The latest Mobile Security report from Verizon found that approximately one-third of organizations have knowingly sacrificed security for expediency or business
performance. According to their research, many businesses haven’t taken even the most basic security precautions to protect their data and core systems. This is alarming since, with the increase in mobile security risks, the danger of cyber attacks continues to grow.
Nothing is 100% secure, the challenge for those responsible for IT security is to reduce risk to an acceptable level.
The Mobile Security Index 2018 by Verizon gives an in-depth look at the mobile security risks and what you can do about them. It highlights the present landscape of the mobile security ecosystem, threats evolving and recommendations which can help businesses strengthen their mobile security initiatives.
The independent survey was done to know more about what organizations feared and what measures are they taking to mitigate the mobile security risks. More than 600 mobility professionals were involved in the survey and here are the key findings from the report:
Organizations say that mobile security risks are increasing.
• 85% said their businesses face at least a moderate risk from mobile security threats. 26% said it is a significant risk.
• 74% said that the risks associated with mobile devices have increased in the past year. Just 1% said they had gone down.
• 73% said that they expect risks to increase during the next year. Only 2% said that they expect them to decrease.
Despite this, they are sacrificing security for expediency.
• Almost a third (32%) admitted to having sacrificed mobile security to improve expediency and/or business performance—38% of those said that their organization is at significant risk from mobile threats.
• Over a quarter (27%) said that during the past year their company had experienced a security incident resulting in data loss or system downtime where mobile devices played a key role. An additional 8% said that while they hadn’t, one of their suppliers had.
Organizations are failing to take basic precautions.
• Less than two fifths (39%) change all default passwords.
• Only 38% use strong/two-factor authentication on their mobile devices.
• Less than half (49%) have a policy regarding the use of public Wi-Fi, and even fewer (47%) encrypt the transmission of sensitive data across open, public networks.
• Only 59% restrict which apps employees download from the internet to their mobile devices.
At Appknox, we conducted our own in-house research that showed that 95% of global E-commerce apps fail basic security checks. Click here to view the detailed analysis.
Almost all respondents (93%) think that organizations should be taking mobile security more seriously:
• 93% said mobile devices present a serious and growing threat.
• 83% agreed that organizations are complacent about mobile security, and 24% of those strongly agreed.
• 79% said disruption of systems is an even greater threat than the theft of data—those using IoT were particularly concerned.
• 61% said that their spend on mobile security had increased in the past year. 10% said it had increased significantly.
How common are mobile security incidents and who all are affected?
As per Verizon's research over a quarter (27%) admitted to having experienced a security incident that resulted in data loss or system downtime during the past year. And 40% of those (11% of the total) said that the incident—or the most serious one if they had experienced multiple—had been major with lasting repercussions.
Almost every industry vertical was affected by security threats but the healthcare and public sector were hit the most.
More than 35% of healthcare organizations said they had suffered data loss or downtime due to a mobile device security incident. Over 33% of public sector organizations experienced a mobile-related incident.
How you can improve your mobile security?
With the proliferation of mobile devices into our everyday lives giving rise to digital transformation and the Internet of Things impacting people and processes across all industries. And the increased usage of cloud computing and web applications makes mobile security a necessity and a priority for both businesses and consumers.
Verizon’s Mobile Security Index 2018 provides the following steps that you can take today for a more secure tomorrow:
1) Reduce the risk of malicious and vulnerable applications - Prevent employees from installing apps downloaded from the internet. Create a custom app store and monitor all apps added to it. Make use of an application management software/ endpoint security that controls which apps are installed, and scans those for vulnerabilities.
2) Improve device management, automating it as much as possible - Create a formal BYOD policy detailing employee responsibilities. Implement a mobile device management (MDM) system and device segmentation, keeping personal and work data and applications separate.
3) Increase user/employee awareness and create an incident response plan - Provide regular security training including how to spot
the early warning signs of an incident. Create an incident response plan that makes employees aware of what to do in the event of an incident.
4) Reduce the use of less secure connections - Create a policy on the use of public Wi-Fi and deploy a VPN solution to any device that needs to access sensitive data over an unsecured network.