The UK Outlook on Mobile Security in 2022

For a while now, mobile security threats have been on the rise. There is a great deal more to be aware of in the present day, according to data from Kasperky; in 2014, they found 3.5 million pieces of malware on just over 1 million user devices, and within 3 years that number had risen exponentially to 360,000 files… per day.

A 2021 Menlo mobile security survey has reported that 88% of information security professionals across the UK, US and Australia agree with this new level of threat and, as a result, 93% of respondents have pushed mobile security to high priority on their agendas for 2022.

IT teams and corporate responsibility

Traditionally it’s expected for the IT department of a company to oversee or implement any policies or patches for devices connected to the company’s network, right? Wrong. Of the surveyed Menlo respondents, only 55% of information security professionals believe the organisation should be responsible for the security of mobile devices used for work.

In larger companies, there was more belief that the organisation should be in control, but this shines a very bright light on where the heads of small-medium business owners are. Whilst the risk to larger companies in the event of any data or server compromise can be extortionate, both financially and reputationally, in the event of the same breach happening to an SME it can sometimes mean make or break for the business’ future. The belief also implies more trust on employees to patch and manage their own devices’ security, and often, use their own devices to work from.

There are multiple dangers with this, as most information security professionals will tell you, and with the average smartphone receiving security updates from the system operator for an average of only 4 years from release, devices can quickly become unsecure – especially if user security best practises get sloppy.

Vulnerabilities and trust

Of the respondents recorded in the Menlo survey, 67% were of the belief that mobile browser vulnerabilities happened at least several times per week, with a fifth stating they think they occur repeatedly throughout the day. Sadly, when asked about the frequency of employees reporting these vulnerabilities to their IT teams, only 25% overall were confident in their abilities – for the UK alone, this percentile was the lowest of the three countries, with only 17% of respondents trusting their colleagues to report any potential breach issues.

In Kaspersky’s top 7 mobile security threats, number 1 is data leakage caused unintentionally through the download of mobile applications containing “riskware”. It’s common for users to not pay close attention to the permissions they give to newly downloaded applications from app stores. Oftentimes, free applications will harness this and (whilst performing normally), will capture any data on the device and send it to a remote server, where it is at risk of being mined by advertisers or cybercriminals. If an employee uses a personal device for work, there is serious concern for any company data stored on that device.

Another responsibility that would be down to the employee/device owner, is to update with any security patches prompted or unprompted by the device. This is also a duty that IT teams within organisations where devices are managed by the company have to perform. Of the respondents surveyed in the Menlo survey, only a third would immediately update devices and their operating systems after a new patch issue.

Urgency of risk

Breaches due to the fault of a mobile device (indeed most breaches) are not often given clear explanation of method, fault or any other exact details within the news stories we read, so assumptions can only be made. The responses of IT decision makers in the Menlo mobile security survey can, too, hold some insight into the severity level of risk faced by mobile devices today. According to 71% of UK respondents, phishing was the most common mobile security attack in the last year. Just over half, (58%) of the total professionals surveyed across the 3 countries also cited malware as a largely prevalent threat noticed.

And it doesn’t seem that the UK was too prepared for the risk either, as three quarters (74%) of UK-based information security specialists encountered a malicious document download on corporate owned devices at least once in the past 12 months.

One thing can be said for sure when it comes to the outlook on mobile device security in 2022, and that’s that it is a high priority on every IT decision maker’s agenda.

Serbus support the mobile device security of the likes of the UK government, MoD, and popular enterprise organisations. To find out how we can assist in securing your workers and mobile assets with our NCSC approved range of advanced security solutions, get in touch today by emailing [email protected], or call +44 (0)1432 870 879.