Verizon Business sees escalating risks in mobile and IoT security

Verizon Business released its 2024 Mobile Security Index (MSI) report outlining the top threats to mobile and IoT device security. This year’s report, in its seventh iteration, goes beyond employee-level mobile usage and extends into the usage of IoT devices and sensors and the security concerns the growth of these devices can present especially as remote work continues to be a trend. This expanded view of mobile security concerns for organizations showcases the evolving threat landscape that CIOs and other IT decision makers must contend with.

This annual report surveyed 600 people responsible for security strategy, as well as employee-level mobile usage, the report looked at the use of IoT devices and sensors and the security concerns that come with them as remote work continues to be a trend.

Highlights:

  • 80% of responding organizations consider mobile devices critical to their operations, while 95% are actively using IoT devices.
  • 96% of critical infrastructure respondents use IoT devices, with % having experienced a significant mobile or IoT device-related security incident.
  • 77% of respondents anticipate that AI-assisted attacks, such as deep fakes and SMS phishing, are likely to succeed.

Employees are using more mobile and IoT devices, leading to increased cyber risks

The survey finds that 80% of respondents consider mobile devices critical to their operations, while 95% are actively using IoT devices. However, this heavy reliance comes with significant security concerns. In critical infrastructure sectors, where 96% of respondents report using IoT devices, more than half state that they have experienced severe security incidents that led to data loss or system downtime.

“These findings highlight the continued friction that employers face as more and more work is done on personal mobile devices,” said Phil Hochmuth Research VP, enterprise mobility at IDC. “This is why we are seeing more and more employers move from a pure bring-your-own-device model to employer provided devices where CIO’s can have greater governance to protect critical infrastructure from cyber attacks.”

Additionally, Hochmuth says, organizations should adopt robust frameworks such as Zero Trust and the National Institute of Standards and Technology’s Cybersecurity Framework (NIST CSF) 2.0, and comply with mandates like the European Union’s NIS2 Directive.

Emerging AI cyberthreats meet new AI defenses

Emerging artificial intelligence (AI) technologies are expected to exacerbate the mobile threat landscape, but it also presents opportunities for defense. A striking 77% of respondents anticipate that AI-assisted attacks, such as deepfakes and SMS phishing, are likely to succeed. At the same time, 88% of critical infrastructure respondents acknowledge the growing importance of AI-assisted cybersecurity solutions.

Accounting for IoT growth in cybersecurity planning

With companies increasingly deploying IoT devices, their digital landscapes are evolving, creating a need for cybersecurity strategies to evolve in kind.

“The Industrial Internet of Things (IIoT) is giving rise to a massive expansion in mobile device technology that goes well beyond phones, tablets and laptops. Enterprise networks now include all sorts of sensors and purpose-built devices that monitor, measure, manage and control commercial tasks and data flow,” said TJ Fox, SVP of Industrial IoT and Automotive, Verizon Business. “That IIoT growth brings with it a proportionate need for more knowledge, awareness and IT solutioning to ensure the security of those increasingly sophisticated networks. The growing importance that IoT plays in our customer’s technology ecosystem underscores why it should be a component in any sound cybersecurity program.”

What business leaders should know

The 2024 MSI helps inform cybersecurity decisions for leaders of businesses of all sizes and in key sectors. As mobile and IoT threats rise, the need for robust security measures has never been greater. In response to these growing threats, 84% of respondents have increased their mobile device security spending over the past year, with 89% of critical infrastructure respondents planning further increases.

This year’s MSI includes contributions from Verizon’s partners including Ivanti, Lookout, Jamf among others.  Help your organization lower cyber risks by deploying comprehensive security protections, continuous employee education and advanced threat detection capabilities.

……………………………………………………………………………………………………………………………………….

Quotes:

Phil Hochmuth Research VP at IDC said: “These findings highlight the continued friction that employers face as more and more work is done on personal mobile devices. This is why we are seeing more and more employers move from a pure bring-your-own-device model to employer-provided devices where CIOs can have greater governance to protect critical infrastructure from cyber attacks.”

TJ Fox, SVP of Industrial IoT and Automotive, Verizon Business added: “The Industrial Internet of Things (IIoT) is giving rise to a massive expansion in mobile device technology that goes well beyond phones, tablets and laptops. Enterprise networks now include all sorts of sensors and purpose-built devices that monitor, measure, manage and control commercial tasks and data flow.

“That IIoT growth brings with it a proportionate need for more knowledge, awareness and IT solutions to ensure the security of those increasingly sophisticated networks. The growing importance that IoT plays in our customer’s technology ecosystem underscores why it should be a component in any sound cybersecurity program.”

