As organizations continue to invest in building out IoT environments, a failure to secure mobile access could prove disastrous.
While cybersecurity breaches understandably result in data exposure, the extenuating circumstances can prove far more extensive, especially for today’s highly connected enterprise. According to the recent Verizon 2020 Mobile Security Index, a mobile security compromise, in particular can have a range of other consequences such as downtime, supply chain delays, lost business, damage to reputation, and regulatory fines.
“We definitely see that mobile security as a threat vector is increasing considerably with just about 40% of respondents having some type of mobile security related compromise. Within that, 66% of the organizations suffering a major compromise,” says Bryan Sartin, Executive Director of Global Security Services at Verizon. “Most of those are saying that the experience included serious lasting repercussions. That in itself is a big departure from what we’ve previously seen in mobile security. We've always seen mobile security related breaches few and far between…clearly that's changing.”
Sartin tells IndustryWeek, the survey shows almost equal numbers and a different mix of mobile technologies serving as a conduit, not necessarily for where data is stolen, but as an access point. “Account takeover is also clearly setting the stage for stolen or compromised credentials, often as the result of weak security hygiene,” he says.
Changing landscape
As IoT continues to expand, the volume and variety of connected devices is growing rapidly. According to survey results, 84% of organizations said that IoT devices are crucial to their digital transformation, and, 31% of those surveyed admitted to suffering a compromise related to an IoT device.
Unfortunately, not enough businesses are taking action to adequately protect their IoT investments. Even though the vast majority of the companies (78%) thought that their IoT data was of value to hackers, less than half (47%) said that they encrypt all IoT data sent across public networks.
According to Sartin, the introduction of 5G technology is going to expand the threat landscape because it provides better bandwidth and more application functionality. “It comes with more potential to move data back and forth, which sets the stage for more complicated web service-based applications and platforms,” says Sartin. “84% of organizations rely on mobile devices for their access to the cloud and most of these are reporting that reliance on cloud-based application is increasing. 5G is going to multiply these numbers.”
Fortunately, equally exciting security benefits exist with 5G. “It is going to enable the enterprise to really change, build and design networks of the future. As 5G adoption builds at the enterprise level, there will be a better solution set with integrated security,” he says. “It will change the game in the next five years in terms of what LAN and WAN look like in the corporate environment.”
Road ahead
According to survey results, companies recognize that their mobile security efforts are falling short, noting a moderate to significant risk from IoT device threats. 60% of respondents say pressure to get to market quickly often takes priority over security, and “over half (51%) said that security is not a priority for v1.0 (minimum viable product); it’s something they can worry about later.”
While many organizations overlook security needs, manufacturers seem to be the most worrisome as 94% of them agree that organizations need to take mobile security more seriously. And according to the findings:
- 87% of manufacturers were concerned about competitors stealing their trade secrets or intellectual property (IP).
- 77% of manufacturing respondents said that they personally used public Wi-Fi for work tasks, even though it was explicitly prohibited by company policy for 42% of them.
- 67% of manufacturing, construction, and transportation companies that had suffered a mobile security compromise said the impact was major.
Pending regulations could soon put pressure on connected organization. According to the report, several bills such as the IoT Cybersecurity Act have also been introduced to the U.S. Congress. Additionally, discussion has started on the Cyber Shield Act, which seeks to establish an advisory committee of cyber experts from government, industry, and academia to create cyber benchmarks for IoT devices.
“Unfortunately, there seems to be a big gap in terms of understanding, quantifying, and doing something about smart mobile security in the enterprise. Its time organizations embrace smarter security practices including better authentication,” says Sartin. “For instance, the containerization of mobile apps for the separation of consumer-oriented usage versus business usage. Plus, embracing seamless VPN and encryption on the device and communication stream would help.”
Written by: Peter Fretty, Technology Editor for IndustryWeek.