According to the 2024 Verizon Mobile Security Index report, the growth of mobile computing and IoT is exponentially expanding the attack surface that needs protection, which in turn will require a matching focus on ensuring sufficient mobile security processes, policies and investments.
“In putting together this report, we experienced moments of optimism as well as pessimism. While we were relieved to see positive indicators, like rising investments and awareness of mobile security and the growing adoption of technologies such as SASE to improve remote access security, organizational efforts are still falling short of recommended benchmarks,” the report stated.
In 2023, mobile threats reached record levels for both business users and consumers. Notably, 33% of mobile phishing attacks targeting technology company employees were successful.
The ongoing reliance on mobile devices and rapid increase in IoT use generates opportunities for attackers to take advantage of key vulnerabilities, including as-yet-undiscovered zero-day attacks.
Hence, the vast majority of respondents (93%) express concern about mobile cybersecurity risks. Nonetheless, a minority (39%) have defined organization-wide IoT standards, and even fewer (37%) say their organizations centrally coordinate IoT projects.
Mobile Security Trends
At present, mobile devices are now integral to business workflows, especially with the rise of flexible and remote work. In favor of employees, 92% of organizations support remote connectivity. In line with this, 46% view mobile devices as critical business tools, used to regularly access sensitive information.
86% agree that increased remote working has moved mobile security up their agenda, with 62% of authentications to corporate networks come from mobile and non-traditional operating systems.
Nearly all respondents (99+%) indicate that their organizations have implemented remote access security technologies, with the most commonly used being virtual private networks (VPNs), cloud access security broker (CASB) tools, identity and access management (IAM) platforms, and multi-factor authentication (MFA).
In addition, more than two-thirds (66%) of respondents now apply centralized security standards across all projects involving mobile devices and more than half (58%) of IT departments have oversight across these projects.
Also Read: Alert Levels Rising: Mobile Device Fraud
IoT Security Risks
Mobile devices have been keeping businesses up and running for years, but today, the widespread and growing use of IoT sensors and internet-connected devices can also expand cyber risks.
IoT adoption supports digital transformation across nearly every industry, with 62% affirming that they have mature, full-scale IoT deployments. However, IoT devices often have weak security and network connectivity.
This makes their existence an expansion of the attack surface and this exposure is particularly concerning for critical infrastructure organizations, which are already attractive targets for some of the most sophisticated threat actors in the world.
Across all critical infrastructure sectors, those from energy utilities and public sector organizations reported the most IoT projects in production, with the latter being a top target for organized crime, along with state-affiliated threat actors.
61% of critical infrastructure respondents use IoT devices to monitor the physical security of buildings and other properties, including video surveillance and over 50% use IoT devices to support efficiency by monitoring equipment or productivity as well as to enable services.
Unfortunately, 53% of critical infrastructure respondents have experienced significant mobile or IoT device-related security incidents leading to data loss or system downtime.
Out of which, a majority of Public Sector respondents (70%) reported that their organizations experienced a security incident involving a mobile or IoT device.
Security Strategy as Critical Defense
Data is the currency of modern enterprises. That is why establishing a strong data security strategy is not only a critical defense measure, but also a strategic business enabler.
It’s especially worrisome that attackers who compromise a mobile device frequently use the infected device to gain access to company networks. This can result in larges-cale data exfiltration, the spread of ransomware, customer and employee privacy violations and costly operational downtime.
Even though respondents report high levels of confidence in their mobile defenses across a number of areas, this appears to be a ‘false sense of security’ as this confidence contradicts the rising reported breach rates.
89% of respondents believe organizations need to take mobile device security more seriously. Fortunately, this is being observed as 84% of respondents increased or significantly increased mobile security spending in the past year, and almost the same percentage anticipates further increasing mobile security spending next year.
Another area where respondents express high levels of confidence was in their ability to recover quickly from a breach incident. But in reality, 75% of those that experienced a mobile- or IoT-related incident say remediation was not simple or cheap.
Keeping a close eye on “things,” 96% use automated solutions to monitor the effectiveness of the encryption measures used to protect IoT device data.
Despite this, gaps in IoT protections leave organizations vulnerable with 31% of respondents lacking systems to track all IoT devices, and 46% still using manual audits for device encryption.
Moreover, the rapid expansion of 5G, with its faster and more capable networks, is driving the need for enhanced mobile security. As organizations deploy more mobile and IoT devices, the cybersecurity attack surface broadens, increasing the demand for protection.
Regulatory requirements, such as the Cybersecurity Maturing Model Certification (CMMC) aligned with the Department of Defense and Europe’s General Data Protection Regulation (GDPR), are also key drivers of investments in mobile security.
Also Read: A Must for Digital: Connectivity & Cybersecurity
AI-Driven Cyberthreats
As AI-driven cyberthreats loom, defenders, including cybersecurity vendors such as Verizon, are working quickly to incorporate AI technology into mobile security tools and services. These solutions can help and are already helping organizations gain faster, better, more in-depth threat monitoring, access verification, and real-time phishing detection.
77% of respondents believe AI-assisted attacks like deepfakes and SMS phishing are likely to succeed.
Moving forward, “Public and private organizations must work together to deploy shield after shield, defense after defense, obstacle after obstacle, to foil threat actors attempting to interfere with the immense progress mobile and IoT connectivity delivers,” concluded the report.
Read Next:
Verizon's 2024 DBIR: Vulnerability Exploitation Behind Surge in Breaches
