As the world rapidly adapts to working remotely and virtual learning, the importance of communicating cybersecurity best practices while using mobile devices is more important than ever before.
Given the unfortunate impact of COVID-19, the release of the Third Annual Mobile Security Index is timely. The survey included more than 850 respondents, comprised of cybersecurity professionals from enterprises across various industry sectors, including financial services, healthcare, manufacturing, public sector, retail, and small and medium businesses.
According to Dave Grady, Cybersecurity Evangelist at Verizon, “Enterprise businesses now run in your pocket and the perception that mobile devices are immune or less likely to be attacked has really gone away.” These circumstances are forcing companies to rethink their approach to corporate innovation strategy. “You have to think about security first, when you are designing business processes that [integrate with] or depend on mobile devices.”
In addition to the survey, Verizon brought together a first-class group of partners who specialize in different aspects of mobile security and connectivity to obtain a temperature check of multiple aspects of mobile connectivity. Grady continues, “The ability to serve customers depends on the availability and security of these devices…the security of the mobile landscape has changed because it’s not just the phone in your pocket and your laptop at home, but it’s also the security of the Internet of Things (IoT) that all require mobile connectivity and cybersecurity.”
As technology has evolved, and enterprises increasingly rely on mobile solutions for communications, storing sensitive data, and day-to-day operations, the attack vectors exploited by malicious cybercriminals are becoming more advanced. “The bad guys can go to YouTube, they find a speech from an executive, then use A.I. to create a deep fake,” Grady continues. “They call on the phone [using the deep fake to impersonate a company CFO] and I think it’s the CFO, and I transfer the money. It sounds ridiculous, but it happens!”
In the past few months, as the shutdown has forced companies to migrate to a Remote Workforce model, there has been a spike in mobile device hacks. “A lot of social engineering, a lot of phishing via SMS is still happening through mobile apps,” Grady says. “The bad guys are going after people with interactive apps that purport to track the [Covid19] outbreak, but they’re actually delivering malware.” The malicious cybercriminals of the world have adapted quickly to exploit the current pandemic crisis. As Grady puts it, “Many companies have sent their people home, creating more reliance on mobile connectivity, and the bad guys have pivoted very quickly.”
Verizon is employing a number of integrated solutions to address the burgeoning threats to businesses stemming from the mass migration to mobile dependency. They have a collaborative initiative with Cisco, called DNS Safeguard to prevent unauthorized redirection in a web browser. “Another big area [of focus] right now is creating smarter endpoint detection and response tools,” Grady continues. “Traditional endpoint protection relies on known signatures. Now, we’re moving into more A.I.-based and machine learning-based endpoint tools that can detect [threats] on endpoints that include all devices.”
The health crisis changed the way the world conducts business, and there is a shift underway in how mobile devices are managed within enterprises. “It used to be that mobile devices were managed by a purchasing team or an operations team – it was treated more like a commodity, like a rental car,” according to Grady. “We’re starting to see more organizations realize that these mobile devices are our infrastructure. So, between the IT folks and the Security folks, they’re working to get more visibility in the risks that those devices bring to the organization.”
The Verizon report exposes some major concerns regarding vulnerabilities in the private sector, primarily due to companies cutting corners on mobile security because they lack the resources and/or expertise to effectively address them. “Many organizations are realizing that there’s a global shortage of [cybersecurity] talent right now in the U.S.,” Grady says. “There are an estimated 500,000 unfilled jobs in security. They’re very expensive to find and very expensive to keep.”
As a result, many companies are looking to outsource security management. However, effective and efficient outsourcing of critical business protection services requires strategic assessment and realistic appraisal of what vulnerabilities a company actually needs to focus on. “What we’re trying to do is not just help organizations ‘keep the lights on’ from a security perspective, but also help them assess and evaluate where they want to go, and help them get there,” Grady says. “We are helping our customers focus on things that are more likely to happen to them, and that are more important to them, either from a regulatory perspective or based on their risk profile.”
In order to ensure that the Security Index report was pragmatic and practical, Verizon structured the analysis based on industry sectors of the economy. “Different industries have very different attack surfaces and risk profiles!” according to Grady. “We broke it down by industry because that’s [the most] helpful for practitioners in those sectors to act quickly on the advice and the insights in those reports.”
To be sure, in these times of rapid change and uncertainty, it is encouraging to witness the plethora of innovation and adaptation happening in the business world. Verizon is leading the way, to ensure that increased enterprise reliance on mobile devices does not translate to a proportionate increase in malevolent cyber attacks. “We’re at the crossroads, with 5G, and mobile devices, and all these Next Generation technologies, where these solutions companies [should] join up,” Grady concludes, “and make sure that as businesses innovate, they have security oversight to ensure they don’t create problems when they thought they were creating opportunities.”
Gary Berman, Cybersecurity Reporter
Gary Berman is a contributing reporter for Cyber Defense Magazine. He was the victim of a series of insider hacks for several years until he made the pivot from victim to advocate. He is creator and CEO of The CyberHero Adventures: Defenders of the Digital Universe, a groundbreaking comic series that distills complex cybersecurity information into entertaining and educational superhero stories, making cyber hygiene accessible for non-technical people.
Olivier Vallez, JD, MBA – Lead Writer/Cybersecurity Reporter
Olivier Vallez is a contributing writer for Cyber Defense Magazine, covering various cybersecurity topics and events. He is the Head of Business Development at The CyberHero Adventures: Defenders of the Digital Universe, a groundbreaking comic platform that distills complex cybersecurity information into a fun and engaging superhero stories and makes cyber hygiene easy-to-understand for non-technical people.