Mobile Users Are A Security Weakspot

Uploaded on 2021-06-24 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Menlo Security has released the findings from its “Menlo Security Mobile Risk 2021 Report”, which explores the security concerns surrounding mobile usage as more businesses today operate remotely.  
 
Together with Sapio Research, the survey questioned respondents about the mobile security threat landscape and how businesses are responding to the cyber security challenges of the global pandemic and in the future where work is no longer bound by physical offices.
 
Menlo Security discovered that over half of global respondents (53 per cent; UK: 50 per cent) admitted that it’s not possible to be prepared for all of the tactics and strategies used by attackers targeting mobile devices.  
 
The survey was conducted among 617 IT decision makers from organisations with 1,000 or more employees across the US, UK and Australia. The interviews were conducted online by Sapio Research in April and May 2021:
 
  • More than a third (38 per cent; UK: 35 per cent) claimed that it’s impossible to keep up with the pace of these attacks. 
  • 71 per cent (UK: 72 per cent) of them had experienced phishing attacks.
  • 73 per cent of global respondents (UK: 67 per cent) believe that end users are now more susceptible to cyber attacks on mobile devices than they were five years ago. 
  • 75% of users believe they are more vulnerable to mobile attacks than a year ago with the majority of respondents unprepared for mobile threats.
  • 76 per cent of respondents (UK: 76 per cent) believe they are more vulnerable to mobile attacks than just a year ago following the shift to remote and hybrid work environments.
The survey also found that three-quarters of IT decision makers believe their organisations are more vulnerable to mobile cyber attacks than ever before. 
 
“Although many organisations are confident in their ability to identify and prevent mobile attacks, often this is just over confidence in legacy solutions that are not able to provide 100 per cent protection against the latest waves of socially engineered attacks, such as phishing and smishing or zero-days” said Mark Guntrip , Strategy Director of Menlo Security. “Even experienced professionals can fall victim to these attacks and the only way to truly prevent them in the first place is through isolation, which secures work regardless of where it happens.” 
 

Although a majority of respondents admitted they are either more susceptible to mobile attacks or they have already encountered one, a surprisingly high percentage still felt confident in the ability of their organisation to both identify and prevent them. 

Although mobile devices often make it difficult to identify the telltale signs of malicious emails or links, such as URL addresses, 88 per cent (UK: 86 per cent) still believe in their ability to identify them and 84 per cent (UK: 81 per cent) trust in their ability to prevent them. “Threat actors are always looking for the path of least resistance and given the large number of organisations and employees who are still working remotely, mobile devices have entered into the centre of attackers’ crosshairs... Unfortunately, mobile security has often been an afterthought for enterprise security strategies. Today’s businesses must rethink how they’re safeguarding their networks and what avenues are most susceptible to threats in the remote work landscape.” according to Guntrip.
 
The survey also inquired about the strategies that are most often used by organisations in the UK, US and Australia, finding that isolation adoption hovers around 40 per cent (UK: 36 per cent), lagging behind more traditional methods, such as mobile device management (84 per cent; UK: 78 per cent), and DLP (35 per cent; UK: 25 per cent), leaving a majority of organisations at risk of attack.  Just 4 per cent globally had no solutions in place yet. 
 
  • 92% of UK respondents agree that attacks on mobiles are becoming ‘more frequent and more sophisticated’ (the highest figure globally) compared to the global average of 86%.  When asked who is responsible for the security of mobile devices used for work purposes, the UK was the highest for ‘organisations’ (63% vs. 55% globally) but lowest for ‘mobile vendors’ (15% vs. 20% globally). While 22% said ‘end-users’ (vs. 25% globally).
  • In the last 12 months, UK respondents experienced the following type of mobile security attacks: Phishing (72%), Malware (58%) and Advanced Persistent Threats (31%). One in ten experienced no mobile security attacks or attempts during the last year.
  • When it comes to updating mobile devices/OSs when a new patch is issued, over half of UK respondents (53%) update ‘immediately’ or ‘same day’ (compared to 59% globally).
  • In the UK, 72% think iOS is more secure (62% globally) compared to 28% for Android (38% globally), and 68% think Apple App Store is more secure vs. 32% for Google Play.
  • UK respondents detected an average of 12 mobile security threats in the last month – the lowest number for all three countries – compared to a global average of 14.
 
Menlo Security:        Image: Unsplash
 
You Might Also Read:
 
Detecting Rogue Mobile Devices:
 
 
 
« Global Police Operation Closes Fake Pharma Websites
Maritime Shipping Line Under Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

BehavioSec

BehavioSec

BehavioSec uses the way your customers type, swipe, and hold their devices, and enables them to authenticate themselves through their own behavior patterns.

WiJungle

WiJungle

WiJungle is an Indian Cyber Security Company that develops and markets a unified network security gateway solution.

Hallam-ICS

Hallam-ICS

Hallam-ICS designs MEP systems for facilities and plants, control and automation solutions, and ensures safety and regulatory compliance.

Fly Ventures

Fly Ventures

Fly Ventures is a seed-stage venture capital fund for outstanding teams building Enterprise and Deep Tech startups in Europe.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

ZARIOT

ZARIOT

ZARIOT's mission is to restore order to what is becoming connected chaos in IoT by bringing unrivalled security, control and quality of service.

Amnesty Tech

Amnesty Tech

Amnesty Tech's Security Lab leads technical investigations into cyber-attacks against civil society and provides critical support when individuals face such attacks.

RedHunt Labs

RedHunt Labs

RedHunt Labs is a premier Cybersecurity Solutions provider, offering Attack Surface Management solution 'NVADR' and Penetration Testing services.

Pionen

Pionen

Pionen are a specialist information security consultancy with excellent people and proven security delivery methodologies at its core.

Rausch Advisory Services

Rausch Advisory Services

Rausch delivers solutions that address compliance, enterprise risk, information technology and human resource capital.

Secrutiny

Secrutiny

Scrutiny's core services include Cyber Maturity, Cyber Risk Analyser, Cyber Controls, Incident Response, SOC, Cyber Recovery and Assurance Testing.

Anura

Anura

The world’s most accurate ad fraud solution protects your web assets by eliminating bots, malware and human fraud, ensuring your content is seen by real people.

Cyber Security Global

Cyber Security Global

Cyber Security Global is a leader in electronic security, consultancy, technology, cybersecurity solutions, training, and specialized products.

ETI-NET

ETI-NET

ETI-NET is the worldwide leader in managing critical data for industries that never stop.

L&T Technology Services (LTTS)

L&T Technology Services (LTTS)

L&T Technology Services Limited (LTTS) is a global leader in Engineering and R&D (ER&D) services.