Security risks from mobile devices have increased since last year, according to Verizon’s Mobile Security Index 2019.
In this article, you’ll learn how mobile can be an effective way for bad actors to infiltrate your organization.
Compared to last year, 69% of organizations say the threat from mobile has grown.
“This reflects not just greater appreciation of the threats,” write the report’s authors, “but also the growing reliance on mobile devices and their increased access to other corporate resources.”
Companies of all sizes shared widespread agreement that they need to do more with securing mobile devices:
Further, the top three industries with the least amount of confidence in the security of mobile devices compared to other systems were:
Compromises involving mobile devices were up from 27% in the 2018 report.
Not surprisingly, companies with tighter controls (24%) on mobile devices suffered fewer compromises than those with more lax controls (46%).
“These weren’t trivial, nuisance incidents,” the report points out.
More than two-fifths (41%) of organizations described their compromise as “major with lasting repercussions.” These include:
An overwhelming majority of organizations failed to take basic security precautions, such as:
In fact, the number of organizations that had all four of these protections in place fell 2% from last year’s report.
“Many threats come down to things that users do,” Verizon points out.
It’s surprising, then, that many AUPs have gaps when it comes to addressing:
Verizon highlights a case study in which the mere rollout of a mobile policy management solution (without any added controls) saw personal use drop by a third and increase time spent on business apps. “Just knowing that monitoring would be happening was enough to change behavior,” the report says.
Phishing is one of the most common mobile-related compromises, and mobile users are more vulnerable to phishing attacks.
Because organizations typically block email-based attacks, attackers have developed automated tools and botnets to penetrate security systems through other channels, such as messaging apps, social media, games, and productivity apps.
Cryptojacking occurs when an unauthorized third party mines a device for cryptocurrency.
“Infections are typically invisible and don’t steal data or hijack credentials,” says Verizon. “But they aren’t harmless.”
A mobile security firm found that cryptojacked devices’ operating times held less of a charge—up to a 65% cut— compared to healthy ones.
Employees access an average of 12 Wi-Fi hotspots a day, often swapping security for convenience.
Despite organizations prohibiting the use of public Wi-Fi for work purposes, roughly 4 out of 5 employees did anyway.
Fully 76% of respondents said Internet Of Things devices were the biggest threat.
This is because they:
For more information on the threats your organization may face from mobile devices, download the Verizon Mobile Security Index 2019 for free.