In the not too distant past, mobile security was not considered a security threat, or even an excessive concern over data loss for many organisations. However, the prevalence of mobile security threats has changed the conversation entirely, bringing mobile security into much needed focus. And with the introduction of GDPR, organisations now need strict governance in place to ensure all data remains secure.
The power, convenience and user productivity that mobile devices provide has resulted in mobile web usage surpassing that of PCs - since October 2016. However, this has now been accompanied by a big increase in malware infections. In the third quarter of 2017, Kaspersky Lab detected 1,598,196 malicious installation packages (1.2 times more than the previous quarter).
Let us look at mobile malware statistics in 2017 and share with you the increases we've seen - and why mobile security is now a primary concern every business.
Mobile security threats and their numbers
It is not unheard of for users to fall victim to untrustworthy devices which have been maliciously configured at one stage or the other in the supply chain. What this means is that individuals or organisations can fall prey to pre-installed malware that was already on the phone prior to it being unboxed. An example of such a case were the 36 Android devices belonging to a telecommunications company that Checkpoint mobile researchers detected with a severe infection.
Panda Labs reported that in Q3 of 2016 alone, an astounding 18 million new malware samples were captured - which equates to an average of 200,000 per day!
These malicious apps have continued to plague mobile users, promising to perform one function but ultimately doing something sinister, or simply harvesting user and device data. While app stores have installed measures to curb malware, developers of this malware continuously find new and advanced ways to evade built-in app store anti-malware protections.
The Nokia threat intelligence report has shown that the overall monthly smartphone infection rate averaged 0.90% in the second half of 2016 – up 83% from the first half of the year and also highlights the most prolific threats facing mobile devices.
Where mobile apps are concerned, this variety of apps can be harmful to the integrity and security of your devices and data by leaking sensitive information. These apps are usually free, and have the ability to carry out their proposed functions, but also extract important information from your device. This sensitive information is then sent to a remote server where the cybercriminals can exploit it.
Kaspersky Lab mobile security products detected 19,748 mobile banking Trojans installation packages in Q3 of 2017.
This particular type of malware steals the credentials of mobile banking customers. Different variants can also read and send texts as well as redirect calls. Alarmingly, these banking trojans are regularly updated to stay current and effective at targeting victims.
According to a report from the FBI in June 2016, on average, 4,000 ransomware attacks occurred per day in 2016. Organisations have not been spared from this onslaught with ransomware attacks reportedly increasing from one every 2 minutes - to one every 40 seconds, according to Kaspersky.
Specifically, in Q3 of 2017, Kaspersky Lab mobile detected 108,073 mobile Trojan-Ransomware installation packages.
According to IBM’s 2016 Mobile Security & Business Transformation Study, almost 60% of security leaders describe the organisations as either partially or fully mobile, deriving enhanced productivity and other business-related benefits. However, 63% also acknowledge that with improved mobility there is an inherent increase in the number of security risks and concerns. 59% of security leaders also say that more IT resources are required to support the increased number of devices and applications being used.
Echoing the same concerns, a survey by Dimensional Research showed that 20% of companies claimed their mobile devices were breached, and 25% had no way of knowing whether they had experienced an attack. As the number of mobile attacks continues to rise, 94% of companies expected the frequency of mobile attacks to increase, with 79% admitting that they’re finding it more and more difficult to secure their mobile devices.
According to the National Crime Agency of the United Kingdom 2016 crime assessment, cybercrime currently makes up more than 50% of the crimes committed in the UK. To further illustrate the growth and on a worldwide scale, Cybersecurity Ventures predicted that cybercrime will cost the world $6 trillion annually by 2021 - up from $3 trillion in 2015.
This is a testament to the magnitude of the threat that cybercriminals pose to companies in the modern world. The current outlook is one that only serves to heighten concern with the following forecasts being made by CSO online:
- Cybercrime damage costs are expected to reach $6 trillion annually by 2021. This figure is a sharp increase from $3 trillion just a year ago.
- Cybercrime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021.
- Human attack surface to reach 6 billion people by 2022. This is an estimated 75% of the projected world population of 8 billion.
- Global ransomware damage costs are predicted to exceed $5 billion in 2017.
A risk that can’t be ignored
Proper management of your mobile devices is equally a survival measure as it is a means of securing competitive advantage and profits. Failing to put in place a robust system of mobile device management will put your organisation at risk of the following:
- Loss of sensitive corporate and customer data.
- Installing malware-infected or unauthorised apps.
- Unrestricted and unfiltered access to undesirable or extremist website content.
- Malicious activity from employees or compromised/jailbroken devices.
Protection – what you can do?
Quite simply, mobile security can no longer be a secondary objective; it is a priority. Organisations should seek to employ the necessary IT security professionals and educate all employees on best practice. A proven alternative will be to outsource IT security services to a dedicated service provider who can supply ongoing support and the latest security measures to mitigate any potential risks.
Mobile Device Management - the most important first step
Deploying an Enterprise Mobile Device Management (MDM) platform is the first and most important step towards taking control of your mobile device security.
As the UK's leading IBM MaaS360 specialist, Comtact Ltd. works with the UK's leading organisations to help secure their mobile workforce - 24x7x365. Download our guide to best practice deployment of a mobile device management (MDM) platform, or why not sign-up for a FREE 30-day MaaS360 trial?