9 Stunning Facts From Verizon's Mobile Security Index 2019

Security risks from mobile devices have increased since last year, according to Verizon’s Mobile Security Index 2019. 

In this article, you’ll learn how mobile can be an effective way for bad actors to infiltrate your organization.

1. 83% Of Organizations Said They’re At Risk From Mobile Threats

Compared to last year, 69% of organizations say the threat from mobile has grown. 

“This reflects not just greater appreciation of the threats,” write the report’s authors, “but also the growing reliance on mobile devices and their increased access to other corporate resources.”

2. 85% Of Organizations Admit They Need To Take Mobile Device Security More Seriously

Companies of all sizes shared widespread agreement that they need to do more with securing mobile devices: 

• Small (100-499 employees): 87%
• Medium (500-2,499 employees): 83%
• Large (2,500+ employees): 85%

Further, the top three industries with the least amount of confidence in the security of mobile devices compared to other systems were:

• Financial services: 76%
• Manufacturing: 72%
• Retail: 64%

Financial institutions can either keep up with mounting regulations or fall behind and be punished. Learn more about IT compliance in banking. 

3. 33% Of Organizations Suffered A Compromise Involving A Mobile Device

Compromises involving mobile devices were up from 27% in the 2018 report. 

Not surprisingly, companies with tighter controls (24%) on mobile devices suffered fewer compromises than those with more lax controls (46%). 

“These weren’t trivial, nuisance incidents,” the report points out. 

More than two-fifths (41%) of organizations described their compromise as “major with lasting repercussions.” These include:

• Suffered downtime: 64%
• Had other devices compromised (58%)
• Lost data (52%)
• All of the above (23%)

4. Only 12% Of Organizations Had Four Basic Protections In Place

An overwhelming majority of organizations failed to take basic security precautions, such as:

1. Encrypting sensitive data on public networks
2. Regular testing of security systems
3. Restricting access 
4. Changing default passwords

In fact, the number of organizations that had all four of these protections in place fell 2% from last year’s report. 

5. Just Over One-Fifth of Organizations Have A Comprehensive Acceptable Use Policy (AUP)

“Many threats come down to things that users do,” Verizon points out. 

It’s surprising, then, that many AUPs have gaps when it comes to addressing:

• Mobile-specific content
• Unapproved apps
• Limits on personal use
• Unapproved networks
• Extreme/illegal content
• Adult content
• Gambling

Verizon highlights a case study in which the mere rollout of a mobile policy management solution (without any added controls) saw personal use drop by a third and increase time spent on business apps. “Just knowing that monitoring would be happening was enough to change behavior,” the report says.

6. 85% Of Phishing Attacks On Mobile Devices Take Place Outside Of Email 

Phishing is one of the most common mobile-related compromises, and mobile users are more vulnerable to phishing attacks. 

Because organizations typically block email-based attacks, attackers have developed automated tools and botnets to penetrate security systems through other channels, such as messaging apps, social media, games, and productivity apps.

7. 25% Of Companies Have Encountered Cryptojacking 

Cryptojacking occurs when an unauthorized third party mines a device for cryptocurrency. 

“Infections are typically invisible and don’t steal data or hijack credentials,” says Verizon. “But they aren’t harmless.” 

A mobile security firm found that cryptojacked devices’ operating times held less of a charge—up to a 65% cut— compared to healthy ones. 

8. 81% Of Employees Admitted To Using Public Wi-Fi For Work Tasks

Employees access an average of 12 Wi-Fi hotspots a day, often swapping security for convenience. 

Despite organizations prohibiting the use of public Wi-Fi for work purposes, roughly 4 out of 5 employees did anyway. 

9. IoT Devices Pose The Greatest Security Risk

Fully 76% of respondents said Internet Of Things devices were the biggest threat. 

This is because they:

• Often don’t have the same security features of smartphones.
• Don’t have the storage or processing capacity for traditional protection methods. 
• Can be susceptible to tampering, or be more difficult to patch if they are in remote locations. 

To see how your organization compares to the stats listed here, take a look at the four steps you can take to improve mobile security, or contact Integrity today. 

For more information on the threats your organization may face from mobile devices, download the Verizon Mobile Security Index 2019 for free.