MobileIron, a company that provides mobile device management (MDM) and enterprise mobility management (EMM) solutions, released its Mobile Security and Risk Review on Tuesday, which detailed the mobile threat landscape in the enterprise. Despite the growth of mobile threats, reckless user behavior and poor security practices persist.
One of the biggest ways that vendors keep their products secure is through OS updates. Apple and Google each released three updates this quarter, but only 8% of the companies represented in the report enforced OS updates. Additionally, fewer than 5% reported using app reputation or mobile threat detection software.
"This lack of security hygiene demonstrates that enterprises are alarmingly complacent, even when many solutions are readily available," said James Plouffe, lead architect at MobileIron.
SEE: Mobile device computing policy template (Tech Pro Research)
So, what are the worst threats out there? The report listed five threats that had either emerged, or gotten worse, over the last few months:
- Android GMBot - A spyware, usually from third-party app stores, that tries to trick users into giving up their bank credentials.
- AceDeceiver iOS malware - Malware that works to steal a user's Apple ID.
- SideStepper iOS vulnerability - A technique that works in between the MDM server and a device to install unapproved applications.
- High-severity OpenSSL issues - Two OpenSSL flaws that can either decrypt traffic or corrupt memory.
- Marcher Android malware - A malware that pretends to be a bank website in hopes that users will give up their login credentials.
Despite these new and growing threats, security practices remain largely unchanged, meaning that many organizations are risking these threats becoming real problems. In addition to the aforementioned lack of app reputation software or enforcing of OS updates, 40% of companies had missing or unaccounted for devices, and 27% of companies had out-of-date policies. Both of these numbers had risen since the end of 2015.
What's even more surprising, though, is the number of organizations that let certain security practices fall by the wayside. For example, 26% of respondents said that an EMM tool was removed from one or more of their devices. Back in Q4 2015, that number was only 5%.
Additionally, 10% of companies represented said they had at least one compromised (jailbroken or rooted) device, and more than 50% of companies reported at least one device out of compliance with policies in Q2 2016.
Mobile applications were also a big part of MobileIron's report. Here are the top 10 most popular third-party apps deployed on enterprise devices:
- PocketCloud Remote Desktop
- Cisco Webex
- Cisco AnyConnect
- Acronis Access
- Roambi Analytics
However, the report also listed the top 10 apps that were most likely to be blacklisted, or banned, from use on a work device. Those 10 apps ranked as follows:
- Angry Birds
- Google Drive
"When an unmanaged app that can potentially access corporate data or bypass corporate security measures achieves broad consumer adoption, IT departments look to blacklist it because they can't protect corporate data in an app they don't manage," Plouffe said.
In terms of the most at-risk industry, the government sector took the top spot. According to the report, government organizations ranked higher in non-compliant devices, missing devices, out-of-date policies, and removal of EMM than the global average in all those areas.
Apple's iOS devices took 81% of the market share among enterprise organizations, relative to Android's 18%, making it the clear winner.
Interested parties can download the full Mobile Security and Risk Review here.
The 3 big takeaways for TechRepublic readers
- Despite growing mobile threats in the enterprise, few companies are enforcing good security practices such as OS updates, mobile threat detection software, and keeping account of all managed devices.
- The government sector was the most at-risk industry with higher numbers in almost every category explored by the report.
- iOS devices dwarf Android devices in terms of enterprise market share, with 81%, relative to Android's 18% share.
- 10 mobile security myths that need debunking (TechRepublic)
- Securing Your Mobile Enterprise (ZDNet)
- VMware releases AirWatch Express to simplify MDM efforts for SMBs (TechRepublic)
- The state of mobile device security: Android vs. iOS (ZDNet)
- Research: Apple rated highest for security on mobile devices (TechRepublic)
Conner Forrest has nothing to disclose. He doesn't hold investments in the technology companies he covers.
Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.