Heightened Mobile Security Concerns – Menlo Security Report


Menlo Security has released the findings from its Menlo Security Mobile Risk 2021 Report which explores the security considerations and concerns around mobile usage as more businesses today operate remotely. Partnering with Sapio Research, the survey questioned respondents on the mobile security threat landscape and how businesses are responding to cybersecurity challenges during the global pandemic and beyond where work is no longer bound by physical offices.

Following a survey of more than 600 IT decision makers across the United States, United Kingdom, and Australia, including CIOs and CISOs, Menlo Security discovered that half of the respondents (53 percent) admitted that it’s not possible to be prepared for all the tactics and strategies used by attackers targeting mobile devices. Going one step further, more than a third (38 percent) claimed that it’s impossible to keep up with the pace of these attacks. The survey also found that three quarters of IT decision makers believe their organisations are more vulnerable to mobile cyberattacks than ever before. It has become clear that it isn’t a matter of if, but a matter of when.

“Infographic – click to enlarge”

Therefore, it is of little surprise that 73 percent of respondents believe that end users are now more susceptible to cyberattacks on mobile devices than they were five years ago. The survey also found that 76 percent of respondents believe they are more vulnerable to mobile attacks than just a year ago, following the shift to remote and hybrid work environments.

“Although many organisations are confident in their ability to identify and prevent mobile attacks, oftentimes this is just overconfidence in legacy solutions that are not able to provide 100 percent protection against the latest waves of socially engineered attacks such as Phishing and Smishing or zero-days,” said Mark Guntrip, senior director of cybersecurity strategy for Menlo Security. “Even experienced professionals can fall victim to these attacks and the only way to truly prevent them in the first place is through isolation, which secures work regardless of where it happens.”

IT decision makers also acknowledged that nearly three-quarters (71 percent) of them had experienced phishing attacks first-hand. Although a majority of respondents admitted they’re either more susceptible to mobile attacks or they have already encountered one, a surprisingly high percentage of respondents still felt confident in the ability of their organisation to both identify and prevent them. Although mobile devices often make it difficult to identify the tell-tale signs of malicious emails or links, such as URL addresses, 88 percent still believe in their ability to identify them and 84 percent trust in their ability to prevent them.

“Threat actors are always looking for the path of least resistance and given the large number of organisations and employees who are still working remotely, mobile devices have entered into the center of attackers’ crosshairs,” said Guntrip. “Unfortunately, mobile security has often been an afterthought for enterprise security strategies. Today’s businesses must rethink how they’re safeguarding their networks and what avenues are most susceptible to threats in the remote work landscape.”

The survey also inquired about the strategies that are most often used by organisations in the U.S., UK, and Australia, finding that isolation adoption hovers around 40 percent, lagging behind more traditional methods such as mobile device management methods (84 percent), and DLP (35 percent), thus leaving a majority of organisations at risk of attack.

Survey Methodology

The survey was conducted among 617 IT decision makers from organisations with 1,000 or more employees across the U.S., UK and Australia. The interviews were conducted online by Sapio Research in April and May 2021 using an email invitation and an online survey.

The full report can be found here