Every Enterprise has Mobile Security Attacks and Threats, Says Zimperium’s “State of Mobile Enterprise Security” Report
Global Report Contains Data for the First Half of 2019 From More Than 45 Million Endpoints
DALLAS–(BUSINESS WIRE)–#infosec–According to data and research from Zimperium’s “State of Mobile Enterprise Security” Report for the first half of 2019, it is no longer a matter of if or when an enterprise’s mobile endpoints will be compromised. They already are and most organizations have little to no knowledge or visibility of the compromise.
The report contains data from more than 45 million anonymized endpoints across hundreds of customers giving Zimperium, the global leader in mobile threat defense (MTD), a unique view into the state of mobile enterprise security.
Zimperium’s “State of Enterprise Mobile Security” Report is designed to answer the primary question organizations ask every day: What percent of my devices are exposed to each type of threat and attack? A free download of the report is available and Zimperium is conducting a free webinar today, July 31st, at 10am Central to discuss its findings (a recording of the webinar will be available afterward).
For purposes of this report, “threats” are conditions that increase the likelihood of a device being attacked or enable attacks to be made more efficiently. “Attacks” are actual attacks against mobile endpoints.
Key takeaways from the report include:
Device Threats and Attacks
- Mobile OS vendors created patches for 440 security vulnerabilities.
- Twenty seven percent of enterprise mobile endpoints were exposed to device threats.
- The majority of malicious profiles (68 percent) were considered “high-risk,” meaning they had elevated access that could lead to data exfiltration or full compromise.
Network Threats and Attacks
- One third of enterprise mobile endpoints encountered risky networks, and almost one out of 10 were exposed to network attacks.
- Man-in-the-middle (MITM) attacks were 93 percent of network threats and 86 percent of all threats.
- The top five countries with the highest number of network attacks are: Republic of Korea, Japan, United States, China and the United Kingdom.
Applications Threats and Attacks
- Zimperium’s machine learning-based engine, z9, detected thousands of malicious apps that were not in VirusTotal or any other repository.
- Forty five percent of all attacks detected on Android devices were malicious apps versus less than one percent of those detected on iOS. Ninety eight percent of all detected malicious apps were on Android.
- Five percent of enterprise mobile endpoints had sideloaded apps from sources outside the authorized and vetted Apple App Store or Google Play Store. Thirty six percent of the Android devices had sideloaded apps versus two percent of iOS ones.
- Seventy percent of iOS apps had advertising capabilities and iOS Bluetooth beacon usage exploded to 69 percent of apps (from 38 percent at the beginning of 2019).
- Twenty four percent of iOS apps passed sensitive information over the web unencrypted.
“Our research shows that every organization that has protected its mobile endpoints with Zimperium has detected threats and attacks,” said Jon Paterson, chief strategy officer at Zimperium. “As attackers continue to get more creative and take advantage of the lack of mobile security/visibility, mobile threats and attacks are increasing in both quantity and impact.”
Zimperium, the global leader in mobile device and app security, offers real-time, on-device protection against Android and iOS threats. The Zimperium platform leverages our award-winning machine learning-based engine – z9 – to protect mobile data, apps and sessions against device compromises, network attacks, phishing attempts and malicious apps. To date, z9 has detected 100% of zero-day device exploits without requiring an update or suffering from the delays and limitations of cloud-based detection – something no other mobile security provider can claim. Headquartered in Dallas, TX, Zimperium is backed by Sierra Ventures, Samsung, Telstra, Warburg Pincus and SoftBank. Learn more at www.zimperium.com or our official blog at https://blog.zimperium.com.
Zimperium, the Zimperium name and logo, Powered by Zimperium, zIPS, zIAP and z9 are registered trademarks or trademarks of Zimperium, Inc. in the US and other countries.
Andy Shane, Zimperium