The traditional nine-to-five in-office workday has shifted to an always-on hybrid or remote working world, but a study from Verizon has found that with the increase in hours, locations and devices that employees are using, there has been a commensurate increase in vulnerability for companies protecting themselves from cyber attacks.
The Verizon Mobile security index (MSI) 2022 revealed that the new world of hybrid work that has followed the mass pivot to remote work has seen security teams face an uphill battle as the number of devices and remote workers increases. The MSI detailed four sectors of the mobile threat landscape – people and behaviours, apps, devices and things, and networks and cloud.
It also provided insights into how to help safeguard against pending cyber attacks, such as establishing a zero-trust network access (ZTNA) model and a secure access service edge (SASE) architecture, which are designed for a mobile-first, cloud-first world.
In the survey, 64% of respondents said public awareness of cyber security risks will increase in the future. This, suggested Verizon, was partly attributable to nearly two-thirds (66%) of companies saying they had previously come under pressure to sacrifice mobile device security “to get the job done”, such as meet a deadline or hit productivity targets, with 52% succumbing to that pressure.
Worryingly, almost 80% of respondents agreed that recent changes to working practices have adversely affected their organisation’s cyber security.
Major attacks were found to be on the rise, with 45% of companies surveyed suffered a compromise in the past 12 months – up 22% year on year. Just over half (52%) of respondents said they had previously sacrificed the security of mobile devices, including internet of things (IoT) devices, to “get the job done”.
The MSI also highlighted the impact of cyber crime on mobile security across various business sectors. Within the enterprise sector, 23% of respondents had suffered a mobile security compromise. Of those, 74% said the impact of the compromise was major and 34% said it had lasting repercussions. Also, four out of five (81%) organisations said their mobile device security spend had increased over the past year and 76% believed it would also increase over the coming year.
Almost nine out of 10 (88%) retail businesses were concerned that a mobile security breach could have a lasting impact on their brand or customer loyalty. However, 70% said increased mobile use is essential to staying relevant to consumers, while 41% said this presented a daunting security challenge. Within financial services, more than nine out of 10 (93%) executives believed cyber criminals saw their sector as a more lucrative target than other industries.
Nearly nine out of 10 (87%) healthcare organisations were concerned that the highly confidential nature of patient data made them a target for cyber criminals and 85% said they were concerned that a security breach could compromise patient care. Conversely, three out of four (76%) firms thought the adoption of telehealth presents healthcare providers with a great opportunity to improve patient care.
Almost nine out of 10 (87%) of those in public sector and education said employee expectations for remote/flexible working were forcing them to re-evaluate how they operate. A further 72% of respondents agreed that the increased use of mobile-based services by public sector employees is essential to accelerating the digital transformation of public services.
Looking at manufacturing, construction and transportation, the survey showed that four out of five (79%) respondents regarded a mobile security compromise as a potential disruption to their entire supply chain, resulting in serious financial implications. However, 76% of organisations agreed that the adoption of mobile-based services by shop-floor workers is essential to improving productivity.
These sectors have been keen adopters of IoT devices and services and the survey also observed a continued rise in major cyber attacks in the past year involving a mobile/IoT device, up 22% year on year, which resulted in data or system downtime. With 85% of companies surveyed saying they now have a budget dedicated to mobile security, Verizon said there has never been a more pressing need to apply those funds to cyber threat mitigation.
The provider also suggested that with the increased threat, it might seem companies would double down on their policies. However, Verizon noted that the findings pointed in the opposite direction, with 85% saying home Wi-Fi and cellular networks/hotspots are allowed or there is no policy against them, and 68% allow or have no policy against the use of public Wi-Fi.
“For businesses, regardless of industry, size or location on a map, downtime is money lost,” said Sampath Sowmyanarayan, CEO of Verizon Business. “Compromised data is trust lost, and those moments, although not insurmountable, are tough to rebound from. Companies need to dedicate time and budget on their security architecture, especially when it comes to off-premise device. Otherwise, they are leaving themselves vulnerable to cyber threat actors.”