Light Dark
April 23, 2015 By Shane Schick 2 min read

Most people would probably agree getting struck by lightning is worse than downloading mobile malware, but security researchers say the statistical likelihood of either happening is about the same.

Unveiled at the recent RSA Conference in San Francisco, Damballa Inc. presented detailed results from a two-year study of more than 2 million unique hosts contacted by mobile devices across North America. The research concludes that mobile malware was contacting only 0.0077 percent of devices, based on a blacklist it had compiled. That means the average mobile user has only a 0.01 percent chance of being hit by a cybercriminal attack on his or her smartphone or tablet.

Damballa isn’t the only firm downplaying the extent of mobile malware issues. Verizon recently published a report of its own that said much of the same thing and even questioned the way organizations calculate the true cost of stolen data.

Besides suggesting many threats to mobile users may be wildly overblown, there were other surprises in Damballa’s research. As CSO Online noted, the report showed mobile malware infection rates were twice as high two years ago, the last time the company conducted a similar study. While that could be a credit to app stores that fend off the apps that pose the biggest risks, it could also be the increased sophistication of software tools to fight off cybercriminals.

A story on TechTarget pointed out that there is a direct relationship between mobile malware and the propensity for users to jailbreak phones in a given region. Unlocking devices can provide smartphone users the possibility of more choices in terms of apps, but it also means cybercriminals may have an easier way to target their potential victims.

Naturally, the statistics from Damballa aren’t intended to suggest chief information security officers and their teams should ignore the various Trojans, ransomware and other similar threats; when cybercriminals strike, the results can be disastrous. Ultimately, the numbers could mean IT departments will spend less time fending off cybercriminals directly. Rather, they may concentrate their efforts on educating their co-workers about phishing schemes and other techniques that might get them into trouble. It’s a matter of not leaving yourself exposed and vulnerable to unexpected danger — not unlike taking shelter during a thunderstorm to avoid lightning.

Image Source: iStock

 |  |  |  |  |  | 
Shane Schick
Writer & Editor

More from

December 23, 2024

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

November 22, 2024

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

November 21, 2024

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature