The security threat from mobile devices is overstated, according to the 2015 Data Breach Investigations Report (DBIR), an annual study on cyberattacks conducted by Verizon. This is one of the findings shared at the DBIR announcement in Hong Kong last week.
DBIR is Verizon’s annual research project that analyzed 2,122 data breaches from 79,790 identified security incidents in 70 organizations covering across 61 countries. This year, the report stated that less than 0.03% of the mobile devices are affected by high-impact malware each year, suggesting “the overstated threat of mobile,” said Sumeet Singh, head of security solution engineering, Asia pacific from Verizon.
He added that the type of malware targeting mobile devices tends to be annoying to individual rather than highly impact towards organizations.
“Organizations are putting a lot of control on mobile devices,” Singh added. “Many are using MDM technologies to protect the mobile containers, so users could be affected, but organizations’ breaches have not come up in our report.”
The other reason is attackers tends to go after systems with higher return, like financial systems, thus the attacks towards mobile devices are relatively low impact.
“Physical threats, comparatively is much easier,” he said. Singh noted that more devices are being stolen than data being breached.
When comparing attacks on different types of mobile OS, Singh said “in this case Android wins.” He added that the study look at millions of devices at the Verizon network and “we practically found nothing on Apple devices.” He explained that Android is an open source operating system, so it’s likely to see more risk.