Verizon Business' Fourth Mobile Security Index revealed that nearly half (49%) of surveyed businesses reported that changes to remote working practices during the pandemic have adversely impacted their cybersecurity.

About 79% of organizations experienced an increase in remote working in 2020, according to Verizon Business' recent survey of 800 professionals from the public sector, SMBs and enterprises across eight industries in the US, the UK and Australia. Verizon's annual mobile security report aims to gain insight into the mobile threat landscape and how organizations are addressing threats to their data and key systems. Cybersecurity threats are outlined under four attack vectors in the report including: users/behaviors, applications, devices/IoT and networking/cloud.

While 40% of businesses acknowledge that mobile devices are the biggest IT security threat to their organizations, 45% knowingly sacrificed mobile device security in favor of productivity. Understandably, 52% of respondents believe small and midsized businesses are a bigger security target than enterprises; SMBs typically have fewer resources to dedicate to bolstering their cybersecurity, and tend to have smaller in-house IT and security teams.

Phishing attacks on the rise

Terrance Robinson, head of Sales and Marketing Enterprise Mobile/IoT Cybersecurity for Verizon, says there has also been a huge increase in phishing attacks during the pandemic – LinkedIn and applications with messaging features have been heavily targeted with these types of attacks. In addition, "mobile device users are 26 times more likely to click on a phishing link than they are to encounter malware," according to findings from Wandera, a partner company that contributed to the report.

"We've seen a huge increase in phishing – between 2019 and 2020, we saw a 364% increase in phishing attempts. What's really driving that is bad actors can be so much more successful phishing a mobile endpoint than any other corporate asset," explains Robinson.

Malware attacks have decreased slightly, but mobile device users need to be vigilant about updating their devices' operating systems to ensure they're running the latest security patches, and also be careful about which applications they download, explains Robinson. Just because an app is listed in an iPhone or Android app store doesn't guarantee it's safe – 4% or one in 25 apps leak user credentials, he says.

Figure 1: (Source: Verizon Business)

"Patching is still the number one thing that people can do to prevent vulnerability. In many instances, a lot of the vulnerabilities out there from an OS perspective are well known. But, are you running the latest patch to firmware to ensure your device is protected? Especially in BYOD (bring your own device) shops, there's a high percentage of users that aren't running the most current version of an operating system," says Robinson.

Corporate guidelines and ZTNA key to improving mobile security

Shadow IT, which occurs when employees download or use programs without IT's approval, is on the rise as well, says Robinson, and Verizon's report found 72% of organizations are concerned about device abuse or misuse. Despite that, 57% don't have an Acceptable Use Policy (AUP) in place so employees are left without corporate guidelines on mobile device use.

Verizon Business' report isn't solely focused on threats to mobile devices – it also includes security recommendations structured around the five functions in the National Institute of Standards and Technology (NIST) Cybersecurity Framework. The five functions are identify, detect, protect, respond and recover. Employee training around recognizing phishing attacks, and utilization of zero trust network access (ZTNA) capabilities are just a few of the recommendations Robinson says organizations should consider on the road to strengthening their mobile device security strategies.

Figure 2: View a larger version of this image here.
(Source: Verizon Business)

"When you think about cloud and network security, we're starting to see a convergence where mobile will ideally be integrated with a lot of the other security tools that organizations have invested millions of dollars into, especially on the enterprise side, to be able to have better visibility and analytics of all their assets," says Robinson.

In addition to analysis from Verizon, the Mobile Security Index includes data and insights from 13 security and management companies including Asavie, Blackberry Cylance, Check Point, IBM, Ivanti, Lookout, NetMotion, Netskope, Proofpoint, Qualcomm, Thales, VMware and Wandera.

— Kelsey Kusterer Ziser, Senior Editor, Light Reading