Just 4% of enterprise mobile devices protected against Meltdown and Spectre
Just four per cent of enterprise mobile devices have been patched to protect against the Meltdown and Spectre vulnerabilities discovered in modern processors.
According to an analysis of corporate-owned and managed mobile devices by security firm Bridgeway, mobile security is not as much of a priority as more traditional PC and server security concerns.
However, the company said these devices increasingly hold significant amounts of sensitive corporate data, meaning they also require robust security measures.
The research found that at least 72 per cent of devices are still exposed to these vulnerabilities, while a further 24 per cent is also thought to be vulnerable, but currently impossible to patch due to age.
Bridgeway said these older mobile devices are typically running obsolete versions of operating systems (OS), such as versions of Android older than Marshmallow, which may never be patched by vendors and mobile network operators. This is because they will be unsupported by their hardware and OS manufacturers. In these cases, the only option is to replace the devices.
Jason Holloway, Bridgeway managing director, said: “It’s worrying that only four per cent of organisations have applied updates to protect their devices against Meltdown and Spectre: it means the majority of companies are needlessly exposing their users, devices and more importantly, corporate data, to the risk of interception and exfiltration.
“Mobile devices are the new target for hackers, who will be looking to exploit these flaws as quickly as they can. Organisations need to patch their mobile devices now, before they can be targeted.”
Bridgeway advised organisations to check device manufacturers’ websites for the availability of updates, and to systematically apply them across their device estates as soon as possible.
It also advised that companies consider an enterprise mobile management solution to disable untrusted sources, prevent the user installing potentially malicious apps that could exploit the vulnerability, and to validate that the devices and apps accessing corporate networks are secured, managed, and authorised.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.