25 percent of FinServ employee mobile devices unpatched
25 percent of FinServ employee mobile devices unpatched

A quarter of financial service employee mobile devices have unpatched vulnerabilities, according to a recent Symantec report.

Android users were least likely to update their devices with 47.8 percent of Android users not running the latest major update compared to just 4 percent of iOS users who won't running the current major update however, at any given time up to 99 percent of those surveyed were running the newest minor update, according to the firm's Q2 Mobile Threat Intelligence report.

“Although this number may vary daily as patches are released and users update their devices, the data supports the broadly accepted notion that iOS users update their devices far more rapidly than those using Android devices, as only 4.6 percent of iOS devices in financial organizations have not been updated to the latest major OS version, compared to 47.8 percent of Android,” the report said.

Researchers said in any typical organization, nearly 24 percent of mobile devices will be exposed to a network threat in the first month of security monitoring while 46 percent will be over the next three months. These threats could include Man in the Middle (MitM) attacks or even a simple misconfigured router that exposes otherwise encrypted data for anyone to view.

If an employee using an infected device were to connect to a public Wi-Fi while transacting business on a potentially risky or malicious networks it could result in a breach exposing sensitive company information.

Researchers also tested 15 banking apps and found 65 percent of iOS version apps had at least a low level security issue while 35 percent had medium level security issues. Android versions fared worse with 43 percent having low level security issues, 47 percent having medium level issues, and 10 percent having high level security issues.

To combat these threat researchers recommend users not conduct sensitive work their device while connected to an untrusted network, always update to the latest security patch as soon as it is available for devices and apps and protect devices with free mobile security software.