When it comes to beating competitors in the marketplace, mobile security for enterprise is less of a priority than business performance.
That's just one of the surprising findings of Verizon's inaugural Mobile Security Index 2018, a 22-page report that dives into how mobile security for enterprise is seen in theory and in practice.
The results of the study, which surveyed about 600 U.S.- and U.K.-based IT professionals who manage mobile devices for their organizations, found that about 32 percent of the respondents "admitted to sacrificing mobile security to improve business performance," while only 14 percent had implemented the most basic cybersecurity practices. Only 39 percent report that they change all default passwords, while only 38 percent said they use strong two-factor authentication on their mobile devices. Only 59 percent of the respondents said they restrict which apps employees can download from the internet to use on their mobile devices. The surveys were conducted in the second half of 2017 and included responses from IT professionals who work for many multinational companies.
Some 39 percent of the respondents also reported that their organizations allow employees to use their own personal mobile devices for business work – commonly referred to as BYOD – while also ranking the practice as their top concern when it comes to security.
"Our experience shows that many organizations aren't fully prepared for the security challenges caused by the increased use of mobile connectivity and devices—and the increased access to information," the report states. "Nothing is 100 percent secure, the challenge for those responsible for IT security is to reduce risk to an acceptable level. But our research found that approximately one-third of organizations have knowingly sacrificed security for expediency or business performance."
Mobile security for enterprise gets worse, said the report.
"According to our research, many companies haven't taken even the most basic precautions to protect their data and core systems," the report continued. "This is alarming since the danger of cyberattacks continues to grow."
Some 93 percent of the respondents agreed that mobile devices present a serious and growing threat, while 20 percent of the respondents who use IoT devices cite them as their most significant concern.
About 79 percent of the respondents said that disruption of their business operations is an even greater threat than the theft of data, while 79 percent also said they fear that employee misuse of mobile devices – accidentally or intentionally – is a significant concern.
"As mobility becomes more integral to business operations in today’s digital economy – from supply chain management to IoT-enabled sensors to customer-facing mobile apps – protecting mobile platforms is critical," Thomas J. Fox, a Verizon senior vice president, said in a statement. "Securing the multitude of mobile devices that connect to public and private networks and platforms is paramount for protecting corporate assets and brand integrity."
Incredibly, only 33 percent of the participating organizations said they use mobile endpoint security and only 47 percent said they incorporate device encryption. Only 31 percent are using Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) applications, according to the study.
To counter these deficiencies, companies should implement policies to reduce the risk of infections from malicious applications on mobile devices by providing mobile app stores where employees can download approved apps, the report continued. Application management software that scans apps for vulnerabilities should also be deployed, the report states.
In addition, companies should dramatically improve device management by ensuring that all default passwords are changed, deploy mobile endpoint security and threat detection to all devices, and also implement MDM and EMM across their operations, according to Verizon.
At the same time, companies should implement strong password policies and ensure adherence, while also providing regular security training and annual employee testing for their mobile security awareness, the report continues. Companies should also regularly review employee access to systems and data, as well as create and implement an incident response plan to help reduce damage caused by a security incident.