Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

Verizon: Attacks on Mobile Devices Rise

Companies of all sizes are being hit by mobile attacks and feeling the effects for extended periods of time, according to the 2020 Verizon Mobile Security Index.

RSA CONFERENCE 2020 - San Francisco - The theme of Verizon's 2020 Mobile Security Index is innovation - on the part of both enterprise security professionals and the attackers trying to work past their best efforts.

Mobile devices are getting abused by cybercriminals, but companies are still giving those devices the security short-shrift. "About 40% of our respondents across the board report having a mobile security compromise," says Bryan Sartin, executive director of global security services at Verizon. That's an increase from 33% of organizations in Verizon's 2019 report.

The annual report, released here today, is based on surveys and interviews with more than 1,100 business and cybersecurity professionals. 

While many companies have experienced a mobile compromise, 43% report that they have sacrificed the security of mobile devices in the name of "getting the job done." And the main reason for security sacrifice will sound familiar to most security professionals.

Nearly two-third of those responding, 62%, said that expediency was the reason for short-changing security, while 52% listed convenience. The short-term convenience of lowering security standards had ramifications that persisted, though: According to the report, 66% of companies described the impact of mobile security breaches as major, and 55% said that the impact was long-lasting.

Small and medium-sized businesses made up 28% of the victims, while those with over 500 employees represented 44% of the total. The small and medium-size business portion of the population is growing in both total representation and the importance mobile devices play in their business, Sartin says.

"80% of our respondents in small, midsized business say that mobile security is now key to productivity and profitability. That's huge," he says. "That was a nonexistent number last year. And now, 84% say that they are almost completely reliant on cloud and mobile security."

The use of cloud- and mobile security echoes the adoption of mobile devices and cloud services in general, and Sartin says that there are numerous reasons for companies to be adding to their populations of both mobile devices and cloud applications.

"Adoption for reasons like scalability, flexibility, diversified supply chain work from home employees, and increasingly, mobile workforces that have to get access to protected company systems, data, and platforms are driving this," Sartin says. "I think the necessity to have this functionality available is driving things, and that security is an afterthought." 

How to Protect Mobile Devices

Containerization of both apps and data on the mobile devices one way to protect mobile devices from attacks.

"Containerization has two interesting side effects," Sartin says. "One, of course, is creating kind of an island out of each device. It makes it very difficult to compromise consumer and personal information, as well as broader compromises on the corporate side," he explains. "So it makes pivoting more difficult. It also allows you to implement certain security countermeasures defensively, like password rotations, forcing those down on the end user."

A zero-trust model of security is another way to protect mobile devices, according to Verizon.

In the Verizon report, Aspi Havewal, director of collaboration and mobility at Verizon, provides additional advice. "First and foremost, prioritize the user experience. Make it part of every risk discussion you have, because a bad user experience is a big risk in and of itself," Havewal said. "You should give your employees a range of options to do their work securely, and stay connected with your users. The more you communicate with them about the policy and controls that are in place, the more your users will appreciate security."

Related Content:

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "SSRF 101: How Server-Side Request Forgery Sneaks Past Your Web Apps."

Curtis Franklin Jr. is Senior Editor at Dark Reading. In this role he focuses on product and technology coverage for the publication. In addition he works on audio and video programming for Dark Reading and contributes to activities at Interop ITX, Black Hat, INsecurity, and ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days
Kelly Sheridan, Staff Editor, Dark Reading,  4/3/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-21082
PUBLISHED: 2020-04-08
An issue was discovered on Samsung mobile devices with N(7.x) software. Dex Station allows App Pinning bypass and lock-screen bypass via the "Use screen lock type to unpin" option. The Samsung ID is SVE-2017-11106 (February 2018).
CVE-2018-21083
PUBLISHED: 2020-04-08
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software. There is information disclosure (of a kernel address) via trustonic_tee. The Samsung ID is SVE-2017-11175 (February 2018).
CVE-2018-21084
PUBLISHED: 2020-04-08
An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software. There is a race condition with a resultant read-after-free issue in get_kek. The Samsung ID is SVE-2017-11174 (February 2018).
CVE-2018-21085
PUBLISHED: 2020-04-08
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant use-after-free in vnswap_deinit_backing_storage. The Samsung ID is SVE-2017-11176 (February 2018).
CVE-2018-21086
PUBLISHED: 2020-04-08
An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software. There is a race condition with a resultant double free in vnswap_init_backing_storage. The Samsung ID is SVE-2017-11177 (February 2018).