61% of Global Organizations Suffered a Mobile Breach in the Last 12 Months
As the modern workforce has evolved, so has the technology that is relied upon. There is no doubt that the era of mobile is here to stay, from hybrid employees to cloud data access, leaving global enterprises vulnerable to cyber risks. The 2022 Verizon Mobile Security Index (MSI) report is now available, and the message is clear; mobile endpoints are increasing the enterprise attack surface, and organizations should focus on mobile security more than ever.
Five years ago, the conversation was very different. Mobile devices were slowly becoming a common site in boardrooms and offices, but the number of enterprise-focused tools was limited. At the time, the mobile phone was still just a communication device. Times have changed, and mobile phones and tablets dominate the endpoint space with more capabilities than ever before. But increased technological adoption also leads to an increased attack surface. For example, in the Verizon MSI, “53% of technology leaders surveyed reported mobile devices accessing more sensitive data than a year ago.”
As with many employees, data access is no longer limited to the established walls and security of the office. Tablets and smartphones have made it possible for employees to work from anywhere and truly be mobile, causing security teams to develop more Bring Your Own Device (BYOD) policies to support this mobile adoption. Mobile productivity apps continue to enable more work to be completed from mobile endpoints, often from unmanaged or BYO devices that lack the necessary management and security tools to stay secure.
Existing security toolsets are not scaling to the modern workforce, and the attack surface continues to grow. But it’s not just a security toolset problem; phishing attacks against mobile continue to rise. Over 50% of the security leaders surveyed for the Verizon MSI reported encountering unsafe links in their mobile endpoints. Zimperium’s 2022 Global Mobile Threat Report corroborates this increased attack vector, with research showing that 75% of the phishing sites specifically target mobile devices. While many users are trained to spot phishing attacks through traditional computers, mobile devices do not provide the same capabilities to spot these attacks. Mobile endpoints’ physical and investigative limitations, along with security complacency by end users, continue to impact the enterprise security posture.
Earlier this year, our survey results revealed that “42% of organizations report that mobile devices and web applications have led to a security incident.” The Verizon MSI reported that companies with a global presence were even more likely to have been affected, citing that “61% of those organizations suffered a compromise involving a mobile device.” The report also takes things a step further, highlighting the ripple effects felt by organizations long after that security incident. In their survey of security leaders, “46% reported the impact of the mobile-related compromise had a long-lasting impact.”
Beyond the endpoints, the Verizon MSI highlights an often glossed-over aspect of mobile security; the mobile applications themselves. While managed devices usually have a mobile device management (MDM) toolset installed, privately-owned devices often fall outside the purview of the security and management teams due to privacy. Additionally, with the rise in BYO policies to support the ever-mobile workforce, corporate productivity apps are installed among personal apps. Our research earlier this year found that “the average mobile device had between 100 and 120 apps installed; on average, 10% of those were work-specific.” But between app permissions, misconfigurations, malware, and fake apps, each new app download is a potential threat vector to an enterprise and its critical data.
The threats to mobile are only going to get more advanced, taking advantage of many factors that mobile users take for granted. In 2021,” iOS and Android devices experienced a 466% increase in exploited, zero-day vulnerabilities in active attacks.” Verizon’s 2022 Mobile Security Index reinforces the message covered in the 2022 Global Mobile Threat Report; mobile is critical, and now is the time for enterprises to address and protect against this attack surface.
To learn more about the critical mobile threats to mobile, including application developers and enterprise systems, check out the 2022 Global Mobile Threat Report here.