Yes, you read that right: more than 25 percent of the mobile devices used by employees at financial services organizations are at risk from attack by malicious hackers due to unpatched vulnerabilities. This is one of many findings from our Q2 Mobile Threat Intelligence Report: Mobility and Finance. That means that 1 in 4 employees at the institutions you have trusted with your banking services are at risk. And you need look no further than Equifax to see what that might mean for you and your data.
The figures, unfortunately, don’t get any more encouraging as the report continues. We also found that more than 15 percent of financial service employee devices have been exposed to a malicious network, which makes planting malware and stealing information significantly easier for attackers. Yet another way for your sensitive information to find its way onto the dark web.
Security experts know all of this. The financial institutions have to know all this. And yet, financial breaches not only continue, but have been found to be the costliest of any industry, with the average cost to the company coming in at $5.24 million (versus $4 million for companies in other industries1). But, that’s just the average. In 2011, a major global bank paid to settle a case against the company because it had a “known technical vulnerability in its online banking system” that led to a breach that affected 130 million customers and ultimately cost the company more than $19 million.
Given the cost to the organization, the risk to both corporate and customer personal information, and the brand damage, the report posits that any cyber security breach of a financial institution is one too many. In fact, according to a 2016 poll conducted by OnePoll nearly 87% of people said they were either “not very likely” or “not at all likely” to do business with a company that had financial information breached. Imagine if a major bank had 87% (or even 20%) of its customer base leave on account of a security breach?
One of the biggest challenges for these financial services institutions is that mobile devices have known vulnerabilities that are regularly patched by Apple and Google. But, because of how user notifications might work (or not work), most users and enterprises don’t know when upgrades with security patches are available. Some Android users may never get a notice for their device at all! Then it’s left up to the enterprise and its users to install those patches, which exacerbates this critical gap in mobile security.
Along those lines, the report finds some big challenges with unpatched mobile devices:
- More than 13 percent of financial mobile devices are not running on the current major version of the operating system
- At any given time up to 99 percent of mobile devices in financial organizations may not yet be on the newest minor update
- iOS users update their devices far more rapidly than those using Android devices, with only 4.6 percent of iOS devices in financial organizations not on the latest major OS version, compared to 47.8 percent of Android.
- During the reporting period, an average of 25.9 percent of mobile devices in finance were able to update to a more secure OS version, but had not yet done so, leaving the device open to mobile exploits.
In addition to the high percentage of known unpatched vulnerabilities, the report also found additional gaps at banking and finance organizations:
- Three in every thousand devices has been infected with malware.
- More than 15 percent of employee devices have been victims of a malicious network exposure.
- Of every hundred devices, 2.5 are not even protected with a passcode.
The silver lining here is that there are ways for you – and financial services employees – to keep mobile devices safe. In some cases, like with SEP Mobile, it’s actually easy to do so! What we’re saying is: there is hope. Here are five rules to follow to dramatically reduce the risk of mobile cyber attacks:
- Don’t click, install or connect to anything that you are not confident is safe.
- Only install apps from reputable app stores.
- Don’t perform sensitive work on your device while connected to a network you don’t trust.
- Always update to the latest security patch as soon as it is available for your device.
- Protect your device with a free mobile security app like SEP Mobile.
All of these risks and statistics illustrate why it is crucial for organizations – especially financial services institutions – to invest in a comprehensive mobile threat defense solution. If you’d like to dive a bit deeper, download the entire Q2 2017 Mobile Intelligence Threat Report: Mobility and Finance. If you’d like to learn more about how SEP Mobile threat defense protects organizations and prevents cyber-attacks without compromising the mobile user experience or privacy, visit our website or drop us a line.