Companies are not equipped to handle the security concerns associated with IoT and BYOD, according to a Verizon report.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- 32% of mobility professionals said their organization sacrifices mobile security to improve business performance. -- Verizon, 2018
- Only 14% of organizations said they had implemented the most basic cybersecurity practices. -- Verizon, 2018
Mobile has become a key component of enterprise operations, with apps and Internet of Things (IoT) devices a commonality in many organizations. However, companies are failing to keep up with cybersecurity best practices in this increasingly mobile environment: 32% of organizations admit to sacrificing mobile security to improve business performance, according to Verizon's Mobile Security Index 2018.
The 600 mobility professionals surveyed for the report said that this lack of security vigilance is leading to major consequences: Professionals that said they knew their organization chose performance over security were more than twice as likely to have experienced data loss or downtime at their company (45% versus 19%).
Despite the risks, only 14% of organizations said they had implemented even the most basic cybersecurity practices, the report found. Just 39% said they change all default passwords, while 38% said they use two-factor authentication on their mobile devices. And only 59% restrict which apps employees can download from the internet to their mobile devices.
SEE: Mobile device computing policy (Tech Pro Research)
Of the industries examined in the study, healthcare and the public sector were most likely to experience a security issue. Some 35% of healthcare organizations and 33% of public sector entities said they had suffered data loss or downtime due to a mobile device security incident.
"As mobility becomes more integral to business operations in today's digital economy - from supply chain management to IoT-enabled sensors to customer-facing mobile apps - protecting mobile platforms is critical," Thomas J. Fox, senior vice president with Verizon, said in a press release. "Securing the multitude of mobile devices that connect to public and private networks and platforms is paramount for protecting corporate assets and brand integrity."
The report offered the following recommendations for protecting the mobile enterprise:
1. Reduce the risk of malicious applications. Organizations should implement policies that determine which apps can be downloaded by employees, and even create a custom app store to make the environment more secure. They can also deploy application management software that scans apps for vulnerabilities.
2. Improve device management. Companies must ensure that all default passwords are changed, deploy mobile endpoint security and threat detection to all devices, and implement Mobile Device Management (MDM) and Enterprise Mobility Management (EMM).
3. Increase employee awareness. Organizations should implement a strong password policy and ensure adherence, provide regular security training, and test employee awareness annually. They should also regularly review employee access to systems and data, and create an incident response plan to help reduce damage caused by a security breach.
- Special report: Cybersecurity in an IoT and mobile world (free PDF) (TechRepublic)
- Your failure to apply critical cybersecurity updates is putting your company at risk from the next WannaCry or Petya (ZDNet)
- Ransomware: A cheat sheet for professionals (TechRepublic)
- 3 things you need to know about cybersecurity in an IoT and mobile world (ZDNet)
- Consumers now value security over convenience on apps and devices, report says (TechRepublic)