Mobile security is serious business

by Mike Fong on May 14, 2021

VerizonMobileSecurityReport

Verizon recently released its annual Mobile Security Index, an always-anticipated snapshot of experiences and attitudes among senior professionals responsible for their organization’s mobile security. This year’s results crystallize what we at Privoro have known for some time: that mobile devices are as indispensable to modern business as they are challenging to protect. Let’s dig into the highlights.

Key finding: Mobile devices are critical to modern business

The majority (71%) of respondents said that mobile devices are “critical to their business,” which we defined as an answer of 8 or higher on our 10-point scale.
– Verizon’s 2021 Mobile Security Index

Sponsorships Available

It wasn’t too long ago when enterprises viewed employees’ smartphones as curiosities, not fully knowing what to make of these new devices. This often resulted in a laissez-faire approach to mobile, letting staff use them for work and hoping that they wouldn’t cause too much damage.

Of course, those days are long over. Speed matters, and it’s widely accepted that smartphones move business forward by keeping teams connected and minimizing delays in decision-making. This is especially true in our new work-from-anywhere reality, where smartphones are often a vital lifeline among teams spread out across locations.

Besides replicating PC-based functionality like productivity apps and cloud access, smartphones are relied upon from everything from authentication to media capture. Organizations that fail to incorporate mobile devices risk getting left behind by those who are moving full steam ahead in their digital transformation efforts.

Key finding: Mobile devices are a big security risk

Three-fifths (60%) of respondents said that mobile devices are their company’s biggest IT security threat.
– Verizon’s 2021 Mobile Security Index

It’s important to remember that unlike PCs, smartphones were developed first and foremost as consumer devices, so security wasn’t a primary consideration. While great strides have been made in the years since, both from smartphone vendors and mobile security players, security still often takes a backseat to consumer demands for third-party apps and lower prices.

Mobile devices also have a number of unique factors that can make security challenging. These include the difficulty of detecting phishing emails on a smaller screen, the intermingling of personal and corporate assets on a single device and the tendency of smartphone users to not treat messages with the same skepticism they might exhibit on their PCs.

Smartphones also have a number of vectors that are foreign to PCs, including all-access cameras and microphones, the potential for detailed location tracking and susceptibility to IMSI catchers and other over-the-air attacks.

Taken together, these peculiarities and additional exposures provide ample opportunity for threat actors.

Key finding: The risks are growing

More than two-thirds of respondents said that the risks associated with mobile devices had increased in the past year. And half (50%) said that mobile device risks are growing faster than others.
– Verizon’s 2021 Mobile Security Index

Thanks to the combination of increased reliance on mobile devices and continuing smartphone security gaps, it’s no surprise that hackers have shifted their focus to these devices in a big way. With so much enterprise data available to smartphones, hackers who have compromised a mobile device can extract that data and look for nuggets of valuable information. A compromised smartphone can also act as a foothold for gaining access into the larger enterprise network. And often overlooked is the fact that a hacked phone can in many cases be used as a surveillance device against its user, with captured images, sounds and locations telling a rich story to any bad guy willing to invest the time.

In this operating environment, it’s imperative that businesses prioritize mobile security with the same tenacity they do for laptops. This might mean leveraging a unified endpoint management (UEM) platform to restrict risky activities or employing mobile threat defense (MTD) to defend against active threats. Or this might mean distributing an anti-surveillance tool like SafeCase to top execs or giving business travelers a Faraday case like Vault. Whatever the right mix may be for your organization, you won’t regret paying more attention to mobile security.

*** This is a Security Bloggers Network syndicated blog from Be Aware authored by Mike Fong. Read the original post at: https://blog.privoro.com/mobile-security-is-serious-business

May 14, 2021May 14, 2021 Mike Fong Mobile Security, Smartphone Vulnerabilities

Mike Fong

Mike Fong is the founder and CEO of Privoro. He is an experienced technology executive and entrepreneur who started Privoro to solve the security and privacy issues of mobile devices – from attacks of sophisticated nation-states to over-reach by corporations and apps in the “surveillance capitalism” economy. Privoro launched the SafeCase in 2018, the first high-security extensible smartphone case with built-in, patented anti-surveillance capabilities that provides unprecedented levels of protection and assurance. Prior to Privoro, Mike founded and built Calence LLC from a startup to the largest pure-play networking integrator in the US at the time of its sale, with over $300+ million in sales to corporate and government clients. Mr. Fong has also consulted, or served as a board member, to companies in many industries, including chairing the Arizona Governor’s Council on Innovation and Technology. He is a two-time Ernst & Young Entrepreneur of the Year finalist and was named the Ed Denison Business Leader of the Year for the State of Arizona. Mr. Fong started his career at Arthur Andersen and holds a BS degree in Electrical Engineering from Carnegie-Mellon University.

mike-fong has 13 posts and counting.See all posts by mike-fong