Verizon’s Latest Survey Highlights Rising Risks from Mobile and IoT Devices in Corporate Environments

In a recently published survey conducted by Verizon, 600 security professionals responsible for information security across various organizations shared their insights on the evolving landscape of mobile and IoT (Internet of Things) device usage. The survey, carried out in April 2024 and published in July 2024, sheds light on the growing reliance on mobile devices and IoT systems and the corresponding increase in security risks.

The Evolution of Mobile Device Usage

Since the introduction of smartphones in 2007, mobile devices have rapidly become an integral part of both our personal and professional lives. The COVID-19 pandemic further accelerated this trend, as mobile devices became essential tools for remote access to work resources.

Today, the ecosystem of mobile devices extends beyond traditional smartphones and tablets to include a wide array of IoT devices and control systems. These devices not only facilitate remote work but also contribute to operational efficiency within organizations. However, with this expanded functionality comes a broader and more complex security risk landscape.

The Growing Dependence on Mobile and IoT Devices

Despite a partial return to office work in some companies, the use of remote connections continues to rise. This flexibility is highly valued by both employees and employers. According to the Verizon survey, 62% of organizational network access during the survey period was conducted via mobile devices.

The adoption of IoT devices as a tool for organizational efficiency is becoming a game-changer in both operational and security domains. While the reliance on mobile devices for network access has remained relatively stable, the use of IoT equipment has seen a sharp increase in recent years. Almost every organization now employs IoT devices for various purposes, ranging from payment terminals and HVAC systems to energy management and production processes. This trend is particularly pronounced in critical systems, where 96% of organizations reported using IoT-based equipment.

Rising Security Concerns

Over the years, Verizon’s reports have highlighted a significant increase in the perceived risks associated with mobile and IoT devices. In 2018, only 30% of respondents considered these devices to be a high-security risk. By the most recent survey, this number had nearly doubled, with 58% of respondents viewing them as highly risky. Furthermore, 85% of respondents agreed that the risk has increased over time.

The year 2023 set new records for the number of attacks on mobile devices, with vulnerabilities ranging from technical weaknesses to data collection by various applications. In this year alone, 75% of organizations reported experiencing phishing attempts. Not only has the frequency of attacks increased, but so has their success rate; in roughly one-third of mobile phishing attacks, the attacker successfully achieved their goal.

Aaron Cockerill, CEO of Lookout, noted that as organizations shift their data storage to cloud-based assets, attackers are also adapting their methods. Approximately 25% of corporate users clicked on unsafe links in the past year, with credential theft becoming the new key to gaining unauthorized access to organizational assets.

The Need for Improved Security Measures

The increasing number of mobile devices under attacker control and the rising importance of endpoint security, due to changing data storage practices, are elevating the overall risk level in this domain. Device compromise and theft now lead to the immediate loss of relevant corporate data, whether stored on the device itself, accessible via remote connections, or housed in cloud-based data repositories.

Despite these growing threats, many organizations struggle to implement adequate security measures for mobile devices. The survey revealed that 25% of organizations admit that at least one of their employees’ mobile devices is not protected by a screen lock.

Conclusion

The proliferation of mobile and IoT devices in corporate environments is significantly increasing overall organizational risk. Existing security measures are often applied partially, and in some cases, organizations fail to implement the necessary protections in light of rapid technological advancements. Training employees to handle these emerging threats effectively could be the key to creating a resilient security system, despite the various risks inherent in this field. Reach out to build your employee readiness against the cyber threats today. Contact us here.