For businesses of all sizes and in every industry, remote employment is the new normal. The cybersecurity landscape has transformed with the adoption of phrases such as Zero Trust and Secure Services Edge as the majority of employees increasingly execute their job activities outside of their local office's technology ecosystem (SSE). Organizations have undergone significant transformations to fit this new landscape, allowing workers to work from anywhere, on any device, and often at the sacrifice of data security. As a result, there has been a paradigm change, demonstrating that employees are becoming increasingly reliant on their smartphones and tablets, which have collectively become the new epicentre of endpoint security.
The remote work environment is characterised by a high level of reliance on mobile devices. The new reality of mixed work is littered with anecdotes. Workers using personal tablets to view sensitive data via SaaS programmes, or taking a business Zoom conversation while waiting in the school pickup line, are just a few examples. The overwhelming propensity to use whatever equipment is available to achieve the work at hand has been a constant in each of these cases. Given the widespread usage of non-traditional endpoints to send email, edit spreadsheets, update CRMs, and create presentations, it's only natural that bad actors have shifted their attacks to mobile.
Although the experience paradigm shifted swiftly with the advent of remote work, most customers' perception of mobile devices as a danger vector has taken longer. According to Gartner, just 30% of enterprise clients are now using a mobile threat detection solution. Many businesses still believe that their UEM solution provides adequate protection or that iOS devices are already secure. Customers' most startling feedback suggests that they have never encountered attacks on mobile before, thus they have no need to be concerned. Given this perspective, it's no wonder that mobile has become the key attack vector and access point for hackers harvesting user credentials.
In the third quarter of 2021, 16.1% of enterprise devices worldwide encountered one (or more) phishing or malicious URLs.
In 3Q2021, 51.2 percent of personal devices worldwide encountered one (or more) phishing or malicious URLs.
Many organisations, regardless of size or industry, have a naiveté about mobile devices, believing they don't pose a substantial danger and hence don't need to be considered in their data security and compliance strategy. When it comes to protecting sensitive data on mobile devices, this error highlights two distinct tenants that must be addressed.
Most businesses would not offer a laptop to an employee without some form of anti-virus or anti-malware protection, but most mobile devices do not have such protections. The main reason for this is because businesses believe mobile device management and mobile endpoint security are the same thing. While device management systems can lock or wipe a device, they lack the vast majority of features required to detect threats proactively. Device management falls far short of delivering the necessary capabilities for true mobile security without visibility into threats like mobile phishing, rogue network connections, or advanced surveillanceware like Pegasus.
If you would like to learn more or are interested in a Mobile Security Risk Assessment to provide visibility into the threat landscape of your existing mobile fleet, please click here or contact your local AT&T sales team.