YOU ARE AT:SoftwareMobile is 'critical', but security breaches are on the rise: Verizon report

Mobile is ‘critical’, but security breaches are on the rise: Verizon report

Remote work/remote access means a larger attack surface — and the inability to “disconnect” from work may be a factor

With the rise of remote and hybrid work, companies are more reliant than ever on mobile devices, and those devices are, increasingly, the main route that employees use to access sensitive company information. This is leading to more security breaches being associated with mobile devices.

“Companies are … struggling,” the report says, adding that nearly four-fifths of respondents reported that “recent changes to working practices had adversely affected their organization’s cybersecurity.”

The report is based on an April 2022 survey of more than 600 people responsible for enterprise security strategy, policy and management, plus interviews with C-level experts and contributions of information, incident and usage data from nine companies involved in mobile device security.

“For many, mobile devices are no longer a secondary device,” according to the report. “Many employees now have access to much of the same data—customer lists, banking details, employees’ personal data, billing information, etc.—and systems— messaging, enterprise resource planning (ERP), etc.—via their mobile devices as they would sitting at a desktop in the office. This means that the compromise of a mobile device can now pose a significant risk to customer data, intellectual property and core systems.”

With mobile increasingly viewed as “critical to business operations,” it’s getting more attention from cyber attackers. “From coordinated state-sponsored campaigns to unfocused, opportunistic criminal exploits, the volume of attacks is going up,” according to the report, adding that “Mobile devices are an attractive target” even if survey respondents still frequently believe that mobile devices are of less interest than other IT assets.

Verizon’s survey found that 45% of respondents said that their organization “had been subject to a security incident involving a mobile device that led to data loss, downtime or other negative outcome.” 73% of those described the impact as “major” and 42% said that it had “lasting repercussions.” In the previous report, fewer than half of mobile device security breaches were described as major and only 28% were reported as having lasting repercussions.

More than half of CISOs across all regions reported that targeted attacks on their organizations are up since mass hybrid working has been adopted. Big and small enterprises have different perceptions: only 48% of large enterprises (with 5,000+ employees) say that targeted attacks are up, but nearly 60% of companies with 500 or fewer employees say so.

Interestingly, a section of the report delves into the difficulty that some workers have in “disconnecting” from answering work emails and messages at all hours of the day, and new regulations in some countries that require that companies have an enforceable “disconnected” time. While that might seem like a quality of life issue, the report says that there is a direct connection with cybersecurity. Mobile devices already “can make it harder to spot an attack like a phishing email” because of limits on additional URL information that are easier to access on a laptop or desktop browser. “Tired or distracted employees are also more likely to tap on something that they shouldn’t,” the report adds.

ABOUT AUTHOR

Kelly Hill
Kelly Hill
Kelly reports on network test and measurement, as well as the use of big data and analytics. She first covered the wireless industry for RCR Wireless News in 2005, focusing on carriers and mobile virtual network operators, then took a few years’ hiatus and returned to RCR Wireless News to write about heterogeneous networks and network infrastructure. Kelly is an Ohio native with a masters degree in journalism from the University of California, Berkeley, where she focused on science writing and multimedia. She has written for the San Francisco Chronicle, The Oregonian and The Canton Repository. Follow her on Twitter: @khillrcr