According to data and research from Zimperium’s “State of Mobile Enterprise Security” Report for the first half of 2019, it is no longer a matter of if or when an enterprise’s mobile endpoints will be compromised. They already are and most organizations have little to no knowledge or visibility of the compromise.
The report contains data from more than 45 million anonymized endpoints across hundreds of customers. Key takeaways from the report include:
- Mobile OS vendors created patches for 440 security vulnerabilities.
- Twenty seven percent of enterprise mobile endpoints were exposed to device threats.
- The majority of malicious profiles (68%) were considered “high-risk,” meaning they had elevated access that could lead to data exfiltration or full compromise.
- One third of enterprise mobile endpoints encountered risky networks, and almost one out of 10 were exposed to network attacks.
- Man-in-the-middle (MITM) attacks were 93 percent of network threats and 86 percent of all threats.
- The top five countries with the highest number of network attacks are: Republic of Korea, Japan, United States, China and the United Kingdom.
- Zimperium’s machine learning-based engine, z9, detected thousands of malicious apps that were not in VirusTotal or any other repository.
- Forty five percent of all attacks detected on Android devices were malicious apps versus less than one percent of those detected on iOS. Ninety eight percent of all detected malicious apps were on Android.
- Five percent of enterprise mobile endpoints had sideloaded apps from sources outside the authorized and vetted Apple App Store or Google Play Store. Thirty six percent of the Android devices had sideloaded apps versus two percent of iOS ones.
- Seventy percent of iOS apps had advertising capabilities and iOS Bluetooth beacon usage exploded to 69% of apps (from 38% at the beginning of 2019).
- Twenty four percent of iOS apps passed sensitive information over the web unencrypted.
“Our research shows that every organization that has protected its mobile endpoints with Zimperium has detected threats and attacks,” said Jon Paterson, chief strategy officer at Zimperium. “As attackers continue to get more creative and take advantage of the lack of mobile security/visibility, mobile threats and attacks are increasing in both quantity and impact.”