Mobile malware getting more dangerous, security firm warns

Mobile malware has moved beyond just extracting data—now, it can take over an entire mobile device, according to security firm MobileIron. And too many companies across industries, including healthcare, are not paying enough attention.

“Despite the rise in high-profile mobile malware attacks, anti-malware adoption continues to remain flat, with a global adoption rate of less than 5 percent,” the company warns in a new report.


For instance, 17 percent of healthcare organizations have at least one compromised device, and only 12 percent enforce operating system updates. More than half of healthcare organizations have at least one missing device, MobileIron’s study found.

Also See: How to improve your organization’s cybersecurity training

“Enforcing OS updates is one of the easiest and most cost-effective ways to prevent attacks from exploiting holes in older operating systems,” MobileIron advises. “There’s simply no reason not to ensure (operating systems) are consistently updated. Think of the 80/20 Rule; organizations can reap 80 percent benefit with just 20 percent effort.”

Nearly 80 percent of organizations in MobileIron’s global customer base have more than 10 enterprise applications installed, and 18 percent of them use voluntary protection programs that streamline enterprise app deployment to users in a safe manner. The healthcare industry is above average, with a 29 percent rate using voluntary protection programs.

Still, threats keep coming, with new malware in recent months including HummingBad Malware (which infected 85,000,000 devices), Pegasus (capable of intercepting virtually all communications), QuadRooter (detected on an estimated 900,000,000 devices) and The Godless Malware (infected 850,000 devices).

Mobile apps and data have become fundamental to businesses, and the company’s new security report “shows that apps are not only critical to business but that employees around the world rely on these tools for parts of their jobs that were once relegated to the desktop, such as presentations and spreadsheets,” says James Plouffe, lead security architect.

Also See: 13 top paying cloud and security jobs for 2017

Even in higher regulated industries that include healthcare, however, enterprises did little to enhance their security posture, according to the report. Half of companies did not enforce device policies, nearly one-third had at least one outdated policy, more than 40 percent had at least one missing device, nine percent of companies enforced OS updates, and 11 percent had compromised devices accessing corporate data.

Top installed apps in healthcare include Webex, Concur, Pulse Secure, AnyConnect, Keynote, Excel, Word, PowerPoint, box and Numbers, according to MobileIron.

The full report, including a security hygiene priority checklist, a list of blacklisted apps and recommendations, is available here.

For reprint and licensing requests for this article, click here.