More to do. More that can be done.
Please provide the information below to view the online Mobile Security Index Report.
Thank you.
You will soon receive an email with a link to confirm your access, or follow the link below.
Thank you.
You may now close this message and continue to your article.
- 2024
- Introduction
- Modern work, enabled by mobile
- IoT—everything, everywhere, all at once
- IoT use is especially high in critical infrastructure sectors
- IoT security risks: Amplified in critical infrastructure sectors
- All sectors perceive increased mobile and IoT risk
- Breach risks and impacts are high, especially in critical infrastructure
- Shadow IT: A looming security challenge
- Emerging AI cyberthreats meet new AI defenses
- The disconnect between perceived and actual mobile security
- Critical infrastructure sectors have specific considerations
- Mobile security awareness and solution investments are rising
- IoT security is also making strides
- But IoT security gaps remain
- More to do. More that can be done.
- The call to arms: Move faster
- Appendices
- Contributors
- Download the full report
Going forward, organizations need to take mobile security more seriously. The targeting of critical infrastructure, expanding use of IoT, emerging AI threats and other security drivers are relentlessly hammering organizations and spurring a new reckoning between executive leaders and security teams.
Another driver behind the need for improved mobile security is 5G, which is here and expanding rapidly. 5G networks are faster and more capable than ever before, encouraging people to use their mobile devices—and cellular data—for more tasks, more often. Within organizations of all types, this is likely to accelerate mobile and IoT deployment, ushering in a wide array of new uses and further enlarging the cybersecurity attack surface.
68%
of Verizon customers have 5G capable cell phones, up from 24% one year ago.30
56%
of data traffic runs over 4G services, compared with 81% one year ago.31
Set security goals.
The designed-in security capabilities of 5G services are superior to those of 2G, 3G and 4G networks, with advances such as mutual authentication, improved subscriber identity protection and an inter-network security gateway. Still, 5G networks are open, and additional controls and protections must be implemented to protect mobile and IoT devices in enterprise environments.
Setting purposeful objectives is essential, but those goals may be even more critical for mobile security, where accelerated IoT growth, for example, is outpacing security coverage in most organizations.
Respondents are investing in mobile security to achieve the following objectives:
59%
are increasing the security of end user activities.
56%
are integrating security management of phones, tablets and laptops.
48%
are enabling new services for remote workers.
47%
are reducing the burden on IT (for instance, by automating tasks).
45%
are reducing inconvenience to users and increasing productivity.
Using industry standard frameworks
The vast majority of respondents (84%) have adopted or are considering adopting a cybersecurity framework. This move helps ensure that all departments and stakeholders are on the same page when it comes to adhering to industry-wide best practices and standards. Approximately half (49%) of organizations are already using a secure service edge (SSE) framework, while 50% are using a secure access service edge (SASE) framework. More than two in five (44%) are currently considering SSE, with a slightly smaller percentage (42%) considering SASE. Both of these frameworks are converged approaches that bring cloud-native security technologies together into an integrated architecture to eliminate holes in protection and improve any organization’s security posture.
Zero trust and the NIST CSF 2.0 are not yet widely adopted, but many organizations (45% and 48%, respectively) are considering each of them. However, a noteworthy minority of respondents say they’ve rejected or haven’t given thought to the frameworks (16% for zero trust, 14% for the NIST CSF 2.0), revealing a trove of best practices and informational support that are not being taken advantage of.
83%
of global organizations are planning to implement a converged security solution extending comprehensive security measures across services, networks and platforms.32
The impact of compliance requirements
Regulatory requirements are another driver of mobile security investments. The two regulations to which the largest number of respondents are subject are the Department of Defense-aligned Cybersecurity Maturing Model Certification (CMMC) and Europe’s General Data Protection Regulation (GDPR).
With CMMC 2.0 set to become a Final Rule in early 2025, a large number of defense contractors and subcontractors will need to improve their processes and controls to become audit-ready in the near future. At the same time, fines imposed for GDPR violations continue to rise, with approximately €2.1 billion in fines imposed in 2023 alone, which is more than all GDPR fines imposed in 2019, 2020 and 2021 combined.33
Another European framework, NIS2, will require critical infrastructure organizations to demonstrate specific cybersecurity protections and capabilities in the months and years ahead. The growing awareness of common risks and threats to critical infrastructure organizations, as well as government mandates to achieve an effective baseline of protection, can help accelerate cybersecurity best practices worldwide and lead to better defenses that combat rising threats to global citizenry.
In the not-too-distant future, the Securities and Exchange Commission’s material incident disclosure requirement will likely have a significant impact as well.34
As companies expand mobile and IoT connectivity, they’ll need to embrace security standards that empower them to reap technological benefits without opening their organizations to security vulnerabilities that threaten operations and potentially even their livelihoods.
89%
of respondents agree organizations need to take mobile device security more seriously.
30 Verizon News Center, Massive, multi-year transformation of Verizon’s network yields major benefits for customers, 2023.
31 Ibid.
32 Allot, Convergence Survey, 2023.
33 CMS, GDPR Enforcement Tracker Report, 2024.
34 US Securities and Exchange Commission, Statement: Cybersecurity Disclosure, 2023.