In a global shift to remote work, more than three-quarters of IT decision-makers said their organizations were more vulnerable to cyberattacks against mobile devices compared with a year ago, according to a survey by Sapio Research commissioned by Menlo Security released Wednesday. The survey of more than 600 executives, including chief information officers and chief information security officers, included organizations based in the U.S., U.K. and Australia.
Phishing has been the most common form of attack over the past 12 months, according to 71% of survey respondents. The survey showed 73% of IT decision-makers believe end-users are more susceptible to mobile attacks than they were five years ago.
More than half of participants said it's impossible for organizations to be ready for all the tactics used by malicious attackers targeting mobile devices. For 38% of respondents, it's impossible to keep up with the pace of cyberattacks targeting mobile.
The Menlo Security Mobile Risk 2021 report comes at a critical time both in the U.S. and abroad, as companies and other organizations are beginning to return to the office following the COVID-19 pandemic.
Millions of workers in the U.S., U.K. and Australia have been working remotely since early 2020, with companies allowing employees and contractors to connect to the office using a variety of devices, including laptops, tablets and mobile phones.
"Increasingly, workers are accessing their corporate applications and data from unmanaged devices," Mark Guntrip, senior director of cybersecurity strategy at Menlo Security, said via email. "This was clearly exacerbated by the enforced remote work policy in 2020 and the subsequent shortage of computing equipment available."
IT managers and CISOs have struggled to secure the perimeter at many organizations, due to a lack of endpoint visibility. Employees are also conducting work on a variety of operating systems using often insecure home Wi-Fi connections.
Guntrip says mobile devices are less secure because of a combination of untrusted personal applications and data that are stored on the same device, as well as employees ignoring company security policies.
Remote work has opened a number of attack vectors over the past year. VPN devices have become a major target of malicious attacks and APT actors have taken advantage of vulnerabilities in Pulse Secure, Fortinet and other VPNs in recent months, targeting government agencies, contractors and private companies. An old VPN profile was targeted in the May ransomware attack on Colonial Pipeline.
Sapio Research conducted the survey, based on online interviews with 617 IT decision-makers, at companies with at least 1,000 employees. The survey respondents were invited by email and completed online surveys during April and May.