Enterprises still falling short on mobile security

Enterprises are still not doing enough to protect corporate data on their employee's mobile apps and devices from cyber threats, according to a new report from MobileIron.

According to the Mobile Security and Risk Review report for Q2 2016, less than 5 per cent of enterprises are using mobile threat detection software and only 8 per cent have an enforced operating system update policy in place.

Furthermore, 40 per cent of enterprises experienced missing devices (a seven per cent increase from Q4 2015) and 27 per cent had out of date policies, up from 20 per cent in Q4 2015.

These are surprising and alarming statistics in equal measure. Not only are the number of mobile devices and applications being used within enterprises increasing, but the mobile security threat landscape is developing faster than ever.

James Plouffe, lead architect at MobileIron said: "The velocity of mobile attacks is increasing, but the latest data shows that enterprises are still not doing the things they could be to protect themselves."

“This lack of security hygiene demonstrates that enterprises are alarmingly complacent, even when many solutions are readily available."

However, UK businesses appear to be less complacent than their international counterparts. UK businesses were found to have the fewest devices out of compliance (39 per cent), the fewest compromised devices (4 per cent) and the fewest reports of staff removing Mobile Device Management software (17 per cent). The are compared to global averages of 50, nine and 26 per cent respectively.

The report also lists the top ten consumer unmanaged apps most often blacklisted in Q2 2016. They are: Dropbox, Facebook, Angry Birds, Skype, Line, Box, OneDrive, Google Drive, Twitter and Evernote.

“When an unmanaged app that can potentially access corporate data or bypass corporate security measures achieves broad consumer adoption, IT departments look to blacklist it because they can’t protect corporate data in an app they don’t manage,” said Plouffe.

“IT must ensure mobile security controls are deployed and enforced on every device used to access corporate data and apps."

Image source: Shutterstock/wk1003mike