Study: Retail mobile security incidents double
Security breaches involving mobile devices are surging.
Retailers saw a sharp jump in security breaches involving mobile devices between 2017 and 2018, according to the Verizon Mobile Security Index. The study finds that 31% of retail respondents suffered a mobile compromise in 2018, up from 16% in 2017. More than half (54%) of these mobile compromises in the retail industry were considered major, and 27% had lasting repercussions. The vast majority (85%) of retail respondents said that the risks associated with mobile devices are serious and growing.
Not surprisingly, retailers were most concerned about mobile security breaches impacting their customers’ financial and personal data. Fifty-five percent of retailers were likely to be concerned about cybercriminals stealing payment card details, compared to 37% of respondents across all industries surveyed.
Retailers were also more likely to be concerned about customer data being taken (61%). Of those retailers that experienced a mobile-related compromise, 38% said that cloud-based systems had been compromised as part of the incident.
Most retail respondents said their mobile defenses were effective (81%) and that they’d be able to spot a compromised device quickly (76%). However, 70% of retailers that suffered a mobile compromise were notified of it by a third-party: customer, partner or law enforcement.
Despite retailers’ general confidence in their mobile defenses, two-thirds (64%) said they were less confident about the security of their mobile devices than other IT assets, including desktops and servers. Only 26% were using a private mobile network for mobile security, 34% had unified endpoint management (UEM) in place and 38% had a data loss prevention solution on their mobile devices.
Eighty-one percent of retail respondents did say the threat of regulatory penalties had driven increased spend on mobile security. When asked specifically about the impact of the European Union (EU) General Data Protection Regulation (GDPR), passed in 2018, on their mobile security activities, 47% of retailers agreed that they have reassessed the risk associated with mobile devices in light of GDPR. Another 28% strongly agreed, meaning three-quarters (75%) of retail respondents took another look at mobile security due to GDPR. Twenty-two percent disagreed, and 3% strongly disagreed.
Insecure Wi-Fi hotspots (44%) and device loss/theft (41%) ranked as the two biggest causes of mobile-related compromises affecting retailers. Almost six in 10 (57%) of retailers said they thought the growth in threats to mobile devices was a result of other systems being made more secure, driving criminals to look elsewhere.
Downtime was the most common consequence for retailers that suffered a mobile breach (67%). Fifty-nine percent had other devices compromised, and 56% lost data. Twenty-two percent of these respondents suffered all three consequences.
Verizon’s Mobile Security Index 2019 findings are based on a survey of over 600 professionals, including retail executives, involved in buying, managing and securing mobile devices for their organizations.