April 23, 2015 By Shane Schick 2 min read

Most people would probably agree getting struck by lightning is worse than downloading mobile malware, but security researchers say the statistical likelihood of either happening is about the same.

Unveiled at the recent RSA Conference in San Francisco, Damballa Inc. presented detailed results from a two-year study of more than 2 million unique hosts contacted by mobile devices across North America. The research concludes that mobile malware was contacting only 0.0077 percent of devices, based on a blacklist it had compiled. That means the average mobile user has only a 0.01 percent chance of being hit by a cybercriminal attack on his or her smartphone or tablet.

Damballa isn’t the only firm downplaying the extent of mobile malware issues. Verizon recently published a report of its own that said much of the same thing and even questioned the way organizations calculate the true cost of stolen data.

Besides suggesting many threats to mobile users may be wildly overblown, there were other surprises in Damballa’s research. As CSO Online noted, the report showed mobile malware infection rates were twice as high two years ago, the last time the company conducted a similar study. While that could be a credit to app stores that fend off the apps that pose the biggest risks, it could also be the increased sophistication of software tools to fight off cybercriminals.

A story on TechTarget pointed out that there is a direct relationship between mobile malware and the propensity for users to jailbreak phones in a given region. Unlocking devices can provide smartphone users the possibility of more choices in terms of apps, but it also means cybercriminals may have an easier way to target their potential victims.

Naturally, the statistics from Damballa aren’t intended to suggest chief information security officers and their teams should ignore the various Trojans, ransomware and other similar threats; when cybercriminals strike, the results can be disastrous. Ultimately, the numbers could mean IT departments will spend less time fending off cybercriminals directly. Rather, they may concentrate their efforts on educating their co-workers about phishing schemes and other techniques that might get them into trouble. It’s a matter of not leaving yourself exposed and vulnerable to unexpected danger — not unlike taking shelter during a thunderstorm to avoid lightning.

Image Source: iStock

More from

Taking the fight to the enemy: Cyber persistence strategy gains momentum

4 min read - The nature of cyber warfare has evolved rapidly over the last decade, forcing the world’s governments and industries to reimagine their cybersecurity strategies. While deterrence and reactive defenses once dominated the conversation, the emergence of cyber persistence — actively hunting down threats before they materialize — has become the new frontier. This shift, spearheaded by the United States and rapidly adopted by its allies, highlights the realization that defense alone is no longer enough to secure cyberspace.The momentum behind this…

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

Why maintaining data cleanliness is essential to cybersecurity

3 min read - Data, in all its shapes and forms, is one of the most critical assets a business possesses. Not only does it provide organizations with critical information regarding their systems and processes, but it also fuels growth and enables better decision-making on all levels.However, like any other piece of company equipment, data can degrade over time and become less valuable if organizations aren’t careful. What’s even more dangerous is that neglecting data hygiene can expose organizations to a number of security…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today