Vulnerable Apps Cause Most Mobile Security Breaches

Companies are stepping up their investments in mobile security infrastructure as a result of the risks introduced with mobile data access, according to a new study from IDG, commissioned by security firm Lookout.

The study, based on a survey of 100 IT leaders and IT security executives from a range of industries at companies with an average of 23,000 employees, found that about three-quarters, or 74 percent, of companies have experienced a data breach that resulted from a mobile security issue.

The most common issues included mobile apps that contained security vulnerabilities, at 38 percent, apps containing malware, at 36 percent, and unsecured Wi-Fi connections, at 30 percent, the report found.

One respondent, for instance, said it was aware sensitive data was being leaked, but only after a month was it able to determine that malware was installed on a company-owned device assigned to one of its executives.

Malware-bearing software is a major problem for the Android platform, but Apple’s App Store also recorded its first major malware infiltration last month, when hundreds of apps were found to have been generated using a counterfeit version of Apple’s Xcode programming tool.

However, the mobile management tools currently in place don’t offer protection from these risks, according to IDG.

“While enterprise mobility management tools can provide valuable administrative capabilities and protect the organization from phone loss, accidental data loss or weak passwords, they lack the necessary visibility into today’s modern security risks, including malware and other device-centric attacks,” the company stated.

Most of the survey’s respondents said they were concerned about their inability to detect such threats, with 73 percent, for instance, saying they were “extremely or very concerned” about their inability to detect apps containing malware.

Mobile security breaches can have significant results for companies, since corporate data is increasingly accessible via mobile devices, the report found.

The vast majority of respondents, at 82 percent, said at least half of their corporate data was accessible to mobile users, with Android the most popular platform, at 48 percent, followed by Apple’s iOS at 42 percent.

“Mobile devices are rapidly becoming productivity tools while serving as access points to large amounts of enterprise data primarily through cloud services, which may or may not have IT’s blessing,” IDG stated. “As a result, the likelihood that serious mobile breaches are occurring continues to increase, even if these lapses fail to make headline news.”

As a result of such issues, the study found that most respondents, or 90 percent, intended to increase their investments in mobile security over the next 12 months.

“Mobile devices should have the same focus from a security standpoint as a desktop computer,” IDG said in the study. “If a company is embracing BYOD or simply allowing these devices to be used as personal devices inside the corporate network, they should view them as though they were laptops with permanent connectivity on a network outside of enterprise control.”

Are you a security pro? Try our quiz!