It has been a couple of months since the Verizon Data Breach Report 2015 was released. As mentioned below, it has some very useful information that enterprises can use to strategize their security investments:
- Reported insider abuse features in 20.6% of all reported security incidents
- RAM scraping has grown in a big way–this type of malware was present in some of the most high-profile retail data breaches of the past year
- In 60% of cases, attackers are able to compromise an organization within minutes
- 99.9% of the exploits happened more than a year after the CVE was published
- 70 to 90% of malware samples are unique to a single organization
- An average of 0.03% of smartphones per week were infected with “higher-grade” malicious code.
The final bullet above is of particular interest to IT and mobile security professionals because it seems to imply that advanced mobile security should not be a high priority. However, the Verizon study does not differentiate between malicious code infecting consumer mobile devices versus enterprise devices, attacks other than malware or BYOD devices used for work purposes. Advanced malware, in actuality, has been the root cause of many of the most disastrous data breaches and financial data thefts over the past two years.
Understanding Mobile Risk and the Detection Deficit
The same report also mentions a much higher percentage of advanced malware attacks (0.68%) reported by Alcatel-Lucent’s Motive Security Labs’ Bi-Annual Report. However, if we drill down into Verizon’s smaller number to see the impact on mobile users, the math shows that it would take an average consumer 64 years before being attacked by advanced malware. But should Verizon’s math be applied to the managed and BYOD devices used by employees, contractors and partners of enterprises?
Enterprises can not continue to accept the same math and should consider the growing detection deficit with malware and other mobile attacks. Even with the 0.03% value, a hypothetical enterprise, Acme Corporation, with 10,000 users would see about three employees on average (per week) with advanced malicious code on their smartphones (10,000 x 0.03%). It follows that a business unit of Acme Corporation or a separate SMB with 1,000 users would get hit on average with an advanced-grade malware attack every month. With limited IT staff and budget, smaller enterprises would be challenged to defend against the advanced malware attack and get it right every time whereas a hacker with far less at stake would only need to get it right once. While the larger Acme Corporation may be able to budget more IT measures to defend against an advanced malware attack, it would be equally susceptible to other mobile attacks (network attacks, vulnerability exploits, etc.) by relying on reactive responses to attacks for which they did not have sufficient visibility to proactively identify and remediate.
Changing Perceptions: Being More Proactive
Verizon’s findings about 0.03% of devices with advanced malware is startling on its own, but becomes more troubling when factored into the average number of attacks on enterprise mobility beyond advanced malware. At Skycure, for instance, we have consistently seen at least 23% of employees at enterprises being exposed to network-based threats during their first month of deploying Skycure. After three months, the average rises to 40%. At Acme Corporation, 2,300 of their employees on average would face network-based threats in addition to the advanced attacks addressed in the Verizon study.
A critical part of enterprises evolving their mobile security to become more proactive is to deepen their understanding of the true risk facing their mobile users. Risk of advanced malware attack is not a fixed variable–whether 0.68% or 0.03%–for enterprise users. For example, malware risk can increase based on how enterprises answer questions such as:
- Are we going beyond the traditional signature-based approach to detect zero-day attacks?
- Are users getting apps from multiple app stores?
- Do our executives travel among different geographies?
Overall enterprise mobile security risk should also be assessed beyond malware risk: devices can be compromised on multiple fronts including physical and network attacks as well as vulnerability exploits (e.g., iOS and Android have unknown vulnerabilities that hackers can exploit to take over a device).
Skycure Enterprise Edition gives enterprises holistic, real-time visibility into the full range of mobile cyber attacks and helps organizations to finally gain the visibility and intelligence required to evolve their reactive mobile security into proactive, risk-based mobile security. With Skycure Mobile Threat Defense, enterprises can answer questions such as:
- How many suspicious apps have been downloaded onto managed and BYO devices?
- What vulnerabilities threaten devices owned by the executive team?
- How many of mobile devices are connected or have been connected to a malicious network?