Once again this year, we were honored to contribute to the Verizon Mobile Security Index (MSI) 2022, providing expert insights, research analysis, and real-world data. Now in its fifth year, the annual report is based on a survey of over 600 people responsible for security strategy, policy, and management, and aims to help security professionals like CISOs assess their organization’s mobile security environment and calibrate their defenses by providing unique insights into the current mobile threat landscape.
This year’s report reveals an unprecedented increase in mobile attacks and losses in 2021, as well as increased challenges for enterprises managing a mix of remote, home, hybrid, and office-based employees to keep them secure in the work-from-anywhere era.
Below are some key findings from the Verizon Mobile Security Index 2022, supported by Proofpoint research.
Employee awareness of mobile-related threats has never been more critical
From coordinated state-sponsored campaigns to unfocused, opportunistic criminal exploits, the volume of attacks is going up. The 2022 Verizon MSI revealed that 45% of respondents said that their organization had been subject to a security incident involving a mobile device that led to data loss, downtime, or another negative outcome. And of those respondents, 73% described the attack as major, and over two-fifths (42%) said that the attack had lasting repercussions.
With more employees working on the go, email continues to be the number one threat vector. Our 2022 State of the Phish report found that 83% of organizations experienced a successful email-based phishing attack in which a user was tricked into carrying out risky activities, such as clicking a bad link, downloading malware, providing credentials, or executing a wire transfer.
Educating employees on the types of threats they may face has never been more important and end-user awareness programs can bring huge rewards, reducing successful phishing attacks and malware infections by up to 90%.
Changing working practices present many cybersecurity challenges
According to our 2022 State of the Phish report, 68% of people have started working from home either full-time or some of the time. And while IT organizations did a stellar job at enabling millions of people to work from home on short notice, managing a mix of remote, home, hybrid, and office-based employees has brought new challenges. The 2022 Verizon MSI report found that (79%) of respondents agreed that recent changes to working practices had adversely affected their organization’s cybersecurity.
These findings align with our 2022 Voice of the CISO report: over half of CISOs across all regions agree that targeted attacks on their organizations have increased since adopting mass hybrid working. Small organizations seem more affected, with 59% of companies with 500 or fewer employees saying their workforce has been targeted more since they implemented hybrid working. At the other end of the scale, only 48% of enterprises (5,000 employees and above) agree.
Increased reliance on mobile devices to access data and critical systems increases cyber risk
The 2022 Verizon MSI report found that 58% of respondents said they have more users using mobile devices for work purposes than 12 months ago and 53% said that mobile devices have access to more sensitive data than a year ago. This means that the compromise of a mobile device can now pose a significant risk to customer data, intellectual property, and core systems.
Remote working is blurring the lines between home and work life and this is particularly true when it comes to mobile usage: our 2022 State of the Phish report found that 79% of people admitted to using a work device for a personal task, such as checking personal email, shopping or streaming.
If you are interested in exploring mobile attack trends by industry and sector, watch this webinar for a deep dive into the report’s findings on the procurement, management, and security of mobile devices by vertical.