Verizon warns that a significant number of businesses and other organizations are falling short in securing their mobile data due to a lack of awareness about threats — or by placing a higher priority on getting products to market. The carrier's 2018 Mobile Security Index found nearly a third (32 percent) of organizations surveyed admitted to sacrificing mobile security to improve business performance and 38 percent of those said that their organization is at significant risk from mobile threats.
Although 93 percent of survey respondents said mobile devices presented serious security threats, just 14 percent of their organizations implemented "the most basic cybersecurity practices." The survey respondents were professionals who were in charge of mobile technology in their organizations and included the hospitality sector. Mobile affects many systems in a hotel, including property-management systems, point-of-sale systems, door locks, messaging systems and more.
“As mobility becomes more integral to business operations in today’s digital economy—from supply-chain management to [Internet of Things]-enabled sensors to customer-facing mobile apps—protecting mobile platforms is critical,” Verizon SVP Thomas Fox said in a statement. “Securing the multitude of mobile devices that connect to public and private networks and platforms is paramount for protecting corporate assets and brand integrity.”
Only one in seven organizations have put in place all four basic cybersecurity practices specified by Verizon—changing all default passwords, encrypting data transmitted over public networks, granting employee access on a need-to-know basis and testing security systems regularly.
Only four in 10 change all default passwords and use two-factor authentication on their mobile devices. One-half don’t have a policy for employees’ use of public Wi-Fi. A mere one-third of the organizations use mobile endpoint security and less than one-half said that they use device encryption.
“Securing the multitude of mobile devices that connect to public and private networks and platforms is paramount for protecting corporate assets and brand integrity,” Fox said.
There was almost universal agreement among the respondents that organizations should take mobile security more seriously. However, most organizations (62 percent) feel that better mobile security may be hampered by a lack of understanding of specific threats and solutions. Hotels' point-of-sale systems have recently become a target for hackers, with a number of major hotels and brands experiencing hacks in the past few years. Most recently, a data breach at third-party hotel-reservations provider Sabre impacted multiple hotels, including those from Four Seasons Hotels and Resorts, Trump Hotels, Kimpton Hotels & Restaurants and RLH Corporation. InterContinental Hotels Group also has announced two data breaches last year.
Forty-six percent of respondents said that they turn to colleagues when they need help while only 22 percent said that this is the only place they turn to for help. The remaining 78 percent said they also turn to other sources of support, including an external vendor, communications service provider, systems integrator or value-added reseller for help. Nearly three-quarters are already using a third party to provide security services. Approximately 56 percent are using an external vendor to provide mobile security services.
Employee misuse, whether driven by malicious intent or caused by inadvertent error, is seen as a significant cyber-hazard by almost 80 percent of the organizations. The same percentage voiced greater concern about disruption of their business operations caused by security incidents than about data theft.
Take Steps Now
While the level of risk is higher than most would like to see, hotels do have options when it comes to locking down security.
“Nothing is 100-percent secure,” Fox said. However, he stated the goal is to lower the risk to an acceptable level for all organizations. In the process, businesses should make it as hard as possible for bad actors to breach the security systems they have in place.
Verizon recommends restricting what apps can be downloaded by employees and deploy application-management software that scans apps for vulnerabilities. Business should also improve device management with threat detection with endpoint security and deploy mobile endpoint security and threat detection to all devices. They should also implement mobile device management and enterprise mobility management. Increasing employee awareness with best practices and strict governance also is key.
The survey for the report was carried out in the second half of 2017. An independent research company was commissioned by Verizon to survey more than 600 professionals responsible for mobile technology in their organizations. Eighty-three percent of the participants were based in the U.S., and the remaining 17 percent were from the UK. The survey covered industries in financial services, government, healthcare, manufacturing, professional services, retail and hospitality, and technology.