Mobile Security Risk: How to Explain It’s Real, Then Mitigate It
The cybersecurity environment seems to become more complex, interconnected, and dangerous by the day. At the same time, our workforce is more distributed, with more remote and mobile workers than ever before. Yet even as we acknowledge these trends, many organizations still haven’t modernized their mobile policies to keep up with increasingly frequent and sophisticated threats.
It’s a recipe for disaster, and many organizations have already paid a hefty price, with more to follow.
Given the demands for remote and mobile access to sensitive and regulated data, the risk to organizations is growing exponentially. It underscores a critical need to include mobile endpoints in our overall cybersecurity strategies — because more and more, that’s where the data resides.
One reason this fails to happen in many organizations could be that we seldom see big headlines proclaiming breaches perpetrated via mobile. That doesn’t mean they are not occurring. In fact, when credentials are stolen from a phone and then used to access cloud resources or VPNs, for example, news reports typically don’t mention that the initial breach occurred on a mobile device. This lulls many into a false sense of security, and a mistaken belief that their mobile devices aren’t actively being targeted by threat actors.
The reality is significantly different from the perception, and that mismatch accounts for alarming gaps in the cybersecurity posture of many organizations.
Mobile Security Statistics: The Threat is Real
As proof that mobile security is worthy of serious consideration by organizations, we analyzed recent industry reports for statistics on mobile security and related cyberthreats. The data points below come from a variety of sources including Verizon’s 2022 Mobile Security Index and Data Breach Investigation Report (DBIR), and BlackBerry’s own Mobile Security eBook, our definitive guide to mobile security. The numbers reveal a significant and growing risk from mobile devices connected to corporate environments.
- In an analysis of more than 23,000 incidents, 58% of mobile devices clicked at least one malicious URL, and 16% had at least one malware or riskware app installed.
- Nearly six-in-ten (59%) of CIOs and leaders responsible for risk and compliance report that the number of data breaches caused by mobile devices increased in the past year.
- An even greater number (61%) admit that their organizations continue to miscalculate or underestimate the risk caused by mobile.
- A significant number of organizations (45%) reported a recent mobile-related compromise.
- The vast majority (73%) of organizations impacted by a mobile-related breach described it as “major.”
All this points to the conclusion that organizations — even those that are otherwise very conscientious about security — are failing to adequately address mobile security.
At an individual level, employees have been conditioned by years of cybersecurity awareness and best practice programs to acknowledge, recognize and avoid potential dangers involving conventional IT assets and endpoint devices. That level of training frequently omits how cyberthreats may present on a mobile device. In fact, the user interface of most mobile devices actually inhibits some of these “cyber hygiene” best practices. For example, on a laptop or desktop, a user can typically inspect a link by hovering over it with their mouse before they click on it. A similar action is often significantly harder to accomplish on a mobile device.
Closing the Mobile Security Gap with Security-Focused UEM
CIOs and CISOs need secure ways to enable their workforces across various devices and endpoint management models. Options for mobile security that align with an organization's overall cybersecurity strategy and mobile initiatives can enable a more productive collaboration between cyber, IT, and mobile teams, focusing efforts toward achieving business goals.
This is why more organizations turn to unified endpoint management (UEM) focused on security, with dedicated work-data isolation and containerization; to add a security layer between their sensitive work data and everything else on the device, as well as to speed mobilization and enhance productivity by enabling each stakeholder; cyber, IT, and mobile teams to focus on what they do best. BlackBerry® UEM, recognized by Gartner as the 2023 customers’ choice for UEM tools, is built on this premise. After years spent helping customers secure their organizations, our customers have taught us what they value most in a UEM offering. In my next blog, I will share what we’ve learned.