Companies that aren’t acting on mobile security just so happen to be more likely to suffer a cyber incident or significant downtime as a result.
Lax attitudes as well as prioritizing profits and performance over security are among the reasons why some companies aren’t doing enough to secure the mobile devices widely used by workers throughout their enterprises.
Twenty-seven percent of respondents in Verizon’s Mobile Security Index 2018 said their organization had been through a mobile-device-related security issue in the past year that caused downtime of critical systems or otherwise resulted in data loss. What’s more, 11 percent of those say the damage done by the incident has been “major with lasting repercussions.”
Among retail and hospitality respondents, 16 percent had suffered a mobile-security incident and 15 percent had a “major” one.
Tellingly, just 19 percent of those with up-to-date mobile security measures (68 percent) experienced data loss/downtime—a far cry from the 45 percent of the security shirkers (32 percent) that were similarly affected.
Verizon’s data shows that even the most rudimentary precautions fall by the wayside. Measuring four “essentials”—changing default passcodes, establishing public WiFi access policies, restricting app downloads and two-factor authentication—the research revealed that just 14 percent of companies had all of these safeguards in place. Most (89 percent) had just one, and more than half (55 percent) had two in place. Only 39 percent of respondents said they routinely switch out default passwords. Despite the risks of using unsecured networks, just 49 percent of surveyed companies maintain clear protocols for accessing public WiFi. And even more alarming, 14 percent of respondents—those in charge of setting mobile policies—admitted to using WiFi for work.
It’s puzzling, then, that 93 percent said the smartphones, tablets and other portable wireless devices used by employees pose a grave threat, and one that will only continue to grow. Retail and hospitality respondents (82) cite mobile devices as a potential risk, and 22 percent acknowledged these devices as a “significant” one. However, total respondents overwhelmingly (83 percent) acknowledged the complacency that pervades organizations when it comes to mobile security.
Of note, many respondents (79 percent) expressed greater concern regarding disruption to important business systems than for stolen data—and that concern grew for companies that have implemented Internet of Things connectivity and devices within their business. Twenty percent of companies with IoT devices in their fleet cite them as their chief headache in terms of endpoints. For context, 60 percent of those surveyed have already incorporated IoT devices. Because many IoT endpoints are deployed in remote locations, as opposed to smartphones and tablets that are with an employee most of the time, they are more easily tampered with and at risk for network compromise, according to the report.
However, some IoT-running companies are confident they’ve taken the right steps to prevent an incident. Twenty-six percent described their IoT security protocols as very effective.
Despite the overall inertia on smartphone and tablet security, 46 percent said mobile security budgets grew in 2017—and the same number said budgets will increase in 2018, too.
Verizon worked with an independent research firm in the second half of 2017 to survey more than 600 individuals that manage and procure mobile devices for their organizations.