Mobile security threats are still on the rise, aggravated even more by reckless user behavior and poor security practices by businesses, according to MobileIron, a mobile device management (MDM) and enterprise mobility management (EMM) company.
In a report published Tuesday, the company revealed that both enterprise and government remain dangerously complacent in protecting their data on their apps and devices. Only 5 percent use App Reputation or Mobile Threat Detection, while only 8 percent enforce their OS updates.
This complacency and lack of investment in mobile threat detection software meant that most mobile attacks are simply rehashed tactics, such as SideStepper’s Man-in-the-Middle (MitM)–wherein the attacker secretly intervenes and alters the communication of two people–which allows the attacker to exploit the same old vulnerabilities.
According to James Plouffe, lead architect at MobileIron, this lack of security measures only reveal how “alarmingly complacent” enterprises are when it comes to addressing mobile threats, despite the many solutions available.
The report outlined five mobile threats that have worsened over the past six months:
- Android GMBot – A spyware that is remotely controlled in order to coax victims of their bank credentials.
- AceDeceiver iOS malware – Malware designed to steal an Apple ID.
- SideStepper iOS vulnerability – A malware that can install unapproved applications
- High-severity OpenSSL issues – Can either decrypt or corrupt memory.
- Marcher Android malware – It pretends to be a bank so victims can log in their credentials.
What’s more alarming is the trend in employee compliance incidents and security practices, which includes a rise in missing devices (44 percent) and out-of-date security policies (27%).
Meanwhile, the government sector sits as the most at-risk industry in terms of mobile threats, as it has the highest number of non-compliant devices, missing devices, and out-of-date policies.
Apps and software for possible blacklisting
The report also listed the top ten apps or software that are likely to be blacklisted, or banned from the workplace, for fear of corporate data breach: Dropbox, Angry Birda, Facebook, Box, Skype, Line, OneDrive, Evernote, Twitter and Google Drive.
Plouffe said IT departments usually blacklist unmanaged apps that may have unauthorized access to data or bypass security measures.
Fortunately, such threats can be thwarted. According to MobileIron, vendors can help keep their devices secure from such threats by constantly updating their OS.
“Moving forward, IT should consider deploying all corporate-liable devices using the Apple Device Enrollment Program (DEP), Samsung KNOX or Android for Work Device Owner to prevent users from deleting or sidestepping corporate security policies on these devices,” it said.