Warning: Mobile Threats Love Organizations of All Sizes

One of the more popular refrains nowadays is that company size - as measured by the total number of employees - somehow makes enterprises safe. I hear it all the time. “We’re too big – our systems are too impenetrable – to worry about mobile security,” or, “We’re too small for any hacker to pay attention to us.”

Wish it were true. But both claims are plain wrong.

We know this in our heart of hearts, but we also wanted to pull some data to illustrate the fact that size is no guarantee of security for an enterprise - whether they’re big, small, or in-between. So, we’ve aggregated usage data collected from customers and categorized the information into three buckets: small enterprises of less than 5,000 employees, midsize enterprise with 5,000 to 10,000 employees, and large enterprises with 10,000 or more employees.

We subsequently analyzed and averaged the results across three crucial components of mobile security. First on the list came device vulnerabilities. We wanted to know the percentage of mobile devices with operating system or configuration vulnerabilities that would make it easy for attackers to steal confidential information. Small enterprises turned out to be the most vulnerable with a whopping 54.4% of devices vulnerable to attack. Next came midsize organizations with 50.8% and then large enterprises at 42.7%.

So, at first blush, one might be tempted to conclude that large enterprises rated as the “safest” category. But that’s a relative term; consider that a 50,000-person enterprise had, on average, 21,350 vulnerable mobile devices on-premises or on-network. What’s more, only one of those 21,350 needs to be exploited to put a trove of confidential company information in jeopardy.

Next, we wanted to discover the percentage of devices that at some point had connected to a suspicious wireless network. This often takes the form of fake wireless hotspots setup designed to look like free Wi-Fi. In reality, hackers use these scam setups to siphon all the communications that pass between the malicious hotspot and any mobile devices that connect to it.

The results were eye-opening. Starting with small enterprises, we found that 33% of mobile devices had connected to suspicious networks, followed by 26.7% for midsize enterprises, and 31.5% for large enterprises. In other words, on average, a full third of enterprises employees have connected at some point to a Wi-Fi network that was probably listening in (and stealing) their communications.

Lastly, we studied the rate of mobile malware infiltrations. At small companies, 1 out of 100 devices got infected. At midsize enterprises, it was 1 out of 300. For large enterprises, it was 1 out of 1,200 devices. Thankfully, these numbers are a little bit lower, but legitimate malware infections also constitute a much more concentrated threat. It also can lead to situations that allows access throughout every level – including root level – on that mobile device. And when one of these infected devices are connected to your corporate Wi-Fi, the malware can spread like wildfire to other devices within the enterprise.

While all this sounds dire, it’s important to understand and appreciate the extent and gravity of the threats. The positive news is that today’s most advanced products use intelligence and machine learning technology to prevent these threats from becoming infiltrations. Defensive technologies also rely on automated responses that help mitigate any risk to your enterprise or data when something unique breaks through.

Organizations of all sizes rely on mobile threat defense solutions today to keep their data safe. Ceragon Networks, for example, home to around 1,250 employees, was able to mitigate over 140 malware incidents. Republic National Distributing Company (RNDC), which boasts over 7,000 employees, was able to analyze 400,000 apps to make sure their employees were installing safe, legitimate media. And Aetna, which houses over 50,000 employees, performed almost 8 million network tests which allowed them to prevent over 10,000 connections to suspicious networks by their employees!

At the end of the day, the size of your enterprise doesn’t matter. Your employees are still at risk to mobile threats. But armed with heightened awareness and the latest intelligent technologies, you can mitigate that risk significantly. To help you overcome objections, read this white paper to learn how RNDC drove a successful buy-in discussion with business leaders about today's mobile cyber security.