Mobile Security Is Serious Business
Verizon recently released its annual Mobile Security Index, an always-anticipated snapshot of experiences and attitudes among senior professionals responsible for their organization’s mobile security. This year’s results crystallize what we at Privoro have known for some time: that mobile devices are as indispensable to modern business as they are challenging to protect. Let’s dig into the highlights.
Key finding: Mobile devices are critical to modern business
The majority (71%) of respondents said that mobile devices are “critical to their business,” which we defined as an answer of 8 or higher on our 10-point scale.
- Verizon’s 2021 Mobile Security Index
It wasn’t too long ago when enterprises viewed employees’ smartphones as curiosities, not fully knowing what to make of these new devices. This often resulted in a laissez-faire approach to mobile, letting staff use them for work and hoping that they wouldn’t cause too much damage.
Of course, those days are long over. Speed matters, and it’s widely accepted that smartphones move business forward by keeping teams connected and minimizing delays in decision-making. This is especially true in our new work-from-anywhere reality, where smartphones are often a vital lifeline among teams spread out across locations.
Besides replicating PC-based functionality like productivity apps and cloud access, smartphones are relied upon from everything from authentication to media capture. Organizations that fail to incorporate mobile devices risk getting left behind by those who are moving full steam ahead in their digital transformation efforts.
Key finding: Mobile devices are a big security risk
Three-fifths (60%) of respondents said that mobile devices are their company’s biggest IT security threat.
– Verizon’s 2021 Mobile Security Index
It’s important to remember that unlike PCs, smartphones were developed first and foremost as consumer devices, so security wasn’t a primary consideration. While great strides have been made in the years since, both from smartphone vendors and mobile security players, security still often takes a backseat to consumer demands for third-party apps and lower prices.
Mobile devices also have a number of unique factors that can make security challenging. These include the difficulty of detecting phishing emails on a smaller screen, the intermingling of personal and corporate assets on a single device and the tendency of smartphone users to not treat messages with the same skepticism they might exhibit on their PCs.
Smartphones also have a number of vectors that are foreign to PCs, including all-access cameras and microphones, the potential for detailed location tracking and susceptibility to IMSI catchers and other over-the-air attacks.
Taken together, these peculiarities and additional exposures provide ample opportunity for threat actors.
Key finding: The risks are growing
More than two-thirds of respondents said that the risks associated with mobile devices had increased in the past year. And half (50%) said that mobile device risks are growing faster than others.
- Verizon’s 2021 Mobile Security Index
Thanks to the combination of increased reliance on mobile devices and continuing smartphone security gaps, it’s no surprise that hackers have shifted their focus to these devices in a big way. With so much enterprise data available to smartphones, hackers who have compromised a mobile device can extract that data and look for nuggets of valuable information. A compromised smartphone can also act as a foothold for gaining access into the larger enterprise network. And often overlooked is the fact that a hacked phone can in many cases be used as a surveillance device against its user, with captured images, sounds and locations telling a rich story to any bad guy willing to invest the time.
In this operating environment, it’s imperative that businesses prioritize mobile security with the same tenacity they do for laptops. This might mean leveraging a unified endpoint management (UEM) platform to restrict risky activities or employing mobile threat defense (MTD) to defend against active threats. Or this might mean distributing an anti-surveillance tool like SafeCase to top execs or giving business travelers a Faraday case like Vault. Whatever the right mix may be for your organization, you won’t regret paying more attention to mobile security.