Menlo Security released the findings from its "Menlo Security
Mobile Risk 2021 Report", which explores the security considerations and concerns
around mobile usage as more businesses today operate remotely. Partnering with
Sapio Research, the
survey questioned respondents about the mobile security threat landscape and
how businesses are responding to cybersecurity challenges during the global
pandemic and beyond where work is no longer bound by physical offices.
Following a survey of more than 600 IT decision makers across the UK, US, and
Australia, including CIOs and CISOs, Menlo Security discovered that over half
of global respondents (53 per cent; UK: 50 per cent) admitted that it's not
possible to be prepared for all of the tactics and strategies used by attackers
targeting mobile devices. More than a third (38 per cent; UK: 35 per cent)
claimed that it's impossible to keep up with the pace of these attacks.
The survey also found that three-quarters of IT decision makers believe their
organisations are more vulnerable to mobile cyber attacks than ever before. It
is of little surprise that 73 per cent of global respondents (UK: 67 per cent)
believe that end users are now more susceptible to cyber attacks on mobile
devices than they were five years ago. The survey also found that 76 per cent
of respondents (UK: 76 per cent) believe they are more vulnerable to mobile
attacks than just a year ago following the shift to remote and hybrid work
environments.
"Although many organisations are confident in their ability to identify and
prevent mobile attacks, often this is just overconfidence in legacy solutions
that are not able to provide 100 per cent protection against the latest waves
of socially engineered attacks, such as
Phishing and
Smishing
or zero-days," said Mark Guntrip, senior director of cybersecurity strategy for
Menlo Security. "Even experienced professionals can fall victim to these
attacks and the only way to truly prevent them in the first place is through
isolation, which secures work regardless of where it happens."
Global IT decision makers also acknowledged that 71 per cent (UK: 72 per cent)
of them had experienced phishing attacks. Although a majority of respondents
admitted they are either more susceptible to mobile attacks or they have
already encountered one, a surprisingly high percentage still felt confident in
the ability of their organisation to both identify and prevent them. Although
mobile devices often make it difficult to identify the telltale signs of
malicious emails or links, such as URL addresses, 88 per cent (UK: 86 per cent)
still believe in their ability to identify them and 84 per cent (UK: 81 per
cent) trust in their ability to prevent them.
"Threat actors are always looking for the path of least resistance and given
the large number of organisations and employees who are still working remotely,
mobile devices have entered into the centre of attackers' crosshairs," said Guntrip.
"Unfortunately, mobile security has often been an afterthought for enterprise
security strategies. Today's businesses must rethink how they're safeguarding
their networks and what avenues are most susceptible to threats in the remote
work landscape."
The survey also inquired about the strategies that are most often used by
organisations in the UK, US and Australia, finding that isolation adoption
hovers around 40 per cent (UK: 36 per cent), lagging behind more traditional
methods, such as mobile device management (84 per cent; UK: 78 per cent), and
DLP (35 per cent; UK: 25 per cent), leaving a majority of organisations at risk
of attack. Just 4 per cent globally had no solutions in place yet.
Additional UK figures:
- 92% of UK respondents agree that attacks on mobiles are becoming ‘more
frequent and more sophisticated' (the highest figure globally) compared to the
global average of 86%.
- When asked who is responsible for the security of mobile devices used for
work purposes, the UK was the highest for ‘organisations' (63% vs. 55%
globally) but lowest for ‘mobile vendors' (15% vs. 20% globally). While 22%
said ‘end-users' (vs. 25% globally).
- In the last 12 months, UK respondents experienced the following type of
mobile security attacks: Phishing (72%), Malware (58%) and Advanced Persistent
Threats (31%). One in ten experienced no mobile security attacks or attempts
during the last year.
- When it comes to updating mobile devices/OSs when a new patch is issued, over
half of UK respondents (53%) update ‘immediately' or ‘same day' (compared to
59% globally).
- In the UK, 72% think iOS is more secure (62% globally) compared to 28% for
Android (38% globally), and 68% think Apple App Store is more secure vs. 32%
for Google Play.
- UK respondents detected an average of 12 mobile security threats in the last
month - the lowest number for all three countries - compared to a global
average of 14.