In recent years, enterprises have increasingly adopted bring your own device policies, allowing employees to use self-selected computers and smartphones rather than ones issued by IT departments — a change that enabled many companies to rapidly shift people to working from home, and a trend that is expected to continue growing for the next five years. But as a new workplace mobility report from T-Mobile indicates, this business transformation is creating large risks to enterprise security, as personal devices are at the heart of data breaches, cybercrime, and network attacks, leaving some companies unaware of or unprepared for the potentially catastrophic consequences.
While T-Mobile certainly isn’t the first to raise flags regarding the security risks of BYOD strategies — many IT professionals have long opposed allowing personal devices onto corporate networks — shifting mobile computing trends and the pandemic have turned the potential concern into a real-life one. Connecting data points raised by Deloitte, Gartner, Mordor Intelligence, and others, T-Mobile notes that the market for BYOD solutions is predicted to grow 15% per year through 2025, alongside increasing enterprise support for wearable augmentations, which will spread from their current uses in the mining and automotive industries to health care and travel, such that 30% of all companies will likely support personally supplied “enhancement” technologies over the next three years.
T-Mobile’s report is significant for technical decision makers because it’s a mid-pandemic wake up call to enterprises that have compromised on network security over the past year. Microsoft, multiple companies, and major U.S. agencies revealed this week that their networks had been compromised by foreign hackers, apparently targeting data on topics ranging from critical aspects of national defense to law enforcement, commerce, and international affairs. In this case, the hacks appear to be traced to maliciously updated SolarWinds software, but there’s no question that compromised mobile devices are providing hackers with easy access to private networks.
Over 10 years, T-Mobile notes, 41% of all data breaches were traced back to lost laptops, tablets, and smartphones, and in a fairly recent study, 55% of businesses identified these mobile devices as the most vulnerable points in their systems. While 62% of businesses experienced phishing and social engineering attacks, an incredible 91% of cybercrime is said to begin with malicious email links, which are three times more likely to be tapped on a mobile device.
Unsurprisingly, the second largest U.S. cellular carrier isn’t recommending that businesses kill or pause their personal mobile device policies to increase security. Instead, it’s calling for businesses to implement zero-trust security approaches on both devices and apps; employ encryption on both networks and servers to protect “data in transit and at rest”; and use systems capable of detecting suspicious access, breaches, and threats. Mobile device management and mobile threat detection software are part of the solution, as is secure Wi-Fi.
But 5G and next-generation biometric technologies will also play roles, T-Mobile suggests: Properly built 5G networks can authenticate and authorize mobile devices, while enterprises can adopt improved user identity verification including improved facial recognition and no-scan security measures. Additionally, new devices such as Samsung’s Galaxy A Quantum will increase endpoint security using quantum encryption capabilities. Mobile software, networks, and devices are being hardened to resist threats — now the onus is on enterprises to protect themselves, and to educate their employees to avoid the pitfalls that lead to data breaches.