“With growing Internet penetration in India and government initiatives such as Digital India, Smart Cities, and Aadhaar, the need to ensure better protection of both critical infrastructure and sensitive data is further amplified,” writes John Hines, Head of Cyber Security, Verizon Asia-Pacific.
Mobile devices have become an essential collaboration tool in most commercial enterprises and government agencies. It would not be too far-fetched to say that most employees, including those in India, regularly access corporate data via their smartphones, especially for the many currently working from home. Unfortunately, the convenience of accessing company data has also effectively raised the challenge of ensuring that company-proprietary and confidential data is kept out of the hands of cyber criminals.
In the last 18-months, the threat to both private and public sector organizations has become more pronounced, as malicious actors look to exploit human vulnerabilities and our increased dependence on mobile technology.
The Mobile Security Index spoke with almost 900 professionals responsible for the procurement and management of the security of mobile devices and 13 security companies and law enforcement agencies. While public sector organizations are reliant on mobile technology they are also concerned about mobile device threats. 84 per cent rated the risk to their organization as moderate to significant while two-fifths said that mobile devices are “extremely critical” to the smooth running of their organisation. In fact, nearly three-quarters (72 per cent) scored the importance as eight or more on the 10-point scale.
With the growing internet penetration in India and government initiatives such as Digital India and Smart Cities, the need to ensure better protection of both critical infrastructure and sensitive data is further amplified. Mobile devices are key to improving service delivery, however, they could be putting infrastructure, people, employees, and data at greater risk.
One in Four Have Suffered a Compromise
When it comes to cybersecurity, the public sector has a lot on the line. Government agencies have access to a wealth of knowledge about their citizens’ lives including information that most individuals will not share with a private company such as tax information and bank account numbers. According to Verizon’s Data Breach Investigation Report 2021, the most frequently stolen data type in the public sector in the last year is Credentials, which are then used to further the attacker’s presence in the victim’s network and systems.
These breaches are not limited to desktop systems, they have also reached our mobiles phones. According to Verizon’s Mobile Security Index (MSI) 2021, a quarter (25 per cent) of public sector respondents admitted to having suffered a compromise involving a mobile device in the past year. Local, state, and federal organisations were all affected. State government bodies fared best, with less than one in eight (12 per cent) reporting they’d been hit; conversely, nearly one-third (32 per cent) of local government agencies were aware of having been compromised.
Companies Cutting Corners to Get the Job Done
Despite knowing the stakes, many businesses who put mobile device security on the back burner were more likely to be hacked. Cutting corners is still primarily motivated by expediency, which includes responding to the Covid-19 crisis. The MSI report affirmed that, globally, despite the risk of being hacked and the penalties of being compromised, 35 per cent of public sector respondents acknowledged sacrificing mobile security to “get the job done.” This is roughly the same as the previous year (36 per cent) and far lower than what we discovered across all public and private companies (45 per cent). The reasons for cutting corners were numerous including expediency (40 per cent), but responding to the Covid-19 crisis was the most common (48 per cent).
The Biggest Concerns in the Public Sector:
Malware – Malware topped the list of threats and vulnerabilities that public sector organizations were most concerned about. In reality, mobile-device users are 26 times more likely to click on a phishing link than they are to encounter malware
Loss/theft -People lose stuff. They leave phones, tablets, and laptops in taxis, on trains, at restaurants—the list goes on and on. Some of these will end up in a lost-and-found box, and others will find a new owner—or rather a new owner will find them.
Rogue Wi-Fi – To paraphrase a famous saying, there’s no such thing as free public Wi-Fi. At best, users are swapping privacy for convenience. At worst, they could be compromising credentials and exposing other systems—not just the device that they’re using, but everything it can connect to—to malicious code.
Phishing – Lookout, a mobile security company, saw a 364 per cent increase in the number of mobile phishing attempts in 2020 versus 2019. With many employees working from home, cybercriminals have adapted their techniques. And many have taken advantage of the disruption.
Ransomware – There has been extensive media coverage of successful ransomware attacks on public sector organizations in recent years.
Out of Sight Should not Mean out of Mind
We all know that cybersecurity is not a new concern, but despite best efforts, the risks landscape continues to rise. The severity of regulatory penalties is increasing, and customers—consumers, enterprises, and public-sector organisations alike—are getting more concerned. According to the MSI report, policymakers are worried about the effect security measures can have on productivity and efficiency, in addition to budget constraints. Poorly implemented protection measures may harm employee satisfaction and organizational efficiency. For instance, something as simple as a poor password policy could put an impact on productivity, increase support costs (due to more resets), and potentially increase risks (by driving employees to circumvent the rules).
In 2021, mobile devices are an essential component of a smooth work experience. As a result of technological convergence, businesses have discovered more effective ways to use devices; you can now do more with a mobile device than you can with your desktop system. With the arrival of 5G, the technology will only improve and many companies will shift towards permanently working from home.
Unfortunately, as devices have grown more powerful, they have become more appealing to those with malicious intentions. Solutions have evolved, but, as we’ve seen, even when tools are in place, people do not always use them. Part of the problem is the gulf between how mobile devices and remote workers have been treated compared to others. Recently, new security models that recognise modern businesses’ mobile-first, cloud-first reality have emerged. These promise to improve mobile device security for everyone involved. There is a lot of work to be done to update processes and rules to be cyber-secure.