Last week in Security Central we examined the growing mobile malware problem and the important elements of a conversation with clients when it comes to a multilayered mobile-security approach.
This week we look to new research from Verizon that finds mobile threats be damned — business is hooked on mobile and many organizations are throwing security concerns out the window in exchange for the efficiency and speed that mobility offers.
In its Mobile Security Index 2018, Verizon polled more than 600 professionals in charge of managing mobile devices for their organizations. The carrier found that while nearly three in four (73 percent) expect risk around mobile devices to increase in the next year, one in three (32 percent) admitted to sacrificing mobile security to improve expediency or business performance.
“Those that sacrificed security were 2.4-times as likely to experience data loss or downtime due to an incident involving a mobile device. This happened to 45 percent of those that put expediency and performance before mobile security,” said Verizon in a summary of the findings.
Another way of reading this is to realize that your clients don’t just have to worry about criminals when it comes to mobile security, because their managers and employees are providing just as much exposure to the mobile risk surface by ignoring basic defense practices. And we are talking very basic here; the survey found only 39 percent said they change all default passwords and more than half didn’t have a public Wi-Fi policy.
Key Takeaways for MSSPs
Mobile isn’t going anywhere, and its use will only increase in the next few years in business. With the risks and challenges around it, the results reveal a few highlights for MSSPs.
Awareness — Since the results reveal the obvious continuing struggle to balance security with productivity, a key opportunity here for MSSPs once again goes back to educating the end user. Respondents recognize this need, with almost one in four (23 percent) stating that lack of awareness among device users was a significant barrier to mobile security. And only 12 percent say their device users know a lot about mobile security. The time to discuss an awareness-training service for mobile is now.
Strategy around apps and devices requires your assistance — Among the recommendations from Verizon is creating a custom app store that can be used to vet all apps that are added to it. Preventing users from installing apps from anywhere else is a best practice and should be recommended to clients who have the resources to create one. Device management should also be part of the discussion around mobile-device strategy. Improving and automating device management is crucial with a mobile-device management system.
Budgets are there — Lack of budgetary resources was not cited by many as a reason for mobile security challenges. The report found that budgets for mobile have increased – and are expected to increase even more – with more than half (52 percent) of respondents saying that their mobile-device budgets have increased in the past 12 months. Just 2 percent said that they had decreased budgets around mobile.
Businesses clearly understand both the importance of mobile and the risks associated with it, and are allocating resources to address them. How can you be part of the solution to their mobile-security issue and make recommendations on how to use those dollars?
Who is Security Joan? We'll never tell, but all you really need to know is that she's a huge Steely Dan fan (as if the nom de plume didn't give it away). She's also a veteran infosec journalist who has covered the evolution of the cybersecurity industry, its shadowy criminal underworld, and the good people trying to stop them for more than a decade. In addition to our weekly Security Central column, Security Joan helps inform the Channel Futures cybersecurity coverage with her sizable expertise. Say hi on Twitter @Security_Joan or shoot her an email at [email protected].