By Kyle Johnson and Jack Madden
Mobile is the new favorite target for bad actors looking to gain access to data and more from enterprises—or is it? On one hand, we hear reports with huge scary numbers about the amount of mobile malware out there; while on the other hand, how many of us run anti-malware on our phones?
So that got us thinking: What do the mobile security statistics actually look like? Does the published data show it’s worth all the hand wringing and doom and gloom sentiment? There are a lot of reports out there from a variety of sources, all with different numbers, or sometimes numbers without much context.
We were going to write about some of the latest mobile malware stats we’ve seen, but soon we realized that for this data to be useful, we really need to break it down before we can parse it.
Breaking down mobile security statistics
When we read through white papers, survey reports, and other data, here are some of the variables we’ll be considering.
Who is providing said data/what do they get out of it?
One important aspect that always needs to be considered is who is providing the data. Is it a mobile threat defense vendor with a desire to convince you that mobile security software/apps are needed, a company like Google insisting their app store is safe for use, or an organization with a truly neutral position?
What kind of information is provided?
Are we looking at internal telemetry derived from actual customers? Or is the white paper based simply around surveys?
What’s the nature of the issue that’s actually being reported?
There are a lot of different mobile security issues to look at:
- All the different mobile malware variants and instances out in the wild.
- Potentially harmful apps found in Google Play or Apple App Store.
- Potentially harmful apps installed on devices from outside official stores.
- Are the stats focused on everyday users, enterprises, or a combination?
- If they’re looking at data breaches or incidents, what was the nature of the event? One app showing up on one phone? Or a serious data breach directly attributed to a mobile attack?
- Or is it more about enterprise concerns and strategies?
Of course, we can break some these categories down even further. For example, there’s the definition of mobile malware. On one hand, there are malicious apps that are clearly dangerous, but on the other hand, there’s a whole world of apps that are completely legitimate for consumers, but still might be considered potentially harmful for the enterprise. Or, does the report go beyond malware? Mobile devices can also face network-based attacks or mobile phishing.
Lastly, it goes without saying that we need to be aware of all the usual statistical tricks.
Putting reports into proper context
Now that we’ve broken out how these mobile security statistics-focused reports and white papers should be looked at, we (and you) can better understand what each says. Some of these things may seem obvious, but it never hurts to take a step back and remind ourselves. Ultimately, by keeping this in mind, we can get a better understanding of the mobile security landscape.
Stay tuned for more mobile security analysis in the coming weeks—and, if you’re an organization that has a report, metrics, or other mobile security statistics you want us to see, send it our way!