BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

62% Of Enterprises Sacrifice Mobile Security For Speed

This article is more than 4 years old.

  • 84% of enterprises said that their reliance on data stored in the cloud is growing, making mobile device security a strategic priority.
  • 54% of enterprises are less confident about the security of their mobile devices than that of their other systems.
  • 45% of enterprises said that their defenses are falling behind attackers’ capabilities.
  • According to MobileIron, 31% of devices were found to harbor known threats today.
  • 21% of enterprises who have been compromised said that a rogue or unapproved application had contributed to the incident.

These and many other fascinating findings are from the Verizon’s Mobile Security Index (MSI) 2020, downloadable here (70 pp., PDF, opt-in). Verizon’s latest Mobile Security Index relied on MobileIron’s Threat Defense installed base for aggregate data from mobile devices that have threat detection activated. Taking this approach enabled Verizon to discover malware and man-in-the-middle (MitM) attacks were top threat vectors in 2019. Since the Index began in 2018, there’s been a 41% increase in companies reporting they have been comprised via mobile devices. According to the U.S. Secret Service, who contributed to this year’s report, the average loss from a bank robbery is about $3,000, while the average loss from a successful business-email compromise attack is nearly $130,000. The Index is based on interviews with 876 professionals responsible for buying, managing, and securing mobile devices. Please see page 63 of the study for more details on the methodology.

Mobile-Centric Zero Trust Needs To Be the First Line Of Defense

Cyberattackers are opportunistic and quick to take advantage of security gaps in mobile device applications, connections, and platforms. Based on the insights provided in the Index and lessons learned from speaking with CISOs and IT leaders at RSA Conference 2020 on San Francisco, it’s clear that organizations could benefit from a more agile, adaptive approach to mobile-centric zero-trust security. To learn more about how zero trust works, be sure to watch Forrester Principal Analyst Dr. Chase Cunningham’s excellent video, Zero Trust, in Practice here

Dr. Cunningham’s video and ongoing thought leadership and the latest Verizon Index both underscore how vulnerable mobile apps, devices, and platforms are to attacks. Hackers are successfully weaponizing mobile devices against enterprises with the goal of exfiltrating confidential corporate data using a variety of techniques, including MitM attacks. The study also found that public WiFi networks are 94.7x riskier to use than secured corporate WiFi networks.

Organizations need to take a mobile-centric zero-trust approach that is adaptive and agile enough to flex as their business changes over time. The sooner every organization realizes that mobile identities are the new security perimeter, the more effectively they will be able to protect company data wherever it travels. They’ll also be able to help users comply with company security policies and local regulations.

Among the many solutions to securing mobile devices at the recent RSA Conference, MobileIron’s UEM platform with MobileIron Threat Defense (MTD) is noteworthy in how it enables organizations to detect and remediate mobile threats, including app, device and network attacks, even when the device is offline. MobileIron’s MTD is differentiated from its many competitors by how it offers continuous protection against mobile device threats, including malware, MitM attacks, and unencrypted networks that exploit user behavior and security gaps. One of the main themes of RSA this year was passwordless security on mobile devices, an area I will cover in my RSA roundup this week.

Key Insights from Verizon’s Mobile Security Index 2020

Key insights include the following:

  • Enterprises are sacrificing mobile device security for greater speed (62%), more convenience (52%), or the opportunity to gain greater profitability (46%). Every business needs to react quickly to new opportunities for growth. Given the proliferating complexity and number of threats, it’s not worth nearly doubling the risk of being hacked. Instead of seeing mobile security as an impediment to achieving their business goals, every business needs to consider how a breach could impact customer loyalty and their brand reputation. 87% of enterprises are concerned that a mobile security breach will have a lasting impact on customer loyalty, and 81% said that a company’s data privacy record would be a key brand differentiator in the future. Only 13% of enterprises have adopted regular security screening, data encryption, need-to-know access, and no default passwords corporate-wide, however.


  • Enterprises are 2X more likely to be hacked if they perceive mobile security as a roadblock to achieving their revenue, growth, or profit goals. Nearly half of enterprises have sacrificed security, leading to their being compromised. 43% of companies sacrifice security, perceiving it to impede getting more work done and driving more sales and profits. 39% of companies suffer a security compromise as a result. The following graphic illustrates the relationship between those companies who sacrificed security and were compromised.

  • 66% of enterprises that have suffered a breach or compromise are classifying it as a major event that defied quick fixes to resolve. Security and operations leaders say that clean-up proved time-consuming, tricky, and a challenge to completely contain. 37% of security leads specifically said it was difficult and expensive to remediate the effects of a breach. The most common costs to an enterprise include more downtime than expected (59%), loss of data (56%), and regulatory penalties (29%). The study’s authors are quick to point out that they see organizations with fewer than 50 employees to those with more than 10,000 being breached.

Conclusion

Taking a mobile-centric zero-trust approach to secure organizations is a revenue and profit multiplier by ensuring continued operations while reducing the potential of a breach. Mobile devices are the new identities everyone relies on today. Securing them with a mobile-centric zero-trust approach and framework is where every organization needs to begin. 39% of organizations admitted to suffering a security compromise involving a mobile device—up from 33% in the 2019 report and 27% in our first report. Of those that had suffered a compromise, 66% said the impact was major, and 36% said it had lasting repercussions. A mobile security breach can have serious financial implications and do lasting damage to your brand. The good news is that the greater urgency an organization pursues a mobile-centric zero trust framework, the greater the opportunity to thwart breach attempts and keep operating, uninterrupted by hacking attempts. 

Follow me on LinkedInCheck out my website