More Mobile Devices, More Problems, Security Survey FindsVerizon Business Finds That Companies Still Struggle to Secure Employee Devices
The era of pandemic-induced telework is also the era of higher reliance on mobile devices for sensitive workplace information - meaning we're likewise living in the age of fretful chief information security officers, a new survey concludes.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Of the 600 high-level security practitioners surveyed by Verizon Business for its annual Mobile Security Index, nearly 8 in 10 said recent changes to working practices have adversely affected their organization's cybersecurity.
Driving those worries is a shift to mobile devices in the remote workplace. Many employees now have access to the same data - customer lists, billing information and company intellectual property - through a mobile device as they would using a desktop attached to an office desk.
Slightly more than half of survey respondents say mobile devices used by workers have more access to sensitive data than they had a year ago and nearly 60% say a higher percentage of the workforce embraces mobile devices.
The prospects for those numbers getting smaller - or even staying the same - are small, given how the vast majority of respondents also said flexibility in work location and the devices employees can use is important to attracting talent. About 4 in 10 respondents say their companies allow employees to use their own mobile devices to access corporate systems and data and another 4 in 10 are considering doing so.
Mobile devices need not be a cause for worry, says Verizon - provider of the largest mobile network in the United States. New security approaches and tools mean working from home can be just as secure as working from the office.
"But companies are still struggling," Verizon says.
One reason might reside in security operations themselves, says Tari Schreider, a technologist with advisory firm Aite-Novarica Group. Mobile devices are the attack vector "least thought of by CISOs," he tells Information Security Media Group. Mobile devices are often still seen as consumer devices. "The perception of business vs. consumer security and the potential to violate individual privacy rights contributes to the lack of seriousness of mobile device security," Schreider says.
Not surprisingly, 45% of respondents say they suffered a compromise involving a mobile device in the last 12 months. Of those respondents, 73% describe the impact of the attack as "major," and over two-fifths say that it had lasting repercussions.
Improving Mobile Security
Enterprises have been using mobile device management solutions almost since personal devices were first used in the workplace. But an MDM isn't the same as mobile security, the report cautions.
To counter sophisticated mobile threats, experts believe enterprises should consider mobile threat defense and mobile security solutions.
Anshuman Sharma, Verizon's head of investigative response for the Asia-Pacific region, tells ISMG that companies should adopt a zero trust network access approach. That way, security is less reliant on end users making informed and security-conscious decisions.