Changes to remote working practices made during lockdown adversely affected their cybersecurity.
Mobile device and cloud-based apps have become ubiquitous due to individuals and organisations battling to maintain productivity, best practices for security have not kept pace with IT teams still treating mobile security separately to overall enterprise security practices, during the global pandemic.
According to Verizon’s recently released annual, data-driven Mobile Security Index 2021 showed cyber security has been constantly in the news cycle in recent weeks.
There have been widespread reports of IT disruption within the Australian Federal Parliament which place the public sector under the spotlight, along with financial organisations and Nine’s cyber awakening, as such I wanted to follow up with you the below report from our client Verizon.
Now in its fourth year, the report provides details on the increasing risks and growing impact of mobile security compromises.
Verizon’s in-depth MSI 2021 report highlights the important trends on mobile security issues that should be elevated in importance along with cyber security breaches and trends, including:
- People and behaviours – with more than half of companies that experienced a mobile-related security breach attributing it to user behaviour, there is a need for greater user education.
- For example, there was a 365 per cent increase in phishing attacks, yet very few people (8 per cent) could identify the correct definition of phishing.
- Apps – lack of awareness of best practice for app permissions on business devices, coupled with the high percentage of businesses that do not have an Acceptable Use Policy or have relaxed app permissions, means greater risk of exposure to mobile threats.
- Devices and things – while device and IoT manufacturers continue to improve hardened security, workers reported allowing friends or family to use their work devices. IoT devices are collecting PII, with a significant proportion not using encryption.
- Networks and cloud – very few companies are taking measures to block the use of public WiFi despite the risks, despite more than half of companies that experienced a mobile-related compromise attributing the breaches to insecure connections such as a rogue base station or use of insecure Wi-Fi.
Interestingly, even though 40 per cent of businesses surveyed recognized that mobile devices are their company’s biggest IT security threat, 45 percent of them knowingly sacrificed the security of mobile devices to “get the job done” (e.g., meet a deadline or productivity targets) and nearly a quarter (24 per cent) sacrificed the security of mobile devices to facilitate their response to restrictions put in place due to the pandemic.
The effect of the pandemic on the workforce is going to have a lasting impact. According to the report, a large majority (70 per cent) of those that had seen remote working grow following the introduction of pandemic restrictions expected it to fall again afterward. However, seventy-eight percent (78 per cent) said that it would still remain higher than before lockdown. Overall, our respondents said that they expected the number of remote workers to settle at around half (49 per cent).
Small and Medium-Sized Businesses are also under threat
Over half of those surveyed (52 percent) said that small and medium sized businesses are more of a target than larger enterprises but even though this is the case, 59 percent of small and medium sized businesses had sacrificed security with 22 percent suffering a mobile compromise. Seventy-eight percent stated that they should take mobile-device security more seriously.
Security should always be front and centre
Of those surveyed, 72 per cent of organisations are worried about device abuse or misuse. Part of the problem is that many companies struggle to develop an effective Acceptable Use Policy (AUP) — 57 per cent didn’t have one at all.
The MSI details people and behaviours, apps, devices and things and networks and cloud as the four sectors of the mobile threat landscape. Additionally, it provides expert insights into how to help safeguard against pending cybercrime attacks, such as establishing a “zero trust network access (ZTNA)” model and a secure access service edge (SASE) architecture, which is designed for a mobile-first and cloud-first world.