“The pandemic caused a global shift in the way organizations operate … While businesses focused their efforts elsewhere, cybercriminals saw a wealth of new opportunities to strike,” Verizon Business Chief Revenue Officer Sampath Sowmyanarayan said in a statement. “With the rise of the remote workforce and the spike in mobile device usage, the threat landscape changed, which for organizations means there is a greater need to hone in on mobile security.”
Employees are increasingly using mobile devices for key work purposes — maybe checking a text from their boss on their smartwatch while on a morning walk or updating a spreadsheet on their phone while waiting for a Peloton class to start.
While cybersecurity risks can take many forms, mobile devices present unique challenges. Phishing attacks may be more successful on mobile devices, because the smaller screen can make it harder to notice malicious emails or websites designed to imitate legitimate ones. Mobile devices are also easier to lose or have stolen than, say, a laptop, which in turn could lead to loss of critical data and productivity.
More than one in five companies surveyed said their mobile-device security was compromised, involving the loss of data or operations disruptions in the preceding year. And two thirds of respondents said that mobile device-related risks increased in the past year.
“Companies are still failing on the basics,” the report said, which include such simple protections as encrypting sensitive data across open, public networks and restricting access to data on a “need-to-know” basis.
Bad guys get smarter
And even as companies scramble to improve their cybersecurity practices, bad actors are upping their own games.
“[Cybercriminals] are getting increasingly creative at finding new ways to fool users, break through companies’ defenses and compromise organizations’ systems and cloud-based apps,” the report states. Mobile phishing attempts, for example, increased by 364% in 2020 compared to the prior year.
There are a range of steps companies can take to protect themselves, and many services available to help with this. But some firms just need to start with the basics: Nearly half of companies don’t give employees regular training on mobile-device security, according to the Verizon report.
“Teach your employees how to spot signs of phishing—being suspicious is good,” it states. That should include checking that email addresses match who they purport to be coming from, watching out for misspelled links in emails and being suspicious of incoming phone calls from unfamiliar numbers.
“And, of course, it should be a rule to never supply login credentials or personally identifiable information in response to any emails or calls,” the report states.