobile device it starts to move laterally across an organization. Firewalls will catch a lot of it. But it’s hard to detect malware in a file that has been downloaded directly by an end user.
Mobile are arguably supposed to be the first line of layered approach to cybersecurity. It puts a lot of undue pressure on the rest of cybersecurity defenses when that first line is easily bypassed. The whole point of a defense strategy is to fight as much of the battle beyond the perimeter as possible. After all, anything that occurs at the perimeter or beyond means by definition some form of damage is being inflicted.