83% Of Enterprises Are Complacent About Mobile Security

• 89% of organizations are relying on just a single security strategy to keep their mobile networks safe.
• 61% report that their spending on mobile security had increased in 2017 with 10% saying it had increased significantly.
• Just 39% of mobile device users in enterprises change all default passwords, and only 38% use strong two-factor authentication on their mobile devices.
• Just 31% of companies are using mobile device or enterprise mobility management (MDM or EMM).

These and many other insights are from the recently published Verizon Mobile Security Index 2018 Report. The report is available here for download (22 pp., PDF, no opt-in). Verizon commissioned an independent research company to complete the survey in the second half of 2017, interviewing over 600 professionals involved in procuring and managing mobile devices for their organizations. Please see page 20 of the study for additional details on the methodology.

The study found that the accelerating pace of cloud, Internet of Things (IoT), and mobile adoption is outpacing enterprises’ ability to scale security management, leaving companies vulnerable. When there’s a trade-off between the expediency needed to accomplish business performance goals and security, the business goals win the majority of the time. 32% of enterprises are sacrificing security for expediency and business performance, leaving many areas of their core infrastructure unsecured. Enterprises who made this trade-off of expediency over security were 2.4x as likely to suffer data loss or downtime.

Key takeaways from the study include the following:

• 79% of enterprises consider their employees to be the most significant security threat. The study points out that it’s not due to losing devices, inadvertent security errors or circumventing security policies. It’s the threat of employees using their secured access for financial or personal gain. 58% of senior management leaders interviewed view employees with secure access as the most significant threat. Security platforms that can stop credential attacks using risk assessment models predicated on behavioral pattern matching and analysis by verifying an employee’s identity are flourishing today. One of the leaders in this field is Centrify, who espouses Zero Trust Security. The following graphic from the study shows the priority of which actors enterprise leaders are most concerned about regarding threats, with employees being the most often mentioned.

• 32% of enterprises have sacrificed security for expediency and business performance leading to 45% of them suffering data loss or downtime. The study found that companies who sacrificed security were also 2.4x more likely to have experienced data loss or downtime as a result of a mobile-related security incident. For the 68% who prioritized security over expediency, just 19% had suffered data loss or downtime.

• 89% of enterprises are relying on just a single security practice to keep their mobile networks safe. Verizon’s study found that the majority of enterprises are relying on just one security practice to protect their networks. 55% have two in place, and just 14% have four. Of the four security practices, only 39% change all default passwords. Just under half (47%), encrypt the transmission of sensitive data across open, public networks. The following graphic from the study illustrates the percentage of enterprises who have between 1 and all four security practices in place.

• Just 49% of enterprises have a policy regarding the use of public Wi‑Fi, and even fewer (47%) encrypt the transmission of sensitive data across open, public networks. A startling high 71% of respondents use public Wi-Fi networks for work tasks, despite their companies prohibiting their use. Taking risks with unsecured Wi-Fi networks for expediency and business performance being done at the expense of security supports a key finding of this study. Nearly one in three (32%) of enterprises are sacrificing security for expediency and business performance, including accessing unsecured Wi-Fi networks. The following infographic from the study explains a few of the many security threats inherent in the design and use of public Wi-Fi networks.