A recently released survey, A Dimensional Research sponsored survey by Check Point Software Technologies Ltd, shows that nearly two-thirds (64%) of respondents stated they are doubtful their organizations can defend against a mobile cyber attack. Twenty percent of respondents stated their company has already experienced a security breach on its mobile devices, and another 24% could not tell whether their employees’ devices had been breached.
The survey, The Growing Threat of Mobile Device Security Breaches, shows that 94% of security professionals expect the frequency of mobile attacks to increase rapidly over the next year. However, just 38% of the survey’s participants stated their organizations use a mobile security solution other than enterprise mobility management solutions to protect against attacks.
A total of 410 participants who have security leadership or frontline responsibilities completed the global survey, representing the full spectrum of job responsibilities and company sizes.
Key findings from the survey include:
- Malware is the most common type of mobile attack: 58% of respondents have seen malware attacks against company mobile devices, 54% have seen SMS phishing exploits and 54% have seen network attacks from WiFi or man-in-the-middle exploits. 41% had seen credential theft and key-logging exploits against mobiles.
- Mobile breaches are costly: 37% of respondents said that the cost of a mobile device breach to their organization would be over $100,000; 23% said it would cost over $500,000. These are similar to the estimated costs of a breach from a conventional desktop or laptop PC, highlighting how much sensitive data is stored on mobile devices, and the ease of access they offer to corporate resources.
- Lack of resources is a barrier to mobile device cyber attack protection: Over 60% of respondents cited a lack of resources (either budget or personnel) as the main reason for not deploying a mobile device security solution. However, 62% of companies are allocating more resources to mobile security initiatives compared to previous years.
The dynamic mobile risk landscape, in which new devices are joining corporate networks daily, and cyber criminals that are continually developing mobile-specific malware and other attack tactics, means that corporate cyber security is struggling to keep up.
David Gehringer, principal at Dimensional Research, and author of the report said: “With 20% of respondents stating their company has already experienced a mobile security breach, and a further 24% not knowing if their company’s devices have been breached, it’s clear that security professionals are struggling to protect their rapidly-growing estates of mobile devices. This is supported by a majority of respondents to our survey citing a lack of resources as the main reason for not deploying mobile device security. However, it is encouraging that 62% of companies are allocating more resources to mobile security initiatives compared to previous years: it’s an issue that needs addressing urgently, given the expected sharp increase in mobile attacks over the next year.”
Michael Shaulov, head of products, mobile and cloud security at Check Point said: “The survey data shows that companies are at real risk of a mobile security breach. Just 38% use a mobile security solution to protect devices and the data on them against attack, despite the growth in mobile threats and the high costs that result from a mobile breach. As mobile device usage is front and center in organizations today, they need to protect all their devices – both corporate-owned and BYOD – with a holistic solution that blocks malware and network attacks, and prevents data leakage and credentials theft, without affecting the user’s experience.”