LAS VEGAS and MOUNTAIN VIEW, Calif., Aug. 2, 2016 /PRNewswire/ -- Enterprises
continue to fall short when it comes to protecting corporate data
on mobile apps and devices, according to the Mobile Security and
Risk Review, released today by MobileIron (NASDAQ:MOBL) at the 2016
U.S. Black Hat conference taking place in Las Vegas, July
30-August 4. Mobile threats are on the rise but only 8%
of companies are enforcing OS updates and less than 5% are using
App Reputation or Mobile Threat Detection software.
Experience the interactive Multimedia News Release here:
http://www.multivu.com/players/English/7754351-mobileiron-security-risk-review/
The second edition of the Mobile Security and Risk Review
updates Q4 2015 data and discusses an emerging set of threats and
risks, including enterprise compliance failures, compromised
devices, and data loss risks. For the first time, the review
also identifies enterprise security trends on a geographic regional
basis and for the government vertical.
Download the Mobile Security and Risk Review for Q2 2016 here:
www.mobileiron.com/securityandriskreview, and visit MobileIron at
Black Hat in booth #1568.
"The velocity of mobile attacks is increasing but the latest
data shows that enterprises are still not doing the things they
could be to protect themselves," said James
Plouffe, Lead Architect, MobileIron. "This lack of security
hygiene demonstrates that enterprises are alarmingly complacent,
even when many solutions are readily available."
Mobile attacks on the rise
The report outlines several
new mobile attacks which have emerged that threaten enterprises.
Most are simply re-using old tactics against mobile-specific
services, such as SideStepper's use of Man-In-the-Middle (MITM)
against MDM, rather than employing new techniques or exploiting new
vulnerabilities. However, when attacks against users are
successful, they can result in the loss of both personal and
business data.
The following mobile attacks either emerged or worsened in the
last six months:
- Android GMBot: This spyware remotely controls infected
devices in order to trick victims into providing their bank
credentials.
- AceDeceiver iOS malware: This malware is designed to
steal a person's Apple ID.
- SideStepper iOS "vulnerability": This technique was
discovered to intercept and manipulate traffic between an MDM
server and a managed device.
- High-severity OpenSSL issues: These vulnerabilities can
potentially impact large numbers of applications and services,
which could ultimately jeopardize enterprise data-in-motion.
- Marcher Android malware: This malware has evolved to
mimic bank web pages that trick users into entering their login
information through e-commerce web sites.
Mobile security practices largely unchanged in the face of
new threats
Security incidents are often the precursor to a
breach because they leave a device or app vulnerable and that can
put enterprise data at risk. This quarter saw a number of trends in
employee compliance incidents and enterprise security practices,
including:
- Missing devices: 40% of companies had missing devices,
up from 33% in Q4 2015.
- Out-of-date policies: 27% of companies had out-of-date
policies, up from 20% in Q4 2015.
- Enforcing OS updates: 8% of companies were enforcing OS
updates, which was comparable to Q4 2015.
- App reputation software: Less than 5% of companies
deployed app reputation software, which was comparable to Q4
2015.
For the full list of trends, go to:
www.mobileiron.com/securityandriskreview.
Evernote and Line among most blacklisted consumer
apps
The top 10 consumer unmanaged apps most often
blacklisted by enterprises changed from Q4 2015 to Q2 2016. New
entrants to the top 10 list include Line and Evernote. The top 10
consumer unmanaged apps most often blacklisted in Q2 2016
include:
1)
Dropbox
2) Facebook
3) Angry Birds
4) Skype
5) Line
6) Box
7) OneDrive
8) Google Drive
9) Twitter
10) Evernote
"When an unmanaged app that can potentially access corporate
data or bypass corporate security measures achieves broad consumer
adoption, IT departments look to blacklist it because they can't
protect corporate data in an app they don't manage," said
Plouffe.
Government organizations struggle to keep pace
Government organizations are known for having some of the most
stringent security requirements. Paradoxically, extensive approval
processes make it difficult for these organizations to keep pace
with change, which can make them more vulnerable.
Globally, Government organizations are less prepared to deal
with security incidents than the global average.
- 61% of Government organizations have at least one non-compliant
device, compared with the global average of 53%.
- 48% of Government organizations have missing devices, compared
to the global average of 40%.
- 34% of Government organizations had devices operating under
outdated policies, compared to the global average of 27%.
iOS remains dominant in the enterprise
The share of
iOS devices grew from 78% in Q4 2015 to 81% in Q2 2016. The share
of Android devices remained flat at 18% during this timeframe.
About the Mobile Security and Risk Review
The second
edition of the Mobile Security and Risk Review is based on
aggregated, anonymous usage data shared by customers that was
compiled from April 1, 2016 through
June 30, 2016.
About MobileIron
MobileIron provides the secure
foundation for companies around the world to transform into Mobile
First organizations. For more information, please
visit www.mobileiron.com.
SOURCE MobileIron