Verizon warns of escalating risks in mobile and IoT security

The annual report surveyed 600 people responsible for security strategy, and this time round as well as employee-level mobile usage, the report looked at the use of IoT devices and sensors and the security concerns that come with them as remote work continues to be a trend.

It found that 80% of respondents consider mobile devices critical to their operations, while 95% are actively using IoT devices. In critical infrastructure sectors, where 96% of respondents reported using IoT devices, 53% stated that they have experienced ‘severe security incidents that led to data loss or system downtime.’

To this point, the release drafted in Phil Hochmuth Research VP, of enterprise mobility at IDC to say: “These findings highlight the continued friction that employers face as more and more work is done on personal mobile devices. This is why we are seeing more and more employers move from a pure bring-your-own-device model to employer-provided devices where CIOs can have greater governance to protect critical infrastructure from cyber attacks."

84% of respondents increased their mobile device security spending over the past year, and 89% of critical infrastructure respondents are planning further increases, says the report.

It also says AI is expected to exacerbate mobile threats landscape, but also that respondents think it ‘presents opportunities for defence’. 77% of respondents anticipate that AI assisted attacks, such as deepfakes and SMS phishing, are likely to succeed, while 88% of critical infrastructure respondents acknowledged the ‘growing importance of AI-assisted cybersecurity solutions.’

Meanwhile, with companies deploying more and more IoT devices their ‘digital landscapes’ are evolving, we’re told, ‘creating a need for cybersecurity strategies to evolve in kind.’

TJ Fox, SVP of Industrial IoT and Automotive, Verizon Business added: “The Industrial Internet of Things (IIoT) is giving rise to a massive expansion in mobile device technology that goes well beyond phones, tablets and laptops. Enterprise networks now include all sorts of sensors and purpose-built devices that monitor, measure, manage and control commercial tasks and data flow.

“That IIoT growth brings with it a proportionate need for more knowledge, awareness and IT solutions to ensure the security of those increasingly sophisticated networks. The growing importance that IoT plays in our customer’s technology ecosystem underscores why it should be a component in any sound cybersecurity program.”

You don’t see much in the way of good news coming out of the various cybersecurity reports that analysts and other firms put out periodically, and many are now pointing to fresh dangers cropping up thanks to advances in AI. Making use of the latest technology for either attack or defence frames the continual arms race between security software firms and cyber criminals, and AI and quantum computing will no doubt be increasingly employed by both in future.    

In terms of IoT related security threats, earlier this year the UK government introduced new regulations mandating that internet-connected smart devices meet ‘minimum-security standards.’

According to the new laws, manufacturers of internet enabled gadgets such as smartphones, games consoles and other connected products will be banned from coming with weak and easily guessable default passwords like ‘admin’ or ‘12345’ in an effort to preventing instances like the Mirai attack in 2016 which saw 300,000 smart products compromised and used to attack major internet platforms and services.