45 percent of organizations have experienced a security compromise effected via a mobile phone or other mobile device during the last year, per Verizon’s 2022 Mobile Security Index report. This is a huge rise compared to their 2021 report, when the equivalent figure was 25 percent. The 2022 figures for companies with a global presence were even worse, with 61 percent saying they had suffered a compromise involving a mobile device during the previous 12 months.
The relative good news is that the rate of mobile compromises was depressed in 2021 because… erm… people were at home because of COVID-19. The bad news is that this year’s figure is in line with worsening trends established before the pandemic struck. The longer-lasting impact that the lockdown had on working patterns may actually accelerate the decline in security because the use of mobile devices for work is encouraged by the increased adoption of hybrid and remote working. 79 percent of respondents said changes to working practices had a negative impact on cybersecurity.
The insecure reliance on home and public networks was emphasized by two shocking statistics:
- 85 percent of companies have no policy for using or securing the wi-fi and mobile networks used in the home and away from work
- 68 percent of companies permit staff to use public wi-fi for work
It is a good idea to never attribute to malice what can be explained by stupidity, and this is consistent with the survey finding that 62 percent of cyberattacks blamed on insiders were due to their negligence rather than any intention to hurt their company. Slightly more than half of respondents admitted they had cut corners on security for mobile and IoT devices because they had been pressured to meet a deadline or target. Far fewer were willing to resist the pressure to sacrifice security. Just 15 percent of security mistakes resulted in somebody being sacked.
Spending on security has risen in response to the increased perceived threat. 77 percent said their cybersecurity budget had increased since 2021, and the same proportion expected an increase in 2023. 85 percent said they had a specific budget for mobile security. However, two-thirds of respondents believed companies only take cybersecurity seriously after they have been compromised.
The Verizon Mobile Security Index report looks long at first glance but appearances are deceptive because there are many graphs and photos as well as lots of artful use of blank space. It is well worth reading through the whole report properly, but if you are short on time you can still usefully skim through the statistics highlighted in big letters to obtain all the key takeaways. Downloading the report requires the registration of your personal details; it is available from here.
