- AI combined with human error sets up a ‘perfect storm’ for security, according to Verizon’s most recent Mobile Security Index
- Only 17% of businesses have specific security controls against AI-assisted attacks
- At a lot of companies, procedures to secure mobile devices are a lot less mature than for desktop and laptop computers
Beware. It’s that time of year when many employees are being told it’s open enrollment and they’re given a deadline to renew their health benefits. But if an unverified and unexpected message comes through SMS on your smartphone, it might be a smishing attack.
Don’t click on the link, however tempting it may be.
That’s one bit of advice from Chris Novak, VP of Global Cybersecurity Solutions at Verizon Business. He talked with Fierce about the latest Verizon Mobile Security Index that shows just how vulnerable mobile devices are to attacks. And guess what? AI isn’t helping matters. In fact, it’s putting devices more at risk.
Novak calls it a “perfect storm” brewing among enterprise organizations, where AI is the “wind” and human error is an open window. Businesses of all sizes need to rethink security measures aimed at AI-assisted attacks and support employees who are engaging with AI on their mobile devices.
“I look at AI as just another tool. It's like if you brought an employee into a machine shop. You don't just say: ‘Here's the chainsaw. Good luck.’ You say: ‘You need to wear glasses. You need to wear a helmet. Here's gloves. Here's how you properly hold it.’”
The same thing applies to AI. “If we give people AI and we don't tell them how to use it, someone's going to get hurt,” he said.
According to the Verizon 2025 Mobile Security Index, only 17% of businesses have specific security controls against AI-assisted attacks. That’s risky business as cyber criminals increasingly use genAI to beef up the volume and sophistication of their attacks.
Nearly all organizations – 93% – report that their employees are using genAI on their mobile devices in their daily work – and more than half of the organizations (64%) see data compromised through genAI as their top mobile risk, according to the report.
Phishing with SMS
Smishing, which is a mash-up of SMS and phishing, isn’t something to mess around with. Fraudsters will sometimes make an SMS look official with a shortened URL and a message telling people to click on it to, for example, renew their health benefits. But the URL is actually a way for them to get log-in credentials and passwords that they’ll use to wreak havoc on the organization.
It’s somewhat surprising that in this day and age, people aren’t more cognizant of the security on their mobile devices. But a lot of people are accustomed to worrying about security on their laptops and not so much on their phones. Novak sees a lot of that.
“The thing that always makes me cringe is when someone says, ‘I'm not sure if this is malware or phishing, so I'll forward it to my phone and I'll open it there,’ as if automatically doing it on their phone makes it more secure,” he said. “People don't realize there are exploits and vulnerabilities on the phone. I think there is that challenge and there is that mindset out there.”
At a lot of companies, procedures to secure mobile devices are a lot less mature than for desktop and laptop computers. “If you think of the first cell phone you got, it didn’t have antivirus. People didn't think about malware or smishing attacks, and many people walked around with little to no security on their mobile devices thinking that it wasn't necessary,” he said.
“Obviously, we're hearing more and more about threats against or via mobile, so I think that's kind of a mindset that needs to change,” he added. “But unfortunately, I think a lot of organizations are still a bit behind.”
Verizon’s cybersecurity investments
Last year’s Salt Typhoon showed the extremes to which state-sponsored actors will go to attack U.S. communications networks. Of course, every network provider is trying to shore up their security.
Last year, AT&T spun off its cybersecurity business into LevelBlue, a joint venture with WillJam Ventures. T-Mobile, which suffered a series of high-profile data breaches, set out to change that and last week marked the opening of a new Cyber Defense Center at its Bellevue, Washington, headquarters.
Verizon likes to boast that it has decades of experience in cybersecurity. The company made a big investment in 2007 when it acquired Cybertrust, which is how Novak came to be at Verizon.
Earlier this year, Verizon announced a strategic partnership with Accenture to speed the development and delivery of advanced cybersecurity solutions to businesses of all sizes. It covers a range of services – everything from data breaches to phishing attacks and beyond.
At the consumer level, Verizon recently refreshed its Verizon Protect App for better device and privacy protection, coinciding with Cyber Security Awareness month.
“If organizations give people access to education and training and guide them down the right path, people naturally want to do the right things,” Novak said. “The best way for cyber security to really advance and get better is if everyone makes it personal.”