Enterprises still not doing enough to protect mobile devices, says EMM vendor

Enterprises have various ways of meeting the security threat posed by mobile devices that can access corporate data, ranging from tight device and information lock-down to modest controls.

That’s not good enough, says mobile management provider MobileIron Inc., which in its second Mobile Security and Risk Review says organizations continue to fall short when it comes to protecting corporate data on mobile apps and devices. As evidence it points to an analysis of customer data that shows only eight per cent of companies using its solution are enforcing OS updates, while less than five per cent are using app reputation or mobile threat detection software.

The survey also showed that 40 per cent of companies had missing devices — potentially dangerous if they aren’t password-protected or can be remotely erased — up from 33 per cent in Q4 2015, and that 27 per cent of companies had out-of-date policies (where a mobile IT administrator has changed a policy on a console but that change has not moved up to all devices under management), up from 20 per cent in Q4 2015.

“The velocity of mobile attacks is increasing but the latest data shows that enterprises are still not doing the things they could be to protect themselves,” James Plouffe, the vendor’s lead architect, said in a statement. “This lack of security hygiene demonstrates that enterprises are alarmingly complacent, even when many solutions are readily available.”

The numbers come from aggregated, anonymous usage data shared by MobileIron customers in seven countries (the U.S., United Kingdom, France, Spain, Germany, Belgium and Japan) and for the three month period ending June 30.

There was one oddity: The percentage of companies in which a mobile device management app was removed from one or more mobile devices increased from five per cent in Q4 2015 to 26 per cent. “While less than 1 per cent of devices fell into this category,” the report notes, “they were spread across more companies. The reason for this increase is not known. Nevertheless, the trend is puzzling given general awareness that even a single compromised device increases the attack surface and can introduce malware into the corporate network or enable the theft of sensitive corporate data that resides behind the firewall.” U.S. companies were the most likely to have unmanaged EMM devices (30 per cent) and U.K. companies were the least likely (17 per cent).

There was some good news:  The number of compromised (jailbroken or rooted) devices  was about the same — 10 per cent of companies reporting at least one compromised device in Q4 2015, compared to nine per cent in Q2 2016. On the other hand 53 per cent of companies had at least one device out of compliance with its policies in Q2 2016, the same as Q4 2015.

The MobileIron [Nasdaq: MOBL] report also said these mobile attacks either emerged or worsened in the last six months:

  • Android GMBot, spyware that remotely controls infected devices in order to trick victims into providing their bank credentials;
  • AceDeceiver iOS malware, designed to steal a person’s Apple ID;
  • SideStepper iOS “vulnerability,” a technique that intercepts and manipulates traffic between an MDM server and a managed device;
  • High-severity OpenSSL issues, vulnerabilities that can potentially impact large numbers of applications and services, which could ultimately jeopardize enterprise data-in-motion;
  • Marcher Android malware, which mimics bank Web pages that trick users into entering their login information through e-commerce web sites.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now