Netskope is proud to have contributed once again to Verizon’s annual Mobile Security Index —one of the most influential reports in the industry for evaluating mobile security trends. This report is based on a survey of hundreds of professionals responsible for buying, managing, and securing mobile and IoT devices.
The 2021 version of the report, released this month, underscores just how much the massive shift to remote work during 2020 has further catalyzed mobile security trends we’ve been observing for years.
I highly encourage you to read the full report. Some key takeaways are summarized below.
Inversion isn’t just happening—it’s happened.
As Verizon notes, “You don’t need a research report to tell you that there was a massive increase in the number of people working from home in 2020. Remote working has become commonplace and things are unlikely to ever go back to the way they were.”
We’ve described this phenomenon as “inversion.” Netskope research shows that from the start of 2020 to the end of the summer of 2020, the ratio of remote workers to non-remote workers went from one in four to two out of three—and remained at that level into 2021.
Social Engineering: A more pervasive threat than ever.
As Verizon notes, “Social engineering remains one of the most powerful tools in the cybercriminal’s arsenal. And attackers are finding increasingly innovative ways to exploit and manipulate users.”
Attackers will try almost anything—from faked communications from the government to spoofed websites purporting to be from banks or hospitals—to trap an unsuspecting user. These traps, of course, come in many different forms; Netskope Threat Labs, for example, found 36% of phishing campaigns targeted cloud credentials, while 13% of phishing campaigns used cloud-hosted phishing lures.
We have to get serious about acceptable use.
Acceptable use was already an important topic before the pandemic. But with so many users now working remotely, teams will need visibility into workers’ activity without making security a bottleneck to productivity.
As Verizon notes, “it’s not to say that remote workers are doing anything malicious, it’s just knowing that there’s no one around can make some people less observant of the rules. This could be something as innocuous as checking their personal email or doing some online shopping. Or it could be clicking on that NSFW link they’d never open in the office.”
In our research, Netskope highlights file sharing as one of the most challenging areas for acceptable use. About 7% of all users have uploaded sensitive corporate data to personal instances of cloud apps—no small level of exposure when you think about how many users and how much data there is in the world.
There’s a (sometimes big) misperception of how many SaaS apps enterprises actually have in use.
From chat apps such as Slack and Google Chat to videoconferencing and specialty apps such as online whiteboard tools, the app explosion continues. Netskope research holds that the number of employees using collaboration apps increased by 20% from 2020 to 2021, but more than 90% of enterprise apps and cloud services are unmanaged—with no visibility in most cases, let alone IT administration rights. In the Netskope Cloud and Threat Report from February 2021, the average number of apps in use by enterprises is north of 1,400, while some enterprises have more than 7,000!