Every Single Organization Has At Least 1 Infected Mobile Device

Every Single Organization Has At Least 1 Infected Mobile Device

This post is also available in: heעברית (Hebrew)

Large organizations (companies or agencies with more than 200 iOS or Android mobile devices) are almost guaranteed to have at least one malware-infected device, according to a new report.

The Skycure Mobile Threat Intelligence Report also found that four percent of all mobile devices have malware installed, regardless of whether they are managed by an enterprise or an individual.

“Malware absolutely exists on enterprise mobile devices and standardizing on iOS doesn’t make you safe,” said Yair Amit, CTO of Skycure. “Unlike the nuisance malware of the past that targeted only consumers, today’s malware is smarter, and often more focused on businesses. We have seen recent attacks that have been specifically designed to circumvent two-factor authentication. Smartphones make excellent reconnaissance tools because they are able to track a user’s conversations and movements twenty-four seven. That means malware can target specific individuals for access to valuable personal and corporate information.”

The report found that nearly one in five (19 percent) enterprise Android devices still allows app installation from third-party stores, despite a system-level setting to turn off this feature. According to the study, this is a problem because third-party app stores are much more likely to deliver malware. The report ranked the Google Play store the safest place to get Android apps. Users are nearly twice as likely to download malware from the Samsung store, more than 12 times more likely to find malware at the Amazon store, and more than 72 times more likely to be infected at the Aptoid store.

Nearly one in every three enterprise mobile devices are medium-to-high risk according to the Skycure Mobile Threat Risk Score. Two in every hundred are high risk–meaning they’ve already been compromised or are currently under attack. The Skycure risk score takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behavior.