References:

https://www.verizon.com/about/news/verizon-business-2024-mobile-security-index-risks-mobile-iot-security

Verizon Business 2024 Mobile Security Index

https://www.telecoms.com/security/verizon-warns-of-escalating-risks-in-mobile-and-iot-security

IEEE/SCU SoE Virtual Event: May 26, 2022- Critical Cybersecurity Issues for Cellular Networks (3G/4G, 5G), IoT, and Cloud Resident Data Centers

IoT Sensor Standards Are Absolutely Essential for Security

IoT Disappoints: Security, Connectivity and Device Onboarding Cited as Top Challenges

U.S. Tech Trade Groups call for industry-led telecom security standards

A coalition of nine telecom industry trade groups have called on the U.S. government to avoid imposing new security standards on the sector. While acknowledging the growing number of security threats, they said the government should uphold the history of industry-led technical standards in order to best address the issue.

The letter to the secretaries of Homeland Security (Alejandro Mayorkas) and Department of Commerce (Gina Raimond0) was signed by the Telecom Industry Association (TIA), Competitive Carriers Association (CCA), Consumer Technology Association (CTA), CTIA, ITI, National Association of Broadcasters (NAB), NTCA, USTelecom, and Wireless Infrastructure Association (WIA).

“Of critical importance now is maintaining the United States’ longstanding commitment to industry-led technical standards and best practices to address cybersecurity, supply chain, and other global challenges. Such standards are a bedrock of federal trade, technology, and security policy, so it is imperative that your respective Departments champion them. The federal government should not attempt to create its own technical demands, nor should it try to supplant private sector leadership in standards bodies.”

“In the wake of recently revealed, widespread compromises through software vectors like SolarWinds, government and industry face a renewed call to arms to address threats from foreign adversaries. The government has a vital interest in preventing suppliers that pose a national security threat from exploiting U.S. networks or undermining critical functions. However, policymakers should reconsider which tools are best suited to address particular aspects of this challenge and which kinds of approaches will deliver optimal security outcomes. Some recent policies deserve special review.”

Global, Open Standards for Cybersecurity - IEEE SA

The coalition is urging the Biden Administration to refrain from attempting to create its own technical demands or trying to supplant private sector leadership in standards bodies. As the recently released Interim Final Rules that implement aspects of E.O. 13873 are refined, the Commerce Department has the opportunity to take a more effective approach to supply chain security by placing greater focus on industry-led best practices as they represent a proven and positive model for nations working to build a secure, resilient and innovative connected ecosystem.

They are concerned about the Commerce Department’s implementation of an executive order passed in May 2019 by the Trump administration. This laid the groundwork for banning U.S. companies from doing business with Chinese suppliers Huawei and ZTE. It gives the Commerce secretary broad discretion to prohibit working with certain foreign companies in the name of national security.

The industry groups said in the letter that they are keen to work with the new government on efforts to “enhance the security of the ICT ecosystem and maintain US private sector leadership in international standards development”. They underlined their existing record on setting industry standards and work already underway to improve supply chain security. For example, the TIA is developing a standard to verify supply-chain security compliance.

Blanket measures like the Trump executive order should be avoided and more tailored solutions developed to address specific problems, the groups said. “The federal government should not attempt to create its own technical demands, nor should it try to supplant private sector leadership in standards bodies,” the letter said.

Further review of the rules implementing the Trump order is expected to include more input from the industry. The letter called on the Commerce department to work with the Department of Homeland Security and the private sector-led ICT Supply Chain Risk Management Task force “to tailor intervention actions to where they are most necessary, and place greater focus on industry-led standards and best practices that provide a positive model for nations working to build a secure, resilient, and innovative connected ecosystem now and in the future”.

The statement comes as several European countries have approved or are considering laws allowing greater controls on the telecom networks supply chain. The legislation is based on recommendations from the European Commission, which proposed in early 2020 a ‘tool box‘ to help ensure 5G networks are protected from potential security threats. The EU’s cybersecurity agency Enisa started last month at the Commission’s request developing a certification scheme, specifically for 5G equipment.

References:

https://www.businesswire.com/news/home/20210412005266/en/ICT-Coalition-Best-Option-to-Secure-the-Global-Connected-Ecosystem-is-through-Industry-led-Standards

https://mk0tiaonlinedevs02ww.kinstacdn.com/wp-content/uploads/2021/04/Multiassociation-Letter-on-SCS-4.12.2021-FINAL-PDF.pdf

https://www.telecompaper.com/news/us-telecom-sector-resists-federal-suppliers-ban-calls-for-industry-led-security-standards–1379479