The Cost to Corporations of Not Securing Mobile Endpoint Devices is in the Millions
By David Cohen, Mobolize | CSO
Even though there are calls for employees to return to the office, mobile devices still have high use by office-bound employees and those that work anywhere, like me. That means my laptop, tablet and smartphone – all my mobile endpoints – are still very mobile and engaged in answering email (on planes), creating, and posting documents (from hotel Wi-Fi), IM’ing colleagues (from the local coffee bar) and chatting on video or a cell connection while walking to and from meetings.
This also means enterprise IT leaders must continue to do the hard work to keep employees (especially work from home and or mobile staff) and the corporations they work for safe from bad actors. If they don’t, it could cost an enterprise millions of dollars.
According to IBM in its 2022 Cost of a Data Breach Report, the global average cost of a data breach reached a record high of $4.35 million and 83% of organizations have had more than one breach. The US has the highest data breach cost of any country – $9.44 million.
Let’s get specific. The costliest initial attack vector in 2022 on average was phishing at $4.91 million. Phishing attacks are responsible for 16% of the breaches, many of those on poorly or unsecured mobile devices. Business e-mail compromises are the second costliest with an average cost to corporations of $4.89 million and 6% of the breaches. Then there’s the cost of a ransomware breach. It’s $4.54 million and that does not include the cost payment of the ransom itself.
Those costs include escalation, notification to all involved, lost business and response costs, replacement of lost or compromised data plus the costs of improved and tightened security. There are also lost business costs including customer turnover, lost revenue due to system downtime and the cost of acquiring new business due to the diminished reputation of the breached company.
According to security experts, remote workers like me will continue to be a target for cybercriminals. Our work-at-home profile and protection don’t match up well against bad actor threats. And because of these remote workforces, cloud breaches will increase with 95 percent of cybersecurity breaches being caused by human error (World Economic Forum) which can expose my password in a phishing scam. Back to that cost of $4.65 million to fix the break-in.
What can enterprises do to help improve security on mobile endpoint devices? Enterprise security is turning to Zero Trust Network Access (ZTNA), Secure Web Gateway, Secure Access Service Edge (SASE) or Security Service Edge (SSE) to increase the level of security automation and that will make corporate networks more protected and security more efficient. But totally securing mobile endpoint devices with these new technologies is a known problem. For example, although these seem like simple design considerations for enterprise security vendors, SASE, with its multiple point-to-point solutions, is not 100% compatible across all mobile platforms.
For example, my Mac has a client for Data Loss Prevention (DLP) but nothing for my iOS and Android devices. This becomes more complicated because ZTNA, DNS Blocking, Secure Web Gateway – all part of SASE – each require a different endpoint client. Complicating matters, neither the PC nor Mac client software work the same way forcing a user to switch clients during a typical work session. I use my PC, Mac and smartphone a lot so I want all my devices to be protected, not just some of them.
But there is a solution for security organizations that will allow them to provide the highest level of mobile endpoint device security. Mobolize’s on-device Traffic Management Engine manages all network traffic with intelligent, fine-grain data routing and control to meet an enterprises’ security needs on all operating systems and on any mobile endpoint. It allows SASE to work on all mobile devices. It doesn’t break apps and protects user activity on both Wi-Fi and cellular networks. It also improves device performance while improving employee productivity.
Partnering with Mobolize means making all devices security enabled – something which is possible right now. That’s a serious market differentiator and we’re experts in getting it done quickly and efficiently.
Plus, think of the millions of dollars corporations save by having security protection on all mobile devices used inside and outside the corporate network on either managed or unmanaged devices. No break-ins allowed. Add SASE and you get full mobile endpoint security. Partner with Mobolize and you’ll be able to add best-in-class mobile security.