1 million high-risk Android apps will enter the enterprise this year, says Infonetics
Roughly one million malicious or high-risk Android apps are expected to be introduced into the enterprise this year, according to an Infonetics Research's mobile security report, which was based on a survey of decision makers at 103 medium and large enterprises in North America.
Malware threats against Android now exceed threats against PCs, the traditional targets of hackers, according to security firm Sophos. "Android malware can place a company's future at risk by exposing strategic information or stealing passwords," Sophos cautioned.
Verizon's 2012 Data Breach Investigations Report found that 69 percent of enterprise data breaches and 95 percent of stolen data in 2011 were caused by malware.
Despite the risks, around one-third of enterprises currently allow the use of employee-owned devices such as Android smartphones, iPhones, iPads and other tablets, on their networks, according to the Infonetics survey.
A 2012 survey of 671 IT professionals by the Ponemon Institute for security firm Lumension found that 80 percent of respondents believe that mobile devices pose a significant security risk to their networks and system because of their lack of security.
More than half of respondents said that their enterprises receive more than 25 malware attacks every month, and another 20 percent said they do not know how many malware attacks they have per month.
Jeff Wilson, principal analyst for security at Infonetics, predicted that secure socket layer virtual private networks would become the "cornerstone of many enterprise mobile device security strategies because they solve an immediate connection security requirement, are familiar and easy to use, often free, and will likely support additional security and control functions."
SSL VPNs provide secure remote access to an enterprise's networks, data and applications using a web browser.
Whatever approach enterprises take to mobile security, they need to act now, particularly if they do not have a BYOD policy or security product in place to secure personal devices flooding into the workplace.