Time to Rethink Your Mobile Security: 1 in 10 Enterprises Have At Least One Compromised Device

New research has uncovered the severity with which the recent influx of malware attacks is impacting the enterprise.

With the growth of mobility in the enterprise there has been a rise in attacks targeting mobile apps and operating systems to exfiltrate sensitive data. A recent example includes iOS apps that were infected with XcodeGhost malware collecting information about devices and then encrypt and upload that data to servers run by attackers.

A new study by MobileIron has uncovered that many enterprises were – and are – unprepared for such attacks.

SEE ALSO: Data Security in the Mobile Ecosystem – Understanding the Complexity of Securing Your Mobile Enterprise

With malware detection company FireEye having identified more than 4,000 infected apps on the App Store, and mobile app risk management company Appthority finding that almost every organisation with at least 100 iOS devices had at least one infected device, it raises the question: is your enterprise mobile secure?

The challenge with mobile devices and apps is that the user – and not the IT administrator – is generally in control. Devices fall out of compliance for a variety of reasons. For example, a device will fall out of compliance if the user jailbreaks or roots their device, if the device is running an old version of the operating system that IT is no longer supporting, or if the user installed an app that IT has blacklisted.

The research found that one in 10 enterprises has at least one compromised device accessing enterprise data, and more than half (53 per cent) of enterprises have at least one device that is not in compliance with corporate security policies.

Top reasons that devices fall out of compliance with corporate policies are:

  • Device is out of contact with the EMM platform.
  • Administration has been deactivated so that the EMM solution can no longer take remote action on a device.
  • Device is not in compliance with rules that either block, require, or allow a particular app.

"Companies that rely on legacy security technologies without a presence on a mobile device or those that only use ActiveSync to manage mobile devices are very vulnerable to breach," warned Mike Raggo, Director of Security Research at MobileIron.

If you think devices within your enterprise may be falling out of compliance, it might be time to rethink your mobile security and ensure your sensitive business data doesn’t fall victim to the rise in malware infecting devices.