Three-quarters Of Users More Vulnerable To Mobile Attacks Than A Year Ago According To New Menlo Security Mobile Risk Report

Menlo Security has released the findings from its “Menlo Security Mobile Risk 2021 Report”, which looks at security concerns around mobile usage as more businesses operate remotely. 

Partnering with Sapio Research, the research questioned 600 IT decision makers in the UK, US, and Australia, including C-level, in a range of sectors including retail, manufacturing, financial services and healthcare, about the mobile security threat landscape. It looks at how businesses are responding to cybersecurity challenges during the global pandemic and beyond where work is no longer bound by physical offices.

Menlo Security discovered that over half of global respondents (UK: 50 per cent) admit that it’s not possible to be prepared for all of the tactics and strategies used by attackers targeting mobile devices, while 38 per cent (UK: 35 per cent) claim it’s impossible to keep up with the pace of these attacks. 

The survey also found that three-quarters of IT decision makers believe their organisations are more vulnerable to mobile cyber attacks than ever before; 73 per cent globally (UK: 67 per cent) say that end users are now more susceptible to cyber attacks on mobile devices than they were five years ago. It also found that 76 per cent of respondents believe they are more vulnerable to mobile attacks than just a year ago following the shift to remote and hybrid work environments.

“Although many organisations are confident in their ability to identify and prevent mobile attacks, often this is just overconfidence in legacy solutions that are not able to provide 100 per cent protection against the latest waves of socially engineered attacks, such as Phishing and Smishing or zero-days,” said Mark Guntrip, senior director of cybersecurity strategy for Menlo Security. “Even experienced professionals can fall victim to these attacks and the only way to truly prevent them in the first place is through isolation, which secures work regardless of where it happens.”

Global IT decision makers also acknowledge that 71 per cent (UK: 72 per cent) have experienced phishing attacks. Although the majority of respondents admit they are either more susceptible to mobile attacks or they have already encountered one, a surprisingly high percentage still felt confident in the ability of their organisation to both identify and prevent them. Although mobile devices often make it difficult to identify the telltale signs of malicious emails or links, such as URL addresses, 88 per cent (UK: 86 per cent) still believe in their ability to identify them and 84 per cent (UK: 81 per cent) trust in their ability to prevent them.

“Threat actors are always looking for the path of least resistance and given the large number of organisations and employees who are still working remotely, mobile devices have entered into the centre of attackers’ crosshairs,” said Guntrip. “Unfortunately, mobile security has often been an afterthought for enterprise security strategies. Today’s businesses must rethink how they’re safeguarding their networks and what avenues are most susceptible to threats in the remote work landscape.”

The survey also looked at the strategies most often used by organisations in the UK, US and Australia, finding that isolation adoption hovers around 40 per cent (UK: 36 per cent), lagging behind more traditional methods, such as mobile device management (84 per cent; UK: 78 per cent), and DLP (35 per cent; UK: 25 per cent), leaving a majority of organisations at risk of attack. Just four per cent globally had no solutions in place yet.

Additional UK figures:

• 92% of UK respondents agree that attacks on mobiles are becoming ‘more frequent and more sophisticated’ (the highest figure globally) compared to the global average of 86%. 
• When asked who is responsible for the security of mobile devices used for work purposes, the UK has the highest for ‘organisations’ (63% vs. 55% globally) but lowest for ‘mobile vendors’ (15% vs. 20% globally). While 22% said ‘end-users’ (vs. 25% globally).
• In the last 12 months, UK respondents experienced the following type of mobile security attacks: Phishing (72%), Malware (58%) and Advanced Persistent Threats (31%). One in ten experienced no mobile security attacks or attempts during the last year.
• When it comes to updating mobile devices/OSs when a new patch is issued, over half of UK respondents (53%) update ‘immediately’ or ‘same day’ (compared to 59% globally).
• In the UK, 72% think iOS is more secure (62% globally) compared to 28% for Android (38% globally), and 68% think Apple App Store is more secure vs. 32% for Google Play.
• UK respondents detected an average of 12 mobile security threats in the last month – the lowest number for all three countries – compared to a global average of 14.

Check the Menlo Security Mobile Report 2021 infographic for a summary of the findings.