Verizon released its fourth annual Mobile Security Index report. Not surprisingly, one of the big takeaways is that the COVID-19 pandemic has had a large impact on the mobile security landscape. Due to the unexpected and rapid rush to a remote working environment for millions of employees, reliance on mobile devices exploded and subsequently put enormous pressure on organizations to sacrifice security standards in order to provide a more productive experience away from the office.
New year, new report
As it did in 2020, NetMotion again provided Verizon with valuable findings that were included in the report. Some of those findings include:
- 43% of companies reported experiencing cybersecurity issues with remote workers
- An astounding 97% of security leaders believe that remote workers are exposed to more risk than office workers
There’s no doubt that the mobile security threat is real. In the 2020 MSI report, Verizon pointed to the rise of mal-innovation, a term used to describe the way that cybercriminals look for new and creative ways to carry out their attacks. Unfortunately, having so many employees outside the protection of their office networks this year has presented bad actors with a golden opportunity. As a result, 1 in 4 businesses have admitted to a mobile device attack in 2020[1]; a number that continues to rise.
Visibility is key
According to Verizon’s report, one of the key reasons for the increase in attacks is the lack of visibility into employees’ device usage. Despite the fact that remote employees have fewer security safeguards at their disposal, and that IT personnel may not have the tools to monitor those employees’ digital movements, the employees themselves tend to be less cautious about their activity. This can be as innocent as clicking links found in personal email or from web searches, or accidentally downloading and opening suspicious files.
If mobility is a must for employees, visibility and control are just as important for their IT, network and security teams, particularly on networks that aren’t owned or managed by the organization. NetMotion found that only 36% of organizations reported being satisfied with their current level of mobile device visibility. The answer is to adopt a solution that removes blind spots by incorporating digital experience monitoring (DEM), giving real-time data that can be used to flag any risky behavior taking place on an employee’s device, network or applications. In addition to the obvious security benefits, these insights can be used to improve worker productivity, reduce the number of help-desk tickets and generally bring down the time needed for issue resolution.
Zero trust
Similarly, tackling other concerns raised in the MSI report, such as ransomware, leaky apps and password snooping, Verizon recommends the “trust no one” approach of a zero-trust network access (ZTNA) solution. Using ZTNA, workers are denied access to a resource or application until their identity can be verified and the request is proven risk-free. This can be done through an analysis of the device, its location, network and other factors. Even if an attacker were able to exfiltrate a particular resource or app, lateral movement throughout the network is contained, keeping everything else hidden. This is similar to a burglar successfully bashing down the front door of a home, but not being able to go further than the entry.
Although widespread adoption of ZTNA is still in its infancy, NetMotion’s survey found that 80% of organizations reported a desire to evaluate ZTNA as a result of the events of 2020. Verizon also recommended the adoption of secure access service edge, or SASE, a framework that integrates various security and network technologies “into a single, distributed, cloud-centric solution that protects all traffic, applications and users.”[2] This would give organizations the flexibility and security they need wherever employees are working, without having to reconfigure existing on-premise infrastructure. SASE caters especially well to decentralized, highly agile and distributed workforces; something that remains particularly relevant as we come out of the pandemic.
Security, but not at the cost of employee experience
Data security and integrity are areas where organizations simply cannot afford to compromise. Yet, with 78% of survey respondents indicating that they expect a large percentage of employees to continue working from home even after COVID-19 restrictions are lifted[3], the ability to enable a “work-from-anywhere” experience for employees needs to remain a close second in line of priorities for IT teams. Consider this: NetMotion found that 89% of distributed workers have encountered connectivity issues or poor user experience during the lockdown.
For decades, companies have resisted allowing employees to work from home because of a fear that productivity may suffer. However, Verizon found that 60% of employees working remotely were just as productive as they had been on-site, and 1 in 5 reported that employee productivity was significantly higher. It is clear that organizations need to enable a reliable, always-on connection that actively improves the employee experience so that workers can stay online and productive, anytime from anywhere.
Wrapping up
The not-surprising fact is that the use of mobile devices in the workplace is continuing to grow. In order to keep up, organizations need to continue their own digital transformation, prioritizing the security and productivity of their employees, even when the world feels like it’s at a standstill. Enhancing (or even starting) the mobile security journey by learning about the benefits of DEM, ZTNA and SASE is a great way to start planning for the future. Success depends on everyone being involved – from the leadership team to the IT and security teams, as well as each individual employee.
Click here to download the full report and make sure to tweet @VerizonBusiness with the #MSI2021 to provide your feedback and what you’d like to see in the next report.
Continue reading…
- Ransomware – the scourge of our times
- Creating a Cyber Security Culture with former Arsenal F.C IT Director, Christelle Heikkila
- Demand for ZTNA continues its upward trajectory in 2022
- What does “cyber resilience” mean to Legal IT?
- Where are you on the machine learning and artificial intelligence roadmap?
