Nearly half of businesses surveyed for a fresh report from Verizon admitted to cutting corners on mobile security, a practice one of the operator's executives warned could leave them vulnerable to data leakage, financial damage or worse if not swiftly rectified.
Verizon Business Group Cybersecurity Evangelist Dave Grady told Fierce the operator’s 2021 Mobile Security Index included a number of “pretty shocking” findings, with statistics showing a stark disconnect between mobile-related risks and corporate policy. The report was based on a survey of 856 businesses across Australia, the U.S. and U.K.
For instance, Grady noted that while 71% of businesses deemed mobile devices crucial to their operations, 45% admitted to sacrificing mobile device security to meet a deadline or productivity targets. “To be able to say 'we know that they’re really important but we’re still cutting corners,' that’s a pretty risky proposition to try to run your business on,” he said.
Additionally, though 72% of organizations were worried about device abuse or misuse, Grady said 57% reported having no formal policy defining acceptable device use. “It’s really surprising. You see schools make children sign those acceptable use policies that they won’t do bad things in the computer lab, and yet you have multiple million-dollar organizations” that are not requiring employees to do the same.
Grady explained there appear to be several factors contributing to the problem, noting the dramatic shift to remote work caused by the Covid-19 pandemic last year left a lot of businesses struggling “to cover all the bases to the extent that they needed to” in terms of security. He added there is also a “lingering misperception that mobile devices are more secure than they actually are” and many organizations have yet to integrate their mobile and traditional security operations.
The lack of adequate protections comes with two key risks. The first is a potential disruption to operations caused by malware or the loss of a key device, a scenario he said could cost a company “millions of dollars a day.” He also flagged the potential for data leakage, data loss or privacy violations, which could result in legal trouble, financial penalties or reputational damage.
He highlighted a need for multiple stakeholders within each business to work together to address potential vulnerabilities spanning user habits, applications, devices and the network.
“It’s really a community responsibility across the organization to improve mobile security…it’s not just IT’s job,” Grady said.