Categories: Channel Research

One in ten companies ‘have compromised devices’

One in ten enterprises have at least one compromised mobile device on their networks, according to a new study, which found that the number of companies with suspect systems grew by 42 percent during the fourth quarter of last year.

The Q4 2015 Mobile Security and Risk Review, based on customer data from corporate mobile management firm MobileIron, also found that attackers are growing more sophisticated in making compromised hardware harder to spot.

The findings highlight the increasingly complex problem of managing corporate devices, which have proven an effective way to penetrate a company’s network.

A single compromised device can introduce malware into the corporate network or enable the theft of sensitive corporate data that resides behind the firewall,” said MobileIron Security Labs director Michael Raggo.

Whether a company loses millions of records or just one record it’s still a breach. For all companies, but particularly ones in highly regulated industries, this is a huge problem.”

MobileIron said its study considers jailbroken or rooted devices – which are easier for attackers to take control of – as compromised. The firm said it had uncovered numerous variants of anti-detection tools that hide the fact that a device is compromised, creating a “false sense of security”.

The study also found that more than half of enterprises have at least one non-compliant device, including devices with PIN protection disabled, lost devices or devices that lack up-to-date policies.

Non-compliant devices create a broader attack surface for malware, exploits and data theft,” MobileIron stated.

Twenty-two percent of enterprises had users who had disabled PIN access, MobileIron said.

Other findings included that less than 10 percent of companies enforce device patching, creating security risks, while more than 95 percent of companies had no protection against mobile malware.

Security researchers have said attackers are increasingly taking advantage of the relative lack of security protections on mobile devices to take over the units and use them to gain access to corporate networks.

Earlier this month researchers discovered Android malware that spreads via malicious advertisements found on websites, including pornographic sites, and seeks to take complete control of a targeted device. The “HummingBad” malware was found on the devices of two employees at a major financial services institution, according to IT security firm Check Point.

Researchers have also highlighted that because mobile devices aren’t patched as regularly as full-blown computers, they are relatively easy to attack using known vulnerabilities.

Antony Savvas

York, UK-based Antony Savvas has been a technology journalist for 25 years and has expertise in all major areas of enterprise and consumer IT. He has worked for a number of leading technology magazines and websites and his work is syndicated across the internet. He also undertakes corporate work for some of the world's leading technology companies.

Share
Published by
Antony Savvas

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago