Remote work and a more dispersed workforce is widening the attack surface for organizations and adversely impacting cybersecurity, according to a new report from Verizon.
The telecommunications giant on Tuesday released its Mobile Security Index, which found that 49% of organizations surveyed said changes to remote working practices made during the pandemic-induced lockdown negatively impacted their cybersecurity posture as they rushed to ensure business continuity.
The report is based on results of an independent survey of more than 850 professionals responsible for buying, managing and securing mobile and IoT infrastructure for their organizations.
Apparently, those respondents said mobile devices are their organizations’ biggest security threats, as 40% said so. Another 45% said they sacrificed mobile device security “to get the job done.” And, 24% said they sacrificed mobile device security to facilitate their response to restrictions put in place during the pandemic.
The report also found that small and medium-sized businesses are more of a target than larger enterprises, but those businesses are not yet taking security as serious as they need to, with 59% said they sacrificed security and 22% saying they have suffered a mobile compromise. The overwhelming majority – 78% — said they need to take mobile-device security more seriously.
However, securing mobile devices is difficult as companies struggle to develop acceptable use policies. According to the survey, 72% of organizations are worried about abuse or misuse but 57% said they don’t have an acceptable use policy for mobile devices.
According to the report, the four sectors of the mobile threat landscape are:
- People and behaviors. The report found that 54% of companies that had experienced a mobile-related breach attributed at least part of it to user behavior.
- Almost a third of companies relaxed restrictions on installing new apps, and there was a 1,200% increase in the use of collaboration apps during the first three months of lockdown.
- Devices and things. Nearly three-fourths of U.S. workers have allowed friends or family to use their work devices, and 30% said IoT devices are of less interest to hackers than other systems. Most of those IoT respondents are collecting personal information, and 22% of those aren’t encrypting it.
- Networks and cloud. More than half of companies attributed a mobile compromise to a network threat like a rogue base station or insecure Wi-Fi, and just 8% of respondents said they block the use of public Wi-Fi.
There are steps that organizations should take to better secure their mobile devices, including establishing a zero trust network access model and a secure access service edge architecture.
In a statement, Sampath Sowmyanarayan, chief revenue officer for Verizon Business, said organizations were quick to transition to a remote work model, but that left some vulnerabilities for cybercriminals.
“While businesses focused their efforts elsewhere, cybercriminals saw a wealth of new opportunities to strike,” Sowmyanarayan said.
“With the rise of the remote workforce and the spike in mobile device usage, the threat landscape changed, which for organizations, means there is a greater need to hone in on mobile security to protect themselves and those they serve.”