Enterprises are seeing more mobile and Internet of things attacks amid broad threat surfaces and security lapses, according to a Verizon report.
Verizon’s Mobile Security report for 2020, which is based on 1,100 cybersecurity and business professionals, lays out some the landscape. To wit:
- 43% of companies have said they have sacrificed security.
- 39% of companies said they have been compromised on mobile security, up from 33% a year ago.
- 62% of companies said they sacrificed mobile security for expediency, with another 52% citing convenience.
- 55% of companies said that the repercussions of a mobile security compromise were long lasting.
- 29% said they suffered a regulatory penalty due to a mobile security compromise.
- 43% of companies that have been compromised said they plan to increase security spending in the next 12 months.
As 5G, IoT and mobility deployments scale in 2020, mobile security is likely to become a larger issue. In Verizon’s report, 59% of companies said they were hit by downtime with 58% losing data.
In its report, Verizon noted that innovation on the mobile front also means that cybercriminals will become more creative.
Unfortunately, it’s not just network operators and device manufacturers that are innovating. We also explore the recurring theme of attackers getting more creative. This “mal-innovation”—from novel ways to exploit vulnerabilities to new ways to monetize attacks—is making protecting mobile devices, and all the data and resources they connect to, an ongoing challenge for business. Mobile security is not a new issue, but the stakes are getting higher.
Many of the techniques to gain access to networks via mobile devices haven’t changed.
For instance, phishing is still prevalent with both consumers and enterprise users falling for scams. Indeed, 48% of consumers noted that they fell for a phishing attack 6 or more times compared to 15% of enterprise users. Other mobile security issues were due to granting permissions blindly as well as ransom ware, insecure code, social engineering and failure to patch.
Some cybercrime techniques such as juice jacking—the use of modified USB ports in free charging spaces—were semi-unique to mobile, but many established best practices apply to multiple screens.
What remains to be seen is how 5G will alter the mobile security equation.
The rollout of 5G may mean that enterprises ultimately mandate that employees use 5G over public Wi-Fi. Security risks surge when employees use public Wi-Fi. According to Verizon, 48% of companies prohibit the use of public Wi-Fi already with the remainder either allowing its use or lacking a policy.
5G is underpinned by a virtualized, cloud-based architecture that makes it easier to enable highly specialized functions—and security—for different network applications. In the future, this is expected to blur the distinctions between fixed networks (including those accessed over Wi-Fi) and cellular networks. Cellular already accounts for over a quarter (28%) of data transfer to cloud apps and, as 5G expands and more mobile tools are deployed to front line workers, this number is likely to grow. In fact, 80% of our respondents said that within five years mobile will be their primary means of accessing cloud services.