As employees continue to use their own devices and personal applications for work purposes, more threats are introduced into the workplace, putting company networks at risk. The Webroot report also provides suggestions and best practices to reduce the risk to corporate data from employee-owned mobile devices.
Key findings include:
- 384% increase in total threats to Android devices in 2013.
- 42% of applications for Android analyzed were classified as malicious, unwanted, or suspicious.
- Infection risk comparisons between the Android and iOS platforms.
- 29.3% of all tracked SMS infections stem from gaming applications.
The new report, based on data collected by the Webroot Threat Research team, analyzed more than 5.9 million mobile applications (apps), 31,000 infections, nearly 125,000 Lost Device Protection activations, and infection rates from millions of customers.
The increased risk is caused by malicious apps including those which require rooting the device, send premium SMS messages, and collect all available data. The report stresses the importance of downloading apps from reputable sources such as Google Play and iTunes. Many third party app markets do not apply strict security standards and can unknowingly host malicious files.
“Consumers are very trusting of mobile applications such as Facebook, Twitter and Angry Birds – they are apps they know and have used for some time. However, it’s the thousands of unverified apps, often found on third party markets or P2P networks, that put users at risk,” said Grayson Milbourne, security intelligence director at Webroot.
“The report shows that this line of thinking is dangerous; poor app choices can lead to the compromise of an entire corporate network. The need to secure mobile devices will continue to grow as the discovery of new exploits and malicious apps increase—all driven by a clear focus on mobile platforms within the cybercrime community,” Milbourne added.
The proliferation of mobile devices, particularly personal devices used in the work environment—known as “bring your own device” or BYOD—can expose corporate networks to higher risk and the continued growth of the platform for Android is of particular concern. The data indicated a nearly 4X increase in the volume of potentially threatening apps for Android in 2013, while a recent report from Strategy Analytics indicated Android powered 79 percent of all smartphones shipped during the same period. While allowing such devices to access company resources aids productivity, the increased potential for compromise opens up a risk vector for which IT personnel must take into account.
The complete report is available here.