A majority of respondents said they sacrificed security of IoT devices to respond to COVID-19 policies and for expedience generally.
Verizon’s annual mobile security index attached numbers to the security challenge presented by greater use of mobile devices during the pandemic and shows the public sector is not doing as poorly as private-sector counterparts.
“Despite the likelihood of being compromised and the consequences when it happens, 35% of public sector respondents admitted they had sacrificed mobile security to ‘get the job done,’” reads a breakout of the index spotlighting government. “This is about the same as last year (36%) and noticeably lower than what we found across all public and private organizations (45%).”
The survey released Tuesday was conducted in 2020 and includes the responses of 856 senior professionals responsible for procuring, managing and securing mobile devices, almost a quarter of which are in the public sector at the local, state and federal levels.
Though the numbers for 2020 were similar to the year before, 45% of the public sector respondents who admitted to bypassing mobile security measures such as implementing appropriate password policies cited a need to cope with the COVID-19 crisis that sent workers home to work remotely. Forty percent of those respondents sacrificing security said they did so on the altar of expediency in general.
The survey provided separate numbers for connected devices considered part of the internet of things. A new law requiring the federal government to only purchase IoT devices that meet certain security requirements also does not consider mobile devices such as smartphones in its definition of IoT.
The public sector also sacrificed security for IoT devices, for the same reasons given above, even though nearly half of the respondents were aware of the associated risks, according to the survey.
“Nearly half (49%) of the IoT respondents in our survey said that these devices posed a high or significant risk to their organizations,” it reads. Nearly two-thirds again cited getting the job done as the reason for cutting corners.
The survey pointed to other technologies enabling remote work, including cloud applications and public Wi-Fi, as adding to the security challenge and highlighted a need for employee education and training.
“Nearly 30% of U.S. workers said they thought that malware is a type of hardware that boosts a Wi-Fi signal,” Verizon reports. “This serves as an important reminder that what might seem obvious to those working in IT and [are] well-read on cybersecurity may be a mystery to many others. There’s still a lot to do in educating employees about the threats and how to counter them—both in their personal lives and as government officials.”