The recently launched Verizon Data Breach Report 2015 gathered many news headlines because of its bold statement that security threats to your mobile phone are generally "overblown." The report highlights that the total number of security vulnerabilities that have been used for exploits, regardless of platform, is "negligible" \u2014 whatever device you use, you probably aren't at risk as long as you use common sense.\n\n\nThis claim has ruffled many feathers \u2014 not least because the media and many security companies have for some time loved to jump on the bandwagon about the supposed security risk to the device we all carry around in our pockets every day.\n\n\nIt\u2019s long been popular to talk about mobile malware and how our mobile phones are at risk of being infected but despite a few high profile \u2018hacks\u2019\u2014which were in reality more social engineering attacks than real hacks\u2014nothing substantial has yet been seen in the cybersecurity world.\n\n\nAs Verizon said in the report: \u2018we found hundreds of thousands of (Android) malware infections, most fitting squarely in the annoyance-ware category\u2019. But further analysis revealed: \u2018An average of 0.03% of smartphones per week\u2014out of tens of millions of mobile devices on the Verizon network- were infected with \u201chigher-grade\u201d malicious code.\u2019\n\n\nOf course if your phone is in that 0.03 per cent or it belongs to the Chief Executive of your bank or supplier you should still be worried.\n\n\nSo while Verizon might be downplaying the mobile threat, I do agree that while cyber-attack techniques generally are getting more sophisticated \u2013 most compromises depend on simple tried and tested techniques like phishing, social engineering and simple hacks to get into the network.\n\n\nAs Cisco\u2019s own 2015 Annual Security Report highlighted, most companies are still not doing a good enough job patching their computers, websites and servers. For example we found that despite all the publicity around the Heartbleed vulnerability in 2014 \u2013 56 per cent of the businesses we looked at were running applications older than 56 months old and so were still vulnerable to Heartbleed.\n\n\nThe reality is that while new threats and headlines catch our attention and dazzle us all \u2013 the majority of cyberattacks taking place today around the world are using tried and test techniques which exploit often