Over 50% of Devices are Non-Compliant in Enterprise

mobile security

MobileIron has introduced its new research division MobileIron Security Labs (MISL) and MISL’s first publication: the Q4 2015 Mobile Security and Risk Review. The Q4 2015 Mobile Security and Risk Review discusses a distinct set of threats and risks, including compliance failures, compromised devices, and data loss risks, not covered in other security reports. The Mobile Security and Risk Review concludes with recommendations for fortifying mobile enterprise deployments.

“Mobile threats, both internal and external are on the rise and the enterprise security chain is only as strong as its weakest link,” said Michael Raggo, Director, MobileIron Security Labs. “A single, compromised device can introduce malware into the corporate network or enable the theft of sensitive corporate data that resides behind the firewall.”

More than 50% of enterprises have at least one non-compliant device

A mobile device can be non-compliant for a variety of reasons, such as a user disabling personal identification number (PIN) protection, losing a device, lacking up-to-date policies, etc. Non-compliant devices create a broader attack surface for malware, exploits, and data theft.

“The real risk is that enterprises will underestimate the seriousness of the problem,” Raggo continued. “A single compromised device that goes undetected constitutes a breach. Whether a company loses millions of records or just one record it’s still a breach. For all companies, but particularly ones in highly regulated industries, this is a huge problem.”

Compromised devices increased 42%

A jailbroken or rooted device is considered compromised and the incidence of compromised devices increased significantly over the quarter. In Q4, one in 10 enterprises had at least one compromised device. Interestingly, during the quarter the number of enterprises with compromised devices increased 42%. At the same time, malicious attackers are employing various tools to make it harder to identify compromised devices. MISL has found variants of jailbreaking tools as well as anti-detection tools that hide the fact that a device is jailbroken and thus create a false sense of security if undetected.