Just four per cent of enterprise mobile devices have been patched against the Meltdown and Spectre, according to research carried out by security VAR Bridgeway Security.
Bridgeway examined the status of over 100,000 corporate-owned and managed mobile phones and tablets across UK private, public and third-sector organisations. Carried out yesterday, its research was based on anonymised and aggregated data taken from its IronWorks mobile management reporting solution.
It found that only four per cent had been patched against Meltdown and Spectre, despite patches for Android and IoS devices commonly being available for a week or more.
Some 72 per cent of the devices monitored were vulnerable to the two critical flaws, while a further 24 per cent are also likely to be vulnerable and currently impossible to patch due to the age of the device, according to Bridgeway (see graphic, top).
Bridgeway managing director Jason Holloway said that mobile devices may not have been top of IT departments' priority patch list, but emphasised they are equally at risk as traditional PCs and servers.
"It's worrying that only four per cent of organisations have applied updates to protect their devices against Meltdown and Spectre: it means the majority of companies are needlessly exposing their users, devices and more importantly, corporate data, to the risk of interception and exfiltration," he said.
"Mobile devices are the new target for hackers, who will be looking to exploit these flaws as quickly as they can. Organisations need to patch their mobile devices now, before they can be targeted."
Patching may not be an option for everyone, however, because many older mobile devices are running obsolete versions of operating systems that may never be patched, Bridgeway warned. This includes Android version 6.0 (Marshmallow).
Security firm set to become part of acquisitive Shearwater Group
Distributor merges three northern sites into one new hub in Warrington
Activist investor puts forward five director candidates as turmoil continues at security giant
Nima Green asks what is driving public cloud uptake in Germany