A new report from Verizon found that organizations across numerous industries compromised mobile data security because of speed to market priorities and a lack of threat awareness according to survey respondents. As business usage of mobile devices, the Internet of Things and other mobile applications accelerates, Verizon’s inaugural Mobile Security Index 2018 seeks to raise awareness of the current mobile security landscape, including growing threats, and offer recommendations for protecting the mobile enterprise.
“As mobility becomes more integral to business operations in today’s digital economy – from supply chain management to IoT-enabled sensors to customer-facing mobile apps – protecting mobile platforms is critical,” said Thomas J. Fox, senior vice president with Verizon. “Securing the multitude of mobile devices that connect to public and private networks and platforms is paramount for protecting corporate assets and brand integrity.”
Key findings include:
- Nearly a third (32%) of organizations surveyed admitted to sacrificing mobile security to improve business performance.
- 93% of organizations agreed that mobile devices present a serious and growing threat. Also, 20% of surveyed organizations that use IoT devices cite these as their most significant concern.
- 79% said that disruption of their business operations is an even greater threat than the theft of data.
- 79% of the organizations fear that employee misuse, either accidentally or intentionally, is a significant concern. And 39% of organizations that allow employees to use their own devices for business purposes (known as BYOD) ranked this as their top concern.
- A majority of organizations (62%) feel that a lack of understanding of threats and solutions are a barrier to mobile security. Less than 1/3 of organizations (33%) use mobile endpoint security and less than half (47%) said they use device encryption. Only 31% are using Mobile Device Management (MDM) or Enterprise Mobility Management (EMM).
- Only one in seven organizations surveyed (14%) had implemented the most basic cybersecurity practices. Less than two fifths (39%) change all default passwords; only 38% use strong two-factor authentication on their mobile devices; and, only 59% restrict which apps employees can download from the Internet to their mobile devices.
- Though a number of vertical industries are represented in the study, healthcare and the public sector were hit especially hard. More than a third of healthcare organizations (35%) and 33% of public sector entities said they had suffered data loss or downtime due to a mobile device security incident.
The Index offers a comprehensive set of recommendations for protecting the mobile enterprise. Some of these include:
Reduce the risk of malicious applications: Implement policies that govern which apps can be downloaded by employees and create a custom app store to build a more secure environment. Also, deploy application management software that scans apps for vulnerabilities.
Improve device management: Ensure that all default passwords are changed; deploy mobile endpoint security and threat detection to all devices; and, implement Mobile Device Management (MDM) and Enterprise Mobility Management (EMM).
- Increase user/employee awareness: Implement a strong password policy and ensure adherence, provide regular security training and test employee awareness annually; regularly review employee access to systems and data; and, create an incident response plan to help reduce damage caused by a security incident.