Zimperium’s “State of Enterprise Mobile Security” Report for 2019
It is no longer a matter of if or when an enterprise’s mobile endpoints are at risk of being attacked – – they already are; that according to findings in our “State of Enterprise Mobile Security” Report for 2019. Our research shows 100% of organizations protecting their mobile endpoints with Zimperium have detected and prevented threats and attacks.
Our report contains 2019 data from over 45 million anonymized endpoints from enterprises in a variety of industries and both local and national government agencies and is designed to answer the primary question organizations ask every day: How many and how are my mobile endpoint devices being attacked?
In the report, we define “threats” as conditions that increase the likelihood of a device being attacked or enable attacks to be made more efficiently. “Attacks” are actual attacks against mobile endpoints.
Device Threats and Attacks Snapshot
- Mobile OS vendors created patches for 1,161 security vulnerabilities.
- In 2019, Apple patched 306 CVEs (Common Vulnerabilities and Exposures), 64% of which were considered “critical” security threats.
- In 2019, Google patched 855 CVEs, the majority of which (54%) were considered “critical” or “high” security threats.
- At the end of 2019, 48% of iOS devices were more than four versions behind the latest and 58% of Android devices were more than two versions behind.
Network Threats and Attacks Snapshot
- Over half of all enterprise mobile endpoints encountered risky networks.
- Zimperium detected over 3 million risky networks in 2019.
- While unsecured and unencrypted WiFi networks were the top network threats in 2019, the most interesting trend is the rise of network handoffs… from less than 1% of devices in 1H19 to 14% by the end of the year.
- Network attacks accounted for 92% of all attacks covered in this report.
- 19% of enterprise mobile endpoints experienced network-based attacks.
- 94% of network attacks were man-in-the-middle (MITM) variations wherein attackers hijack traffic to steal credentials/data or deliver exploits to compromise the device.
App Threats and Attacks Snapshot
Zimperium analyzed applications that were installed on enterprise endpoints to understand the security and privacy risks. A “passing” grade means that the app has very few security or privacy risks and does an above average job of protecting user data.
- 85% of iOS apps and 21% of Android apps failed to receive a passing privacy grade.
- The most critical privacy risks in apps are those that capture data (which may include PII) and can send it off the device or inadvertently share it with other apps without user knowledge/consent.
- 71% of iOS apps and 68% of Android apps failed to receive a passing security grade.
- The most critical security risks in apps are those that allow the installation of unapproved code/functionality or the execution of injected code.
Updated semiannually, the “State of Enterprise Mobile Security” will provide updated and trending information.