-
Mobile security is the key to unlocking the potential of your cloud, internet and IoT.
Are you ready?
Foreword
The theme of this year’s Mobile Security Index (MSI) is innovation. Mobile connectivity is enabling entirely new customer and employee experiences, and transforming business across all sectors. As you’d expect, we investigate 5G and the impact that that’s going to have. And we look at IoT devices, most of which are connected using cellular or mobile WAN technologies, like CAT-M1 and Narrowband Internet of Things (NB-IoT).
We also look at how apps and data in the cloud are giving mobile devices increased capabilities, empowering users and becoming critical to operations. In fact, when we asked our survey respondents to rate how crucial mobile is to their business on a 10-point scale, 83% answered 8 or higher.
But that’s just the beginning of the story. Unfortunately, it’s not just network operators and device manufacturers that are innovating. We also explore the recurring theme of attackers getting more creative. This “mal-innovation”—from novel ways to exploit vulnerabilities to new ways to monetize attacks—is making protecting mobile devices, and all the data and resources they connect to, an ongoing challenge for business.
Mobile security is not a new issue, but the stakes are getting higher. The scale of regulatory penalties is growing, and customers—consumers, businesses and public-sector organizations—are becoming more sensitive to the issue. In the past, many people saw little difference between the approaches of the companies pursuing their business—from banks to retailers—and so it didn’t sway their loyalty. That’s changing, and many companies are responding by making security and data privacy central to their value proposition. We found that 84% of companies think that data privacy will be a key brand differentiator in the future.
Unfortunately, many companies only get cybersecurity right after things go wrong. We found that 43% of companies that had suffered a compromise were planning to increase their mobile security spend in the coming year, compared to 17% of those that hadn’t been compromised.
Keeping ahead of bad actors and mal-innovation to deliver the experiences that consumers and employees expect is an ongoing challenge. Doing so successfully isn’t just about the tools that you use; it’s also vital to have an approach that puts mobile security right at the heart of your IT strategy.
Read on to find out more about the current mobile security environment and understand the risks. With this insight, you’ll be in a better position to strengthen your mobile security as your digital transformation journey unfolds.
-
MethodologyTo help you assess your own mobile security environment and calibrate your defenses, we’ve produced this third annual Verizon Mobile Security Index. To produce it, we worked with Asavie, IBM, Lookout, MobileIron, NetMotion, Netskope, Symantec, VMware and Wandera, all leaders in mobile device security. They provided additional information, including incident and usage data. To add to this, we commissioned an independent survey of 876 professionals responsible for the buying, managing and security of mobile and Internet of Things (IoT) devices. The Federal Bureau of Investigation (FBI) and the United States Secret Service also provided valuable input. We’d like to thank all our contributors for helping us to present a more complete picture of the threats impacting mobile devices and what is being done to mitigate them.
-
Terminology
Throughout this report, when we refer to companies, businesses or organizations, we include both public- and private-sector entities of all sizes. We use the term “enterprise” to refer to organizations with 500 or more employees and “small and medium-sized businesses” (SMBs) for those with fewer.
Security terms like “attack” and “breach” are often used Interchangeably. For clarity and precision, we have used the following definitions throughout this report:
Attack: A general term covering any deliberate action toward a system or data that is unauthorized. This may be as simple as attempting to access it without permission.
Compromise: A successful attack that results in a system’s defenses being rendered ineffective. This could involve data loss, downtime, other systems being affected or no detrimental effects at all. It could be malicious or accidental.
Data breach: An incident that results in the confirmed disclosure—not just potential exposure—of data to an unauthorized party.
Exploit: A definition, often in the form of a script or code, of a method to successfully leverage one or more vulnerabilities to access a system without proper authorization.
Incident: This covers any form of security event, malicious or not, successful or not. This might be anything from the logging of a failed authentication attempt to a successful compromise and data breach. It also includes nonmalicious events such as the loss of a device.
Risk: A measure of the likelihood of a threat, an organization’s vulnerability to said event and the scale of the potential damage.
Threat: Any danger that could impact the security of systems or privacy or data. This can apply to a technique, such as phishing, or an actor, such as organized crime.
Vulnerability: A weakness that could be exploited. It may be known or unknown—to the manufacturer, developer, owner or world.
Services and/or features are not available in all countries/locations, and may be procured from in-country providers in select countries. We continue to expand our service availability around the world. Please consult your Verizon representative for service availability. Contact us.