According to a telecom firm, pandemic has made the mobile security worse. Read on to know more about the current mobile security environment and understand the cyber security risks.
It’s a never-ending fight to stay ahead of malicious actors and malware creativity in order to produce the experiences that customers and employees want. It’s not just about the tools you use; it’s also important to have a plan that places mobile security at the forefront of your IT strategy.
Statistics
According to this year’s Verizon Mobile Security Index, nearly half of all businesses (49%) said COVID-19-related remote work harmed their mobile security efforts, and 40% cite mobile devices as their top IT security threat.
Verizon found the lowest-ever number of businesses admitting to a mobile-related security violation in its fourth-annual survey — just 23% of respondents compared to 39% last year. But, as the research writers of the study put it, “hold the Champagne. Nearly one in four companies suffering a mobile device attack is not cause for celebration.”
Meanwhile, the number of businesses who said they compromised the security of mobile devices, including IoT devices, in order to “get the job done” and reach a deadline or productivity goal increased from 43% in the 2020 study to 45% this year. In addition, nearly a quarter (24%) of respondents sacrificed the protection of their mobile devices in order to react to restrictions imposed as a result of the COVID-19 situation. It’s not shocking, then, that businesses that compromised security in 2021 were 1.5 times more likely to suffer a mobile-security breach.
According to the survey, 70 percent of businesses that saw a rise in remote work as a result of the pandemic lockdowns expect it to decrease again. However, 78 percent of respondents believe it would stay higher than it was before pandemic. Overall, respondents predict that the number of remote employees will stabilise at 48 percent.
Similarly, nearly half i.e. 46 percent of respondents said their IT workloads are now run in the cloud, and 75 percent said their reliance on cloud-based apps is rising.
The Mobile Security Report
Verizon commissioned an independent research firm to conduct a survey of 876 professionals responsible for acquiring, handling, and securing mobile and IoT devices for its 2021 Mobile Security Index. This involves small and large businesses from all sectors in Australia, the United States, and the United Kingdom.
Despite the decline in documented compromises, more than two-thirds of respondents said mobile device risks have risen in the last year, with half saying these risks are rising higher than others in their IT environments. Furthermore, the dependence on security threats associated with mobile devices does not appear to be slowing down anytime soon.
Sampath Sowmyanarayan, Chief Revenue Officer at Verizon Business, in a prepared statement said that “While businesses focused their efforts elsewhere, cybercriminals saw a wealth of new opportunities to strike,”
He added “With the rise of the remote workforce and the spike in mobile device usage, the threat landscape changed, which for organizations means there is a greater need to hone in on mobile security to protect themselves and those they serve.”
Best Practices
In the future, as corporate data and applications move between data centres, cloud, and mobile devices, Verizon advises that companies use zero-trust mechanisms and Safe Access Service Edge (SASE) architectures to protect corporate capital. The study report outlines three steps to achieving zero trust network access, as well as supporting technologies for each.
In the first, verify the users. When users try to access organisational networks, this means that they are who they think they are. Multi-factor authentication, such as biometrics and on-time passcodes, are among the supporting technologies.
In the second step, validate all devices and ensure that the ones making requests are identified, patched, and compliant with corporate security policies. Endpoint device management technologies and digital certificates can be used to do this.
Lastly, even after a user has been authenticated and the device has been checked, restrict the access to corporate resources. This process is in compliance to Verizon’s security practices of reducing data access to those who need to know or have minimum privilege. Network segmentation and a software-defined perimeter are two supporting technologies for limiting access.