Weak Links: More Than 50% of Enterprises Have Out-of-Compliance Mobile Devices

CIOReview Team | Wednesday, 13 April 2016, 06:04 IST

MobileIron Inc. (NASDAQ: MOBL), the leader in mobile enterprise security, introduced its new research division MobileIron Security Labs (MISL) and MISL's first publication: the Q4 2015 Mobile Security and Risk Review. The Q4 2015 Mobile Security and Risk Review discusses a distinct set of threats and risks, including compliance failures, compromised devices, and data loss risks, not covered in other security reports. The Mobile Security and Risk Review conclude with recommendations for fortifying mobile enterprise deployments.

"Mobile threats, both internal and external, are on the rise and the enterprise security chain is only as strong as its weakest link," said Michael Raggo, Director, MobileIron Security Labs. "A single, compromised device can introduce malware into the corporate network or enable the theft of sensitive corporate data that resides behind the firewall."

More than 50% of enterprises have at least one non-compliant device
A mobile device can be non-compliant for a variety of reasons, such as a user disabling personal identification number (PIN) protection, losing a device, lacking up-to-date policies, etc. Non-compliant devices create a broader attack surface for malware, exploits, and data theft.

"The real risk is that enterprises will underestimate the seriousness of the problem," Raggo continued. "A single compromised device that goes undetected constitutes a breach. Whether a company loses millions of records or just one record it's still a breach. For all companies, but particularly ones in highly regulated industries, this is a huge problem."

Compromised devices increased 42%
A jailbroken or rooted device is considered compromised and the incidence of compromised devices increased significantly over the quarter. In Q4, one in 10 enterprises had at least one compromised device. Interestingly, during the quarter the number of enterprises with compromised devices increased 42%. At the same time, malicious attackers are employing various tools to make it harder to identify compromised devices. MISL has found variants of jailbreaking tools as well as anti-detection tools that hide the fact that a device is jailbroken and thus create a false sense of security if undetected.

Other research highlights include:

  • Less than 10% of enterprises are enforcing patching which leaves the device vulnerable to data loss.
  • 22% of enterprises had users who had removed the PIN which eliminates the first line of defense.
  • More than 95% of enterprises have no protection against mobile malware.

The Q4 2015 Mobile Security and Risk Review is based on aggregated, anonymous usage data shared by customers that was compiled from October 1, 2015 through December 31, 2015.