This Mobile Risk Assessment helps organisations understand their risk based on mobile data access, existing controls such as EMM, and the resulting security gaps. This assessment contains four personalized sections generated from your survey response:
Your Mobile Risk Assessment is based on a framework called the Mobile Risk Matrix, outlining risk across threats, software vulnerabilities, and risky behaviors & configurations for each of the attack vectors on mobile devices.
Device threats can cause catastrophic data loss due to heightened attacker permissions.
Data is at risk of attack via Wi-Fi or cellular network connections.
Threats include malicious URLs opened from phishing emails or SMS messages.
Even well known software development companies release apps that contain vulnerabilities.
The vulnerability window is the time it takes from the release of a new patch to adoption.
Mobile devices encounter more hostile networks than laptops, and have less protection.
Malformed content, such as videos, and photos can enable unauthorized device access.
Mobile apps have the potential to leak data such as contact records.
Misconfigured routers, unknown captive portals, or content filtering.
Websites that don’t encrypt credentials or leak data.
Within this framework, we assess each box across the likelihood of occurrence and impact to the business based on your answers to the survey. The assessment will be represented using the key below:
This represents a “severe” level of risk with a high likelihood and impact to the business
This represents a "moderate" level of risk with a medium likelihood and impact to the business
This represents a “negligible” level of risk with a low likelihood and impact to the business
You also told us your organization has invested in controls for:
GDPR will come into effect on May 25, 2018. Companies, both those based in the EU and those that conduct business in the EU, that fail to comply with GPDR requirements could face a fine of up to 20M EUR or up to 4% of their annual revenue, whichever is greater.
Article 5 of GDPR says that "personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures."
Mobile devices, even those that are corporate owned, are personal. This is the new target for attack, the new risk to an organization. Whether through malicious attack, configurations or user actions, the mobile platform has become a rich target for gaining access to sensitive data.
80% of IT executives agree that the personal data accessed on their employees' mobile devices could put their company at risk for GDPR non-compliance1
“The signs are clear that mobile threats can no longer be ignored.”
42%of employees say they download applications outside of the main app stores (Google Play and Apple App Store)1
A malicious ad SDK found in popular apps in the Google Play Store that exfiltrated PII to China. The threat is enabled via remote code pushed from Igexin-controlled servers.
Lookout has seen an increase in apps installed outside of the official app stores, which bypass Apple and Google review and can easily be installed on non-jailbroken devices.
39%of the 699 CVEs patched between iOS 9 and iOS11 could enable remote code execution (RCE).
This advanced spyware was utilized on both iOS and Android and represents the most sophisticated targeted attack on mobile devices to date. Critically, Pegasus only requires a victim to visit a malicious web page and does not need the targeted individual to install an app to activate.
64%of employees say they connect to public Wi-Fi networks on the go1
During a trip to Asia, an executive of a Lookout customer encountered a man-in-the-middle attack on their iPad connecting to a fake Wi-Fi network. Many inexpensive Wi-Fi devices now exist which make it easy to set up these rogue access points.
35%of employees say they open links on their mobile device even if they are not 100% sure they are safe1
Scammers abused the handling of pop-up dialogs in Mobile Safari in such a way that it would lock out a victim from using the browser. The attack would block use of the Safari browser on iOS until the victim pays the attacker money in the form of an iTunes Gift Card. During the lockout, the attackers displayed threatening messaging in an attempt to scare and coerce victims into paying.
Nation state actors (known as Dark Caracal) conducted the most globally active mobile-specific spy campaign Lookout has ever seen. The threat relied on social engineering via Facebook and WhatsApp messages and fake app stores in order to compromise target systems, devices, and accounts, the goal of which is to eventually drive victims to a watering hole controlled by Dark Caracal.
“Lookout is positioned as a Leader in this IDC MarketScape for the MTM security software market.”
TOGGLE TO COMPARE YOUR RISK WITH AND WITHOUT LOOKOUT
TOGGLE TO COMPARE YOUR RISK WITH AND WITHOUT LOOKOUT
Malicious apps can steal info, damage devices, and give unauthorized remote access.
Device threats can cause catastrophic data loss due to heightened attacker permissions.
Data is at risk of attack via Wi-Fi or cellular network connections.
Threats include malicious URLs opened from phishing emails or SMS messages.
Even well known software development companies release apps that contain vulnerabilities.
The vulnerability window is the time it takes from the release of a new patch to adoption.
Mobile devices encounter more hostile networks than laptops, and have less protection.
Mobile apps have the potential to leak data such as contact records.
Lookout Mobile Endpoint Security makes it easy to get visibility into the entire spectrum of mobile risk, apply policies to measurably reduce that risk, and integrate into your existing security and mobile management solutions.
Apps are the predominant way that sensitive data is accessed on mobile devices, with risks spanning across both iOS and Android. Lookout’s app analysis technology is powered by intelligence from over 50 million iOS and Android apps, giving you visibility into app-based risks such as:
Often taking the form of a man-in-the-middle attack, these network threats are typically executed by spoofing a Wi-Fi hotspot to intercept network traffic and decrypt sensitive data. By analyzing network connections from our global sensor network, we effectively mitigate false positives while detecting high impact threats, including:
If the device is compromised with software vulnerabilities, the built-in security of the operating system can be bypassed. Lookout creates a fingerprint of each mobile device and compares it against the 150 million devices in our security platform to identify anomalies and risks, such as:
Securing web & content risks often equates to stopping the entire kill-chain early by protecting against phishing attempts or remote exploits. Lookout protects against:
Lookout integrates with any MDM (such as Intune, AirWatch, MobileIron, MaaS360, and UEM) for simple deployment and management.
Lookout integrates with all SIEM systems (such as Splunk, ArcSight, and QRadar) via our Mobile Risk API.
Ensure your data sovereignty and employee privacy policies are upheld using Lookout’s privacy controls features.
.svg){kind=small}
