Enterprise app use on the rise, despite mobile malware sophistication

The use of mobile apps within organisations is heating up with nearly 80% of companies using more than 10 apps for business, according to the third edition of the Mobile Security and Risk Review.

This bi-annual report, released today by MobileIron, provides IT security leaders with timely information about the state of enterprise mobile apps, the mobile threat landscape, and the emerging risks facing their organisations.

“MobileIron was founded on the idea that mobile apps and data would become fundamental to mobilising business workflows,” said James Plouffe, Lead Security Architect, MobileIron. “This edition of the Mobile Security and Risk Review shows that apps are not only critical to business, but that employees around the world rely on these tools for parts of their jobs that were once relegated to the desktop, such as presentations and spreadsheets.”

The third edition of the Mobile Security and Risk Review updates data from the first half of 2016 and discusses an emerging set of mobile threats, including enterprise compliance failures, compromised devices, and data loss risks.  For the first time, the review includes:

  • The most popular enterprise apps
  • Adoption metrics for Apple’s Volume Purchase Program (VPP) and Device Enrollment Program (DEP)
  • Enterprise security trends for Australia and the Netherlands in addition to Belgium, France, Germany, Japan, Spain, the UK and the US
  • Specific information about healthcare and financial services industries, in addition to government

The state of enterprise apps
79% of the organisations in MobileIron’s global customer base have more than 10 enterprise apps installed. Nearly one in five organisations (18%) uses VPP to streamline enterprise app deployment to users. The rate is significantly higher in the healthcare (29%) and government (25%) verticals. 13% of organisations use DEP, which offers more control over corporate mobile fleets. With DEP, enterprises can enforce tighter restrictions on corporate-owned, supervised devices. Nearly one-quarter (22%) of healthcare organisations use DEP.

The most popular business apps in the world
For the first time, the Mobile Security and Risk Review includes a list of the most popular managed mobile business apps. The top installed apps are:

Mobile malware grows up

The end of 2016 was plagued with high-profile vulnerabilities and new malware families that were not present in the second edition of the Mobile Security and Risk Review. The severity and sophistication of these attacks increased to unprecedented levels. Notable examples include:

  • HummingBad Malware: infected 85,000,000 devices
  • Pegasus: capable of intercepting virtually all communications
  • QuadRooter: detected on an estimated 900,000,000 devices
  • The Godless Malware: infected 850,000 devices

While mobile malware sophistication is on the rise, enterprises did little to improve mobile security best practices, even in highly regulated industries. Security hygiene highlights from Q4 2016 include:

  • Policy enforcement: Nearly half of companies (45%) did not enforce device policies
  • Outdated policies: Nearly 30% of companies had at least one outdated policy
  • Missing devices: 44% of companies had at least one missing device
  • Operating System updates: Just 9% of companies enforced OS updates
  • Compromised devices: 11% of companies had compromised devices accessing corporate data

“Mobile security is still a new competency for many organisations and their internal security policies and processes are not keeping up with the technology,” said Plouffe.

Download the full report here