Verizon: Businesses are falling behind on mobile security

Verizon Wireless recently connected with more than 600 enterprise mobility experts from across the globe to assess the state of corporate device security programs. Respondents painted an unflattering picture of internal information security operations, revealing the presence of major operational deficiencies that lay the groundwork for crippling data breaches and distributed denial of service attacks. These results confirm the fears IT analysts expressed earlier in the year, according to the International Data Group. With the total number of connected devices projected to approach 20 billion worldwide this year, security experts postulated that cyberattacks would increase in volume and complexity, and that enterprises simply did not have the defenses in place to address this escalating threat climate. It appears they were correct.

Trading security for speed
Perhaps the most startling statistic included in the Verizon study revealed that a significant number of enterprise IT departments hold speed in higher regard than security. Almost one-third of respondents attested to shirking data security protocols and protections in an effort to expedite business processes. Of these individuals, nearly half said their respective firms experienced data loss or costly downtime as a result of this decision. This is not a new issue. Companies and the employees that propel them have long chosen speed over data security, despite the obvious and very material risks.

Analysts for the survey firm Harris Interactive came to the same conclusion back in 2011 when they interviewed 500 IT professionals and found that more than half encountered scenarios wherein employees shared communal login credentials to accelerate digital operations, according to Infosecurity Magazine. This issue sits at the center of the cloud computing debate and has received much attention among members of the software development community, where even the masterminds behind some of the most celebrated applications cut data security corners to reduce time to market, Dark Reading reported. In short, this issue is unlikely to resolve itself anytime soon.

Despite this state of affairs, this best practice bears repeating: Organizations that want to protect their digital assets must take the time develop, deploy and carefully follow data security protocols, no matter how aggravating this may be. With the average data breach causing more than $3.6 million in damage, businesses can literally not afford to leave their endpoints unprotected, according to IBM and the Ponemon Institute. Any kind of efficiency gains achieved as a result of lax data security practices lose all impact when auditors come knocking or production grinds to a halt.

"The average data breach causes more than $3.6 million in damage."

Ignoring critical best practices
Analysts for Verizon found that organizations were largely ineffective in promoting best practices for protecting wireless devices. Respondents indicated that their respective enterprises failed to follow simple guidelines and, as a result, regularly courted risk. For example, more than 60 percent said their employers did not change default passwords. Sadly, the same proportion of survey participants reported two-factor authentication systems were not in place. These data points alone would terrify most data security experts, as they know hackers can easily deduce passwords via advanced decryption tools, according to the International Data Group. Stock or hastily drafted credentials do not stand a chance in an environment where even carefully thought-out passwords are relatively easy to crack. 

In addition to mismanaging passwords, respondents said that fellow employees received little guidance on leveraging public Wi-Fi to transmit sensitive business data, the implication being that workers likely traded such material over unsecured internet connections. This behavior is extremely risky as cybercriminals can easily burrow into Wi-Fi networks and extract data from the users signed into them. Even simply connecting to communal networks without passing on sensitive data is dangerous, IDG reported. Despite the presence of these risks, companies continue to let loose mobile device users without coaching them on how to protect themselves. 

Finally, the Verizon survey showed that internal IT departments do little to warn users about the danger of downloading malware-infected mobile applications. More than one-third of respondents said their organizations offered little advice on the subject, essentially allowing employees to download any applications they want. This is, of course, a major data security faux pas due to the fact the hackers often roll out Trojans disguised as legitimate applications in an effort to plant malware on the devices of unsuspecting users. Some build applications that function normally but are studded with malicious programs that siphon off information, as the thousands of users who downloaded the malware-infected Facebook Lite learned last March, according to Malwarebytes. 

Overall, respondents indicated their respective organizations failed when it came to adhering to the four primary enterprise data security best practices: altering default passwords, encrypting data shared over public networks, restricting access to internal servers and conducting regular system tests. Only 14 percent said their IT departments practiced all four.

Searching for solutions
The aforementioned data points depict a harrowing state of affairs for modern organizations with expansive enterprise mobile infrastructure. However, there is consensus among IT stakeholders that the threat environment warrants concrete action. Approximately 93 percent of the Verizon survey respondents said connected devices "present a serious threat" to enterprises. More importantly, 61 percent indicated that their respective budgets for mobile security had increased over the past year, with 10 percent saying these allotments had risen "significantly." With these technical leaders in the position to take action, the question becomes, "What threats should newly funded IT departments address?"

DDoS attacks have become a major problem for companies in every sector. Hackers conduct these strikes by leveraging large groups of remotely controlled computers called botnets to overload and shut down web applications and portals. The average enterprise loses $500,000 per DDoS attack, according to the researchers at the software firm Incapsula. These assaults increased 91 percent in 2017 due to the rise of IoT devices and other connected fixtures, Corero Network Security reported. Sadly, this activity is likely to continue over the course of 2018 as even more enterprise mobile devices gain service and employees and customers further embrace mobile technology.

"Approximately 93% of the Verizon survey respondents said connected devices "present a serious threat" to enterprises."

Spoofing is another common tactic hackers employ when targeting mobile networks. This tried-and-true methodology involves sending an email or text message to an unsuspecting employee that appears to originate from a supervisor or important client. In most cases, these fraudulent communications ask for important business or personal information. A significant number of individuals fall victim to this approach despite the fact that is has been around for more than a decade. In fact, spoofing was the fourth most common tactic employed to catalyze data breaches in 2016, according to research from Symantec.

Of all the attack vectors employed by modern cybercriminals, ransomware is perhaps the most popular. This software, normally delivered through email or a Trojan masquerading as an application, quickly races through internal networks and locks all data, which is then ransomed. Victims can either pay the amount or risk losing all of their information. These particularly vicious attacks increased by 250 percent in 2017, according to Kaspersky Lab. Again, this escalation will continue for the foreseeable future as businesses adopt more mobile devices, TechRepublic reported.

These are just a few of the threats IT departments face and should rush to address using their recharged budgets.

Although the Verizon report reveals an unflattering reality, organizations are not doomed to stew in their embarrassment and maintain the status quo. They can take immediate action to strengthen their data security protocols and defenses in the era of the IoT. How? Embarking on wide-ranging IT modernization efforts is a good place to start. 

The team at Inventu Corporation can help with these efforts. Our innovative Flynet Viewer simplifies screen integration, easing the modernization process while meeting employer and staff expectations in a way that feels both familiar and simple. Review our product page to learn more about the Inventu Flynet Viewer and the other solutions in our extensive product portfolio.