Here’s a real eye opener for IT professionals with a hand in security: a recent study by mobile security vendor Veracode found that the average global enterprise has approximately 2,400 unsafe applications installed in its mobile environment.
The study analyzed hundreds of thousands of mobile applications installed in actual corporate environments, in verticals ranging from media to manufacturing. Of the unsafe applications Veracode found:
- 85 percent expose sensitive device data, including SIM card information
- 37 percent perform suspicious security actions, such as recording phone calls, running other programs, and viewing cached credentials
- 35 percent retrieve or share personal information about the user, such as browser history and calendars—often sending sensitive information to overseas locations
While most employees likely aren’t intentionally seeking out security threats on their personal devices, this study does highlight a large security risk present in most enterprises today. Shadow IT takes many forms, from utilizing unofficial cloud services like Dropbox to, like you see here, utilizing apps that may be a significant security threat within the enterprise. Not remaining diligent in combating shadow IT can leave a company seriously vulnerable.
No matter how your business tries to mitigate the risks associated with unsafe apps on user phones, this report is an important reminder that security covers a spectrum; it is more than just physically secure data centers or consistently enforced BYOD policies. Doubling down on one aspect of enterprise security while dedicating limited resources to another is a surefire way to a vulnerable enterprise.
Angry Birds may be a fun time sink—just make sure it isn’t threatening the security of your business.