Waves of professionals have continued telecommuting to their offices since the end of the covid pandemic, opening new gaps in companies’ cybersecurity defenses as they connect to their companies through collections of private and mobile devices, according to a report from Verizon Business.
The trend has led over half of all companies (62%) to report that they have experienced a breach that was at least partially attributable to remote working in the past three years, the firm said in its “2023 Mobile Security Index” (MSI) report. This year’s report is the sixth publication, and includes insights from Verizon’s partners Akamai, Fortinet, Lookout, Allot, IBM, Proofpoint, Check Point, and Ivanti.
Reliance on multiple mobile devices compounded by the multitasking that often comes with mobile use is an ultimate threat for organizations, Verizon said. Bring-your-own-device (BYOD) policies, hybrid working, and the proliferation of Internet of Things (IoT) have multiplied the scale and complexity of protecting endpoints.
That helps explain why over a third (34%) of users have fallen for one of the five following basic security errors:
- Clicking a phishing link (18%)
- Downloading malware from smish (SMS phishing) (13%)
- Downloading malware generally (11%)
- Giving personal information to a scammer (9%)
- Giving a password to an untrustworthy source (8%)
“A lack of understanding of the potential consequences combined with the blurring of boundaries between home and work make a dangerous combination,” Mike Caralis, Vice President of Business Markets at Verizon Business, said in a release. “Cyber crime is getting more sophisticated by the years, and it doesn’t always come in the form that you’d expect.”
One example of that is the recent growth of generative artificial intelligence (gen AI) which has quickly proven to be a cybersecurity challenge. According to Verizon, anyone with internet access can create a “deep fake” image or video that makes their phishing attacks even more effective.
The widespread use of mobile devices such as smartphones and laptops is a particular weakness. For example, users are 6-10 times more likely to fall victim to an SMS (text-based) phishing attack than an email attack, and 90% of successful cyberattacks and as many as 70% of successful data breaches originate at endpoint devices.
Mobile devices are especially vulnerable because they rely on public wi-fi points to connect to computer networks, Verizon said. The vast majority (90%) of remote workers access corporate resources from locations other than their home—the average is five different locations—exposing the organization to additional security risks.
