New MobileIron report reveals alarming enterprise mobile security practices
MWC Mobile attack vectors and security risks continue to proliferate, yet many organisations aren’t helping themselves with lax practices, according to a new report from enterprise mobility management (EMM) provider MobileIron.
The company’s first ever quarterly Mobile Security and Risk Review found more than half of enterprises assessed between October and December 2015 had at least one non-compliant device in their organisation at any given time. Reasons for this included disabling PIN protection, lacking up to date security policies, and losing devices. The research also found that between the first and last day of the quarter, the number of enterprises with compromised devices had increased by 42%.
33% of enterprises had missing devices, while 22% had users who had disabled their PIN. 20% had devices with old policies, while 5% of firms had users who had removed their mobile device management (MDM) software, according to the research.
MobileIron assesses the enterprise mobile security landscape through three separate threat vectors: the device, through vulnerabilities, jailbreaking, non-compliance; apps, malware, cloud storage and stolen credentials; and the network, with open Wi-Fi and man in the middle attacks. At the heart of all three are the users themselves.
According to the study, iOS represents 78% of enterprise devices, compared with 18% for Android. These figures correlate well when put against Good Technology’s quarterly mobility index findings, at (X) and (X) respectively. The report challenges the view that iOS is relatively invulnerable compared to Android – a view which some question already – by citing a number of iOS-flavoured malware variants, including YiSpecter, KeyRaider and XcodeGhost.
MobileIron gives five recommendations to companies looking to mature their mobile security strategy:
- Enforce compliance policies and deal with devices which fall out of compliance
- Give up on blacklisting personal cloud storage apps
- Add a mobile threat prevention solution that integrates with your EMM solution
- Ensure patching of managed devices
- Automatically quarantine compromised devices even if the device is ‘offline’
The advice to stop blacklisting personal cloud apps is a message which MobileIron has frequently preached – secure the personal cloud and allow employee to work best on the tools they prefer.
“Despite 25 years of developing new security and defence techniques, PC and server breaches are at an all-time high,” the report notes. “The good news is that mobile computing presents an opportunity to learn from the security mistakes of the PC era and to adopt a new security model.”
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located IoT Tech Expo, Blockchain Expo, AI & Big Data Expo and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam and explore the future of enterprise technology.
- » Why passwords are the weakest defence in a Zero Trust world
- » CISOs are burning out: Here’s how to fix it
- » Tackling cybercrime one step at a time: How businesses can stay connected and protected
- » How global cybercrime is an ‘efficient and global’ operation – and what needs to be done about it
- » Blurred lines: How desktop and mobile device management is evolving