US operator Verizon released its annual Mobile Security Index survey in May, with over half of respondents indicating that they had suffered major consequences from a mobile device-related security compromise in the past year. In an environment in which 79% of respondents saw remote working increase as a result of Covid-19, the survey results point to an increasing new threat vector for malicious activity.
The study, now in its fourth year, provides insights into the incidence of mobile threats based on a survey of over 800 enterprise procurement, management, and security professionals as well as a select group of security companies and law enforcement agencies. Specifically, the results point to new vulnerabilities created by work-at-home environments that would probably not be significant issues in offices. For example:
- 45% of respondents that prohibit employees from using social media at the office were aware that employees at home were using it anyway;
- 54% of respondents whose companies had experienced a mobile breach indicated that user behavior was a significant factor driving those breaches;
- Respondents reported a 364% increase in phishing attempts in 2020 compared to 2019.
The Verizon report also points to a number of additional impacts from extended work-from-home scenarios that are continuing to drive new vulnerabilities. Three-quarters of respondents reported increasing reliance on cloud-based apps, while 31% of companies had taken steps to make it easier for their employees to install new apps in response to Covid-19.
All of that adds up to a growing list of threat vectors around four key attack vectors uniquely vulnerable to work-from-home environments: user behaviors, app-specific vulnerabilities, device-related vulnerabilities, and cloud/network vulnerabilities, all of which are encompassed in the Cybersecurity Framework adopted by the National Institute of Standards and Technology (NIST) – a branch of the US Department of Commerce.
If Verizon’s cybersecurity survey provides any guide, both Verizon and NIST will be busy on the cybersecurity front for some time: two-thirds of respondents to Verizon’s survey believe that the term ‘remote working’ will disappear within five years. That points to the need for a pivot in focus for IT security professionals that have traditionally focused on employees working in physical offices but will now need to significantly expand their security footprints.