“Gartner Listed - mobile application security guide”

March 3, 2016

Mobile Security Risks in the Enterprise 2016

Recent research asked 588 IT professionals from around the word about the state of mobile security in their companies and the costs to companies of data breaches that stem from vulnerabilities in mobile applications and devices and the lack of mobile app security testing. Let’s look at ten headline issues.

  1. Enterprise companies think it’s ‘early days’ for mobility

Many of the companies included in the research view their BYOD programs and use of mobile apps as still being in their ‘early days’. This is in spite of mobile being near ubiquitous in the enterprise. This perception is indicative of the wider findings of the research.

  1. IT has no idea what their company’s employees are able to do

The research indicates that IT thinks that access to customer records is limited to 19 percent  of employees. It turns out that 43 percent of employees are able to access customer data. For classified information IT believes that access to confidential or classified documents is limited to 8 percent of employees, when in fact it is 33 percent.

  1. Access to sensitive data is on the rise

The number of employees with access to data will increase by 50 percent or more by 2018. This creates higher risks for companies as their employees move between company and public wifi networks and shows the need for mobile app security testing.

  1. 67 percent of companies have been hacked via mobiles

Whatever is in place now is failing since 67 percent of companies claim to be victims of a mobile hack. These breaches were due to hackers targeting employees with access to sensitive and exploiting mobile application vulnerabilities.

  1. Mobile malware is running on networks

The research shows that mobile malware has a presence on company networks with 3 percent of all employee mobile devices running malware that steals sensitive information. To contextualise this imagine a major company on which there are 1700 mobile devices running malware on a company network.

  1. No one’s doing anything about malware

Scans for malware are limited to 26 percent of mobile devices on corporate networks. Imagine 75 percent of all mobile devices with malware that no one has noticed accessing sensitive data on the corporate network.

  1. These companies claim to be ‘vigilant’

36 percent of IT staff claim to be ‘vigilant’ about protecting sensitive data and the corporate network, this leaves the remaining 65 percent doing nothing about mobile app security testing and mobile malware.

  1. Security policies with no focus on mobile

Almost 66 percent of information security policies give no instructions on how corporate data is to be stored on mobile devices or for mobile app security testing. This gives employees, and any hacker who has compromised a device, complete access to the corporate network.

  1. The costs of mobile data breaches are rising

The costs of mobile data breaches are up to $9500 to find and fix mobile malware issues per device. Consider as above doing this for 1700 employees, the cost would be $16.5 million.

  1. Mobile security expenditure is on the rise

These problems are going to be met with increased cybersecurity spending, and, one hopes, more reach for CISOs within the enterprise.

This research tells us that these companies need to take serious measures to make mobile security a priority as mobile, and in particular mobile access to corporate data, has become a critical part of cyber attacks and is now embedded in corporate IT infrastructure.

At Codified Security we keep monitoring mobile risk 24/7, get in touch with us.

Research from The Economic Risk of Confidential Data on Mobile Devices in the Workplace by The Ponemon Institute and Lookout 

Codified Security is here to help make your mobile app secure whether it’s for iOS, Android, or to make sure you’re clearing the OWASP Mobile Top 10. For mobile app security testing in under a minute try out Codified Security.