Verizon 2015 Data Breach Report: Mobile Security Presents Opportunity To Get Ahead Of Attacks
While security threats are on the rise, the 2015 Verizon Data Breach Report found that mobile security is one area of clear opportunity for solution providers looking to get ahead of attackers on security threats.
Of the tens of millions of mobile devices on the Verizon Wireless network, only 0.03 percent were infected each week in 2014 by "higher grade" malicious code, the report found. The rest of the hundreds of thousands of malware infections were "low grade," mostly made up of advertisements, the report said. Most of the malware infections, overall, were on Android devices, upward of 96 percent.
"When you think about that, that's a blip. That's virtually nothing," Bob Rudis, managing principal, security and DBIR lead author, said on a press call about the report.
[Related: Symantec Report: 10 Security Threats On The Rise]
Rudis said that the low percentage of malicious malware on devices means there's a large opportunity for security companies and solution providers to get ahead of the curve and proactively protect clients and end users.
"The message from mobile is that you have an opportunity to get ahead of the attackers ... start getting visibility, start getting control and start administrating this in a way that we've never had the opportunity to do before. We have the opportunity to do something great," Rudis said.
In order to capitalize on that opportunity, the report recommended first increasing visibility into security threats on mobile devices, which will promote awareness should the threat landscape escalate. Once that is done, the report recommended seeking control, so when a threat does arise, security professionals can act quickly to remedy it.
Andrew Sherman, Ph.D., CISSP and security practice lead at New York-based Eden Technologies, said he wasn't surprised that the numbers of attacks were so low on iOS devices, but he said he was surprised that even Android attack numbers were low, even as Google steps up its policing of its official app store.
Beyond that, Sherman said he sees a big potential for risk on mobile devices, as many users tend to use the same device for both personal and business functions without containerization. "For many users, it’s a place where personal and enterprise stuff is comingled, and without good data security measures being taken by enterprises, there's leakage opportunities," Sherman said.
Jane Wright, senior analyst at Hampton, N.H.-based Technology Business Research, said she also has seen mobile devices not yet facing a large volume of cyberattacks. Driving that trend, she said, is a "logical business decision" by hackers, who can often make more money by targeting data on servers, storage and PCs.
"Even though companies are using mobile devices for more important business applications every day, mobile devices still don’t hold the promise of a large volume of truly valuable data for the hackers, compared to more traditional attack vectors," Wright said.
That being said, Wright said she is seeing solid revenue growth for mobile security in the market, with 16 percent growth in mobile security revenue for security vendors that provide mobile security products and managed services, according to TBR's Enterprise Security Benchmark.
"Security professionals have learned a lot of best practices from years of protecting their companies' traditional endpoints. Now, as companies use mobile devices more frequently for business applications, they are investing in mobile security controls to help protect their business data," Wright said.
PUBLISHED APRIL 14, 2015