According to security software company Symantec’s “Q2 Mobile Threat Intelligence Report: Mobility and Finance,” 25 percent of the mobile devices used by employees of financial service companies have unpatched security vulnerabilities. Furthermore, the report found 15 percent of these mobile devices have been connected to malicious networks.
These vulnerabilities persist despite the fact that financial services cybersecurity breaches are the most costly of any industry, Symantec said, costing companies approximately $5.24 million on average. Breaches in other industries come in at approximately $4 million, by comparison.
In 2011, a major bank settled a case against a company because it had a “known technical vulnerability in its online banking system,” Symantec reports. That vulnerability resulted in a breach affecting 130 million customers and costing the company $19 million.
A OnePoll poll conducted in 2016 suggests 87 percent of people were “not very likely” or “not likely at all” to do business with companies that had suffered breaches of financial information.
Phones and mobile devices present unique cybersecurity challenges, said Symantec. The nature of user notifications means users and companies are often unaware when software patches with security upgrades are available, even when devices are regularly patched by Apple or Google. Users of Android devices may be left to discover and install security patches themselves.
The Symantec threat intelligence report also discovered 13 percent of devices used by financial services employees aren’t running the most recent release of their mobile operating systems, 99 percent of devices may not have the most recent minor update installed and users of iOS devices update their operating systems more frequently than Android users.
Only 4.6 percent of iOS devices went unpatched, compared to 47.8 percent of Android devices, Symantec said. In fact, during the period documented in the intelligence report, 25.9 percent of mobile devices in finance were capable of updating to a more recent operating system patch but had failed to do so.