Mobile Devices are Ubiquitous, and so are Cyberattacks
We all like to enjoy untethered freedom, as is shown by the incredible growth of mobile devices we use every day for business and personal activities.
We use mobile devices for buying products and services, and banking and investing. We download apps that allow us to connect with our favorite businesses and socially interact with friends and relatives. However, we often overlook the ‘dark alley at night’ side of security and privacy concerns when we’re traveling through these online pursuits.
In addition to mobile device ubiquity, they have also become more diversified, with smartphones, smartwatches, tablets, and other devices that use on-premises and cloud apps capable of accessing mission-critical corporate systems.
We have many reasons for concern
Even if a mobile device isn’t attached to a business system, hackers can capture user and machine credentials that can be gateways to obtaining access into corporate systems and data. Businesses are concerned, as is evidenced by Verizon’s 2021 Mobile Security Index Report, where two-thirds of surveyed respondents said risks associated with mobile devices had increased over the past year, and 50% say mobile device risks are growing faster than others.
Unfortunately, for any organization, when a cybersecurity breach impacts corporate assets, and compromises customer data, the results can be devastating. The fallout can include lost revenue, business disruption, diminished customer loyalty, and loss of brand equity.
Businesses are now making cybersecurity and data privacy top-priorities. With growing cybersecurity attacks, there is a continuous need to stay ahead of bad actors. As the COVID-19 pandemic spread throughout the world, hackers took advantage of the expanding attack surfaces, as work from anywhere became the defacto corporate norm. They quickly leapt on this massive shift as an opportunity to use new and more creative phishing attacks that exploit our human and technology weaknesses.
Verizon Mobile Security Index Report for 2021
Verizon recently released their 2021 Mobile Security Index Report. It covers mobile device threats, the defenses companies are putting in place, and how those defenses are being compromised.
The report surveyed 856 professionals responsible for procuring, managing and securing mobile devices. Verizon also worked with leaders in the mobile security industry, including Ivanti, to contribute data. The report is intended to help businesses better understand the mobile security environment and its risks, and provide information that will help them strengthen their mobile security postures.
Mobile devices continue to be high risk targets
Mobile devices are prone to the same attacks as other digital equipment. However, they also have their own inherent challenges, with small screens that make it more difficult to spot malicious emails and phishing websites. The mobile devices we carry have more of a tendency to get lost or stolen. They are susceptible to eavesdropping as well, since we frequently use our devices in public settings.
The report found one in five surveyed companies experienced a compromise involving a mobile device in the past 12 months. These compromises led to loss of data or significant disruption to business operations. And the threats are growing, even as the companies are unaware that they are happening. They either didn’t see them, or they haven’t had the time to fully trace them back to the sources involved.
Work from anywhere has greatly exacerbated security risks
The COVID-19 response was the most cited reason for sacrificing mobile device security. The pandemic forced workers out of the office and into their homes. Organizations now rely upon employees using their personal devices to access corporate resources and systems. In fact, 79% of organizations saw a remote work increase. Unfortunately, nearly half of the respondents admitted their company had knowingly cut corners on mobile device security. Of those remaining, 38% came under pressure to cut corners.
Because mobile devices are a critical component of any business, it is imperative organizations take proactive steps to protect them. A mobile threat detection, or MTD, solution can detect and block phishing attempts however they are instigated, including via apps, social media and even QR codes.
Leveraging a zero trust model to support the vanishing perimeter
The traditional way of thinking about security perimeters has dramatically changed. Just as a moat is no longer a great defense today, traditional security perimeter-focused IT security is a weak defense for today’s perimeter-less business environments.
The thinking behind zero trust network access (ZTNA) can also be defined as “trust no one”. ZTNA creates an extreme level of tunnel vision, where users can only see what they’ve been given specific access to. ZTNA isn’t a technology; it’s a security framework, and requires multiple technologies to implement.
A strong security posture needs to include mobility and cloud access as key components of the digital strategy. In doing so, mobile device security will become more seamless to improve the user experience, giving them greater confidence that their data and privacy are safe, while at the same time, adding visibility and management control for organizations to protect their digital business assets.