Verizon Mobile Security Index 2020 Report Reveals Malware and Man-in-the-Middle Attacks Are Top Threat Vectors, Based on MobileIron Data

Over the past few months, we worked closely with Verizon to provide key insights on the mobile threat landscape for their Mobile Security Index (MSI) 2020 report. Today, Verizon released the report and revealed that malware and man-in-the-middle (MitM) attacks are top threats vectors. This is based on aggregated usage data from devices with threat detection activated across our installed base of MobileIron Threat Defense, gathered over the course of 2019.

 

Malware remains a favorite tool of hackers

Our data revealed that 4.5% of Android devices had known malware. While that might not sound like much, one device can compromise an entire organization. And hackers are leveraging increasingly creative and sophisticated techniques to break through organizations’ defenses. For example, they are finding new ways to trick users into installing malware, such as disguising it in cloud-based applications. Hackers will likely continue to target mobile devices and applications with malware, as just one successful attack can be highly destructive.

 

Device threats, from lost devices to OS vulnerabilities, are a fact of life for most organizations

According to our data, 31% of devices harbored known threats – that’s almost unchanged since 2018. And one of the most dangerous mobile device threats is a MitM attack, which occurs when an attacker intercepts a mobile device’s network traffic, enabling them to read and capture credentials, emails, calendars, contacts and other sensitive data as a preliminary step in a more advanced attack. A MitM attack is often done through a rogue Wi-Fi hot spot or access point. According to our data, 7% of protected devices detected a MitM attack in the past year.

 

Organizations need to implement a mobile-centric zero trust approach

This research demonstrates how vulnerable mobile apps and devices are to attacks. For example, if not properly secured, an app can weaponize a device against an enterprise. And an unmanaged device can leak sensitive corporate data if its network connection is hit with a MitM attack. At the same time, mobile app, device and network threats are evolving and reaching new levels of sophistication. Organizations urgently need to protect mobile devices, and all the data and resources they connect to, without disrupting user productivity.

A mobile-centric zero trust approach can protect company data wherever it travels, and help users comply with company security policies and local regulations. MobileIron’s UEM platform with MobileIron Threat Defense (MTD) enables organizations to detect and remediate mobile threats, including app, device and network attacks, even when the device is offline. MTD offers continuous protection against mobile device threats, including malware, MitM attacks and unencrypted networks, that exploit user behavior and security gaps.

For more information, please click here to have a MobileIron representative reach out to you, or click here to begin a free 30-day trial. To download a complimentary copy of the Verizon Mobile Security Index results, please visit here.

Brian Foster

Senior Vice President of Product Management

About the author

As SVP of Product Management, Brian is responsible for overseeing product direction and innovation. Brian brings more than 25 years of experience to his role. Prior to MobileIron, Brian founded a startup in the identity management space. Before that, he was SVP of information services at Neustar, the leader in identity resolution. At Neustar, Brian’s teams were responsible for solutions in marketing services, risk and fraud, registries, and security services. He also oversaw the product development and go-to-market operations. Prior to that, Brian was CTO at Damballa, a private company that discovered advanced threats running in enterprises and large internet service providers. As CTO, Brian was responsible for the advanced research, product strategy, and engineering operations.

Before Damballa, Brian was SVP of product management at McAfee. He oversaw McAfee's global product management functions and was responsible for over 80  enterprise and consumer products, generating more than $2B in revenue. Prior to joining McAfee, Brian was VP of product management at Symantec, where he oversaw product innovation for the enterprise endpoint. Brian has a BA in Economics from UCLA and completed the executive program in management from UCLA’s Anderson School of Management.