Transcription
Menlo SecurityMobile Report2021Menlo Security Mobile Report 2021
Project overview and methodology The survey was conducted among 617 IT decision makers from organisations with 1,000 employees across the US, UK and Australia. At an overall level results are accurate to 3.9% at 95% confidence limits assuming a result of50%. The interviews were conducted online by Sapio Research in April and May 2021 using anemail invitation and an online survey.
Respondent demographics summaryDemographicsCountry ofresidenceTotal respondents: 617204204209 22% of respondents were CIOsJob Role 16% of respondents were CISOs 53% of respondents were IT ManagersSize ofcompanyBusinesssector# of employees% of respondentsCompany sectors –top 3:1,000-2,9993,000-4,9995,000 to 9,99910,000 30%32%21%18%Software /Technology: 22%Finance /Insurance /Accounting: 15%Retail /Manufacturing :12%
Key stats93% said thatmobile security washigh priority: 59%said it was veryhigh55% think thatorganisations should beresponsible for the security ofmobile devices used for workpurposes86% agree that attacks on mobiles arebecoming more frequent andsophisticated, and that the number ofdifferent ways mobile devices are beingattacked is increasing76% believe that end usersare more open to attacks onmobile devices than they werea year ago25%Onlythink theiremployees report mobilebrowser vulnerabilities everytime they occur67% believe mobilebrowser vulnerabilities occurat least several times a21%week:think theyoccur multiple times a day
Summary and Overview1Mobile security an increasing concern – The majority feel that attacks on mobile devicesare increasingly frequent and sophisticated, and that end users are more vulnerable toattacks – and the vast majority consider mobile security to be high priority, including 99% ofAustralian respondents2Organisations should take responsibility – Over half thought that organisations should beresponsible for the security of mobile devices used for work purposes, particularly those inlarger companies. Australian respondents, however, were more likely to think responsibilityshould lie with end users or mobile vendors3iOS and the Apple App Store perceived as more secure than Android and Google Play– A third update their mobile device / operating system as soon as a new patch is issued,with those in larger companies and those who rate mobile security as very high priority beingmore likely to update immediately4Mobile browser vulnerabilities thought to be frequent, but employees not trusted toaccurately report them – Two thirds believe mobile browser vulnerabilities occur at leastseveral times a week, while a fifth think they occur multiple times a day. Despite this, only aquarter think their employees report vulnerabilities every time they occur5Respondents remain confident in their organisations’ abilities – While agreeing thatmobile attacks are an increasing issue, the majority of respondents also agree that they areconfident in identifying malicious links and preventing attacks via them. Most have mobilesecurity solutions in place - mobile device management was the most popular mobilesecurity solution, followed by Isolation
Main Findings
9 in 10 (93%) say that mobile security is a high priority, with 3 in 5 (59%) saying it isvery highCountry99% CIO vs 73%Other IT role93%97% companies with 3,000-4,999employees vs 86% companieswith 10,000 employees59%% HighUK90%US90%Australia99%34%6%Very highHighMediumQ1. Where does mobile security rank in terms of your priorities? Please select one answer only:1%0%LowNot a priorityBase: 617
Three quarters believe that end users are more open to attacks on mobile devicesthan they were a year ago (76%)Significantly more.a year ago?Slightly moreAbout the same39%37%Slightly lessSignificantly less14%7% 3%83% companies with5,000-9,999 employeesvs 70% companies with10,000 employees76% More.five years ago?45%28%73% More14%8%5%Country% MoreUK67%US72%Australia80%Q2. Do you believe that end users are more open to attacks on mobile devices than they were. Please select one answer per:rowBase: 617
Phishing was the most common mobile security attack or attempt in the last 12 months (71%)Only 1 in 10 did not experienced any mobile attacks or attempts in the last 12 months (11%)Phishing71%Malware66%Top for US58% UK vs71% AustraliaAdvanced Persistent Threats(APTs)Something elseWe have not experienced anymobile security attacks orattempts in the last 12 months42%31% UK vs51% Australia2%11%8% companies with 5,000-9,999employees vs 18% companieswith 10,000 employeesQ3. Has your organization experienced any of the following mobile security attacks or attempts in the last 12 months? Please:select all that applyBase: 617
While over half thought that organisations should be responsible for the security ofmobile devices used for work purposes (55%), this remains a fairly split 8%Mobilevendors20%End-users25%Organizations55%39% CISO vs73% Other IT role48% companies with 3,000-4,999employees vs 61% companieswith 10,000 employeesUKUSAustralia63%60%42%Q4. Who should be responsible for the security of the mobile devices used for work purposes? Please select one answer only:Base: 617
Only a third update their mobile device / operating system as soon as a new patch is issued(34%)Over 1 in 10 (14%) will leave it 3 days or longer to update their mobile device / operating systemAs soon as it is issued34%The same day25%Within 1-2 days27%Within 3-5 days43% Mobile security isvery high priority vs 23%Mobile security is highpriority8%Within a weekWhen I remember45% CIO27% companies with5,000-9,999 employees vs43% companies with10,000 employees5%1%Q5. How quickly do you update your mobile device/operating system when a new patch is issued? Please select one answer:onlyBase: 617
The majority think that iOS (62%) and the Apple App Store (58%) are more securethan Android and Google PlayThird Party App StoresOperating Systems52% companieswith 4% CISOUKUSAustralia72%60%56%Q6. Which of the following operating systems do you think is more secure? Please select one answer only:Q6a. And which of the following Third Party App Stores do you think is more secure?Please select one answer onlyApple AppStore58%UKUSAustralia68%55%50%Base: 617
82% of IT decision makers have encountered malicious document downloads oncorporate owned devices over the past 12 monthsThose who have, encountered an average of 15 malicious downloads9 for companies with1,000-2,999 employees vs24 for companies with5,000-9,999 employeesMean: 15None, we haven’tencountered any17%1 to 23 to 514%6 to 1019%11 to 1510%16 to 2010%21 to 2526 to 506%MeanUK12US15Australia1882%of businesses haveencountered amalicious documentdownload1%51 to 100More than 100Country13%6%74% UK vs87% Australia3%Q7. Over the past 12 months, have you encountered instances of malicious document downloads on corporate owned devices?:Please select one answer onlyBase: 617
The majority have specific mobile security solutions in place either on the end users’ deviceor within your organization (96%)Over 4 in 5 use mobile device management as a mobile security solution (84%)84%41%35%Mobile DeviceManagementIsolationDLP91% Finance / Insurance /Accounting36% UK vs 48% Australia25% UK vs 43% Australia4%No, we do not have anysolutions in place yet49% Retail78% UK vs 90% AustraliaN.B. Other 1%Q8. Do you have specific mobile security solutions deployed on your end users’ device or within your organization, if so, what:are they? Please select all that applyBase: 617
Two thirds believe mobile browser vulnerabilities occur at least several times a week(67%)A fifth think they occur multiple times a day (21%)14% companies with3,000-4,999 employees vs32% companies with10,000 employees29% US vs13% AustraliaMultiple times a day21%At least once a daySeveral times a week27%Several times a month16%A few times a month73% Mobile security is very high priorityvs 58% Mobile security is high priority7%Less than a few times amonthI don’t know67%19%6%3%Q9. How often do you think mobile browser vulnerabilities occur? Please select one answer only:Base: 617
Respondents detected an average of 14 mobile security threats in the last monthAustralian respondents detected the most (16) and UK respondents the least (12)9 for companies with1,000-2,999 employees vs24 for companies with5,000-9,999 employeesNumber of mobile security threats you havedetected in the last monthMean: 1409%16%213%36%49%59%6 to 1012US14Australia168%21 to 254%3%51 to 100Don’t knowUK7%16 to 20More than 100Mean16%11 to 1526 to 50Country4%3%4%Q9a. And how many mobile security threats have you detected in the last month? Please select one answer only:Base: 617
Only a quarter think their employees report mobile vulnerabilities every time theyoccur (25%)The UK have the least trust in their employees, less than a fifth (18%) think mobilevulnerabilities are reported every timeRole%25%All the time18% UK vs 28% US andAustralia39%Most of the timeCIO9%CISO3%IT Manager20%Other IT role41%20%About half of thetime8%9%A quarter ofthe timeHardly ever14% UK vs 2% Australia17% Healthcare vs 3% Retail34% Mobile security is veryhigh priority vs 13% Mobilesecurity is high priorityQ9b. And when they occur, how often do you think mobile vulnerabilities are reported by your employees? Please select one:answer onlyBase: 617
While 9 in 10 are confident in their ability as an organisation to identify malicious links on mobiledevices (88%), 86% agree that attacks on mobiles are becoming more frequent and sophisticated,and that the number of different ways mobile devices are being attacked is increasingStrongly agreeAgreeNeither agree nor disagreeDisagreeStrongly disagree% AgreeI am confident in our ability as an organization toidentify malicious links on mobile devices40%The number of different ways in which mobiledevices are being attacked is increasing40%46%10% 4%86%Attacks on mobiles are become more frequent andmore sophisticated40%46%10% 4%86%I am confident in our ability as an organization toprevent attacks on mobile devices via maliciouslinks39%12%84%The frequency of malicious text messages isincreasing39%It is not possible to be prepared for all the differenttypes of security attacks on mobiles currently outthereIt is not possible to keep up with the evolution ofmobile security attacks9% 2%45%42%15%13%48%38%25%21%23%Q10. How much do you agree or disagree with the following statements: Please select one answer per row:13%21%31%3%5%5%8%88%81%53%38%Base: 617
Demographics
Country33%34%33%S1. What country do you live in? Please select one answer only:UKUSAustraliaBase: 617
RegionUKUSSouth29%AustraliaGreater London22%South est Midlands11%North West11%South West10%Yorkshire/Humberside7%North East7%6%Wales5%East Midlands5%ScotlandNI49%13%East of EnglandSouthwestVictoria3%New South Wales27%QueenslandSouth Australia14%5%Western Australia2%Tasmania1%Northern Territory0%0%S2. What region do you live in? Please select one answer only / S3. What region do you live in? Please select oneanswer only / S4. What region do you live in? Please select one answer only:Base: 204 / 204 / 209
ion4%Other3%Transportation/Utilities3%Wholesale trade1%Real tising0%Agriculture0%S5. What industry sector is your organization in? Please select one answer only:Base: 617
Company Size30%32%21%18%1,000 - 2,999 employees3,000 - 4,999 employees5,000 - 9,999 employeesS6. How many employees are there in your organization? Please select one answer only:10,000 employeesBase: 617
Role93%ITExecutive7%S7. What best describes the area you work in? Please select one answer only:Base: 617
Job Title53%22%16%9%IT ManagerCIOCISOS8. Which of these titles best describes your job? Please select one answer only:Other IT roleBase: 617
Management of IT Security76%Yes, I am fully responsibleYes, I am involved24%S9. Are you responsible for or actively involved in the management and control of your organisation's IT security? Please select:one answer onlyBase: 617
The majority have specific mobile security solutions in place either on the end users' device or within your organization(96%) Over 4 in 5 use mobile device management as a mobile security solution (84%) Q8. Do you have specific mobile security solutions deployed on your end users' device or within your organization, if so, what
