Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile Security

// // //
2/21/2018
08:05 AM
Carol Wilson
Carol Wilson
News Analysis-Security Now

Verizon Mobility Security Index Shows Enterprises Not Doing Enough

The Verizon Mobility Security survey shows enterprises are aware of the growing risk that smartphones and tablets present but aren't doing enough to address it.

Enterprises are aware that growing use of mobile devices in business is increasing security risks, but many of them admit they aren't yet doing all they can to mitigate those risks. This is in part because they are putting other business goals first, according to the first Mobile Security Index conducted by Verizon Wireless Business Group.

Verizon Wireless surveyed 600 mobility professionals, including many from multi-national corporations, and found that while 93% admitted the growing use of smartphones and tablets is creating greater security risks, almost one third admitted sacrificing mobile security to improve business performance.

That behavior could include things such as using public WiFi networks that aren't secured in order to access business apps -- 14% of those surveyed admitted doing this, even when it is against policy -- notes Justin Blair, executive director of mobile business products for Verizon's Wireless Business Group. The purpose of the Mobile Security Index is to raise awareness of the risks, so they can be properly factored in, he adds in an interview.

"We think many businesses are not really understanding how big the risks are when it comes to mobile security," Blair said. "They need to understand that the minute you go from paper to digital, leveraging a tablet, that tablet is a way into the network. So you need to have device management capability and some level of security on that tablet."

The index showed that companies who did sacrifice security for expediency were almost two-and-a-half times more likely to suffer downtime or data loss.

The survey also show that, for 79% of respondents, the greatest concern around mobile security is disruption of business operations, he adds, and not data loss.

"If you have moved away from paper to go digital, if you are relying upon a smart phone or tablet to do your job now, then if you can't access the stuff you are supposed to access, you can't get your job done," Blair said. "That's what many businesses are most concerned about."

One unsurprising statistic from the Mobile Security Index: 86% of respondents agree employee behavior is the greatest risk. This is true in general where corporate security is concerned, but it is especially true in the mobile space because devices such as smartphones and tablets may travel with the employee, who may download an application or access a site that "unwittingly invites a hacker into the network," Blair said. "In many cases, these devices store critical information or employees need to access critical information like financial data in some of the verticals we serve today. But employees are also used to using these devices as consumers and they may not always be aware of what the risks are."

Verizon intends to use the Mobile Security Index to increase the awareness of security tools that can protect business data and operations today including device enrollment programs it has with Apple, Samsung and Google, mobile device management and mobile threat detection software.

Device enrollment programs allow an enterprise to specifically document the mobile devices it purchases and ensure that they have mobile device management software. The device isn't usable until it passes authentication tests, Blair says.

"Right there you are securing a brand new digital asset before you are allowed to touch the network or put business critical information on it," he comments.

Mobile device management also allows the corporation to control what features and functionality an employee can access on the corporate device, through policies, and prohibit risky things such as accessing unsecured WiFi.

"You can also set up custom application stores so you can manage what applications employees are allowed to download on that device," Blair says. "In many cases, if it is a business specific use, such as a tablet in retail store, you want to completely lock down that device, so only business applications are allowed to be use and an employee couldn't be using it to surf YouTube or Netflix after hours."

In what has become a sad cliché of many security surveys, this one shows that many businesses who claim to care about security aren't even doing the basics to protect themselves, such as changing default passwords, implementing two-factor authentication or imposing policies that limit riskier behaviors.

"The door is wide open in a few of these areas," Blair says.

— Carol Wilson, Editor-at-Large, Light Reading

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Machine Learning, AI & Deep Learning Improve Cybersecurity
Machine intelligence is influencing all aspects of cybersecurity. Organizations are implementing AI-based security to analyze event data using ML models that identify attack patterns and increase automation. Before security teams can take advantage of AI and ML tools, they need to know what is possible. This report covers: -How to assess the vendor's AI/ML claims -Defining success criteria for AI/ML implementations -Challenges when implementing AI
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-40942
PUBLISHED: 2022-09-28
Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.
CVE-2022-40912
PUBLISHED: 2022-09-28
ETAP Lighting International NV ETAP Safety Manager 1.0.0.32 is vulnerable to Cross Site Scripting (XSS). Input passed to the GET parameter 'action' is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in cont...
CVE-2022-22523
PUBLISHED: 2022-09-28
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 Web-App which allows an authentication bypass to the context of an unauthorised user if free-access is disabled.
CVE-2022-22524
PUBLISHED: 2022-09-28
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an unauthenticated remote attacker could utilize a SQL-Injection vulnerability to gain full database access, modify users and stop services .
CVE-2022-22525
PUBLISHED: 2022-09-28
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 an remote attacker with admin rights could execute arbitrary commands due to missing input sanitization in the backup restore function