- Organizations across numerous industries are increasingly concerned about potential mobile device security threats, with approximately three-quarters stating that the risks associated with mobile devices have increased in the past year, according to recent Verizon research.
Healthcare organizations were the most likely to have experienced data loss or downtime due to a mobile device security incident, Verizon’s Mobile Security Index 2018 found. Eighty-seven percent of healthcare respondents said mobile devices were a risk, while 29 percent said the devices were a significant one.
Even with those concerns, 41 percent of healthcare organizations stated they have knowingly sacrificed security for expediency or business performance. That is a jump above the average across all industries, where 32 percent of respondents said the same.
“Healthcare has the unenviable task of guarding large amounts of highly sensitive and personal data, while also providing quick access for medical practitioners,” report authors wrote. “These risks need to be weighed against speed and accessibility. Complicated or unwieldy access systems could do more harm than good, especially in emergency situations.”
Over 600 professionals involved in procuring and managing mobile devices for their organizations were surveyed, with individuals working in numerous industries including healthcare, financial services, and government.
The report also found that just 14 percent of all organizations had implemented the most basic cybersecurity practices and mitigation approaches. Thirty-nine percent of respondents said they change default passwords, 38 percent use strong/two-factor authentication on their mobile devices, 49 percent have a policy regarding the use of public Wi-Fi, and 47 percent encrypt the transmission of sensitive data across open, public networks.
However, entities employed at least one of those cybersecurity mitigation practices. Eighty-nine percent said they utilized one of the four previously mentioned security practices, while 55 percent said they have two in place. Approximately one-third (29 percent) said their organization uses three, and just 14 percent said they used all four practices.
There seems to be a trend of mobile security investments, with 61 percent of all of those surveyed saying that their mobile security spending had increased in the past year. Ten percent said it had increased significantly.
Malware was the most common type of threat that organizations experienced, with 72 percent stating that threat caused a security incident. Ransomware (64 percent), device loss/theft (64 percent), and weaknesses in custom apps (43 percent) were also top types of threats.
Employee awareness could also be impacting the mobile device security strength at organizations, the report showed. Eighty-six percent of respondents said their organization trains employees on mobile device security, but 59 percent of those companies only provide that training when the employee joins the company or is issued a new device.
The contrast between employees being seen as a risk but few entities actually using mobile device management (MDM) solutions is not going to improve security measures, researchers noted.
“This suggests that companies are relying on employees avoiding risk, instead of investing in the tools that can help enforce policies and prevent incidents,” report authors stated. “Even if companies were giving all staff thorough training on the changing threat landscape—and our research suggests that most aren't—this would not be an advisable approach.”
Lack of user awareness, a lack of skills/resources, a lacking budget, and a low perceived threat level were the most common barriers cited by all respondents. Twenty percent of those surveyed listed a lack of budget as a significant barrier, with 46 percent saying that they had both seen an increase in the past 12 months and expected to see a further increase in the next year.
Just under one-third of respondents (27 percent) who said a lack of skills was a significant barrier have also increased their mobile security budgets.
“As mobility becomes more integral to business operations in today’s digital economy – from supply chain management to IoT-enabled sensors to customer-facing mobile apps – protecting mobile platforms is critical,” Verizon Senior Vice President Thomas J. Fox said in a statement. “Securing the multitude of mobile devices that connect to public and private networks and platforms is paramount for protecting corporate assets and brand integrity.”
Healthcare mobile security concerns can also prevent some organizations from adopting new technologies. The 8th Annual Industry Pulse Report from Change Healthcare and the HealthCare Executive Group showed that half organizations did not have higher consumer adoption of mobile and digital health tools because of privacy and security worry.
Regulations around patient data privacy and security will also compound concerns about mobile and digital tool adoption, the report found. Providing transparency, easy data exchange, access and sharing, and an exceptional end-user experience will also be more difficult.