Halloween is nearly upon us, and we’ve had some fun brainstorming the scariest themes for our readers this year. With all the news over the past two years about cyberattacks, hacks and mobile security breaches—and in honor of National Cyber Security Awareness Month—we could think of nothing scarier for IT teams than mobile cyber security. And if numbers never lie, these 23 disturbing mobile security stats will have you keeping the light tonight.
- 1,023,108,267 records breached in 2014. (Breach Level Index)
- 5.2 million smartphones were lost or stolen in the U.S. in 2014. (Consumer Reports)
- #1 of IT’s weakest security links are perceived as mobile devices, followed by social media. (CyberEdge Group)
- 25% of all mobile devices encounter a threat each month. (Skycure)
[Related: 33 Cybersecurity Tips from the Experts]
Mobile is the Fastest Growing Enterprise Vulnerability.
- 75% year-over-year increase in U.S. mobile malware rates in 2014. (Lookout)
- 9X more mobile banking Trojan attacks in 2014, as compared to 2013. (Kaspersky Lab)
- 1-in-5 Android users experienced a mobile threat in 2014. (Kaspersky Lab)
- 188% increase in the number of Android vulnerabilities compared to 2011. (FireEye)
- 5X more OS X malware in 2015 than the previous five years combined. (Bit9 + Carbon Black)
- 262% increase in the number of iOS vulnerabilities compared to 2011. (FireEye)
- 75% or more mobile apps would fail basic security tests. (Gartner)
Mobile Threats Apply to Every Industry.
Average U.S. Enterprise Cost of Cybercrime by Industry: (Ponemon Institute)
- $8.6 million for U.S. retail stores
- $12.7 million in communications
- $14.5 million in technology
- $20.8 million in financial services
Corporate-issued Employee Devices & BYOD are Major Causes for Concern.
- Nearly 1-in-10 reported threats originate from WiFi networks with “free” in the name. (Skycure)
- 40% of U.S. employees of large enterprises use their personal devices for work. (Gartner)
- 59% of organizations are projected to start some kind of BYOD initiative this year. (CyberEdge Group)
- 57% of organizations consider employees as the most likely source of an attack. (EY)
- 88% of Information Security pros believe jailbreaks and rooting on BYOD devices make a successful attack more likely. (ISACA)
Is the Enterprise Ready for Mobile Threats?
- 56% of enterprises admit to being unlikely they will detect a sophisticated threat. (EY)
- 37% admitted there is no real-time visibility on cyberattacks. (EY)
- 2,000 or more, on average, unsafe or malicious apps are installed on large enterprise employees’ mobile devices. (Veracode)
Skycure’s Varun Kohli provided what he calls the “Four Horsemen of Mobile Security”:
1. Physical Threats: MDM and EMM solutions are a great way to manage devices, enforce passcodes, remotely wipe them in case of a compromise and enforce a rich set of BYOD, security and compliance policies. MTD helps EMM/MDM solutions by adding active threat detection and risk-based mobile management to protect devices against advanced threats.
2. Network Threats: Mobile devices connect to 10-100-times more networks than traditional PCs. Attacks such as traffic redirection, decryption and MiTM (Man-in-the-Middle) can steal sensitive information by exploiting vulnerabilities in WiFi networks—sometimes attacking devices with WiFi deactivated. Device owners might not realize that even if their WiFi is turned off, their devices may still join a malicious network and leak sensitive corporate information.
3. Malware: Enterprises find it hard to monitor apps and protect devices from malicious downloads, especially apps downloaded from third-party app stores outside of iTunes or Google Play. It is difficult, if not impossible, to enforce mobile security policies regarding downloading apps on employees’ BYO devices. Even company-owned devices are subject to “shadow IT,” the downloading of apps that employees require for productivity.
4. Vulnerabilities: Given the pace of mobile innovation and low barrier to entry for creating a mobile app, both apps and operating systems are full of vulnerabilities. In the recent past, Skycure researchers have discovered and disclosed a multitude of these vulnerabilities, such as “No iOS Zone”, Malicious Profiles, Invisible Malicious Profiles and LinkedOut. Devices without the most up-to-date versions of OS and apps are naked to attackers, who can search out such devices.
What does your business’ mobile threat defense strategy look like?
Join Brian Katz, director of mobile strategy at VMware, and Varun, vice president of marketing at Skycure, in a live webinar to learn how to:
- Get visibility into ALL mobile threats, vulnerabilities and attacks impacting your organization today;
- Integrate Skycure with AirWatch to predict, detect and protect against mobile cyberattacks; and
- Stop attacks before they make it to the enterprise by profiling good and bad devices, apps and user behavior, while leveraging crowd wisdom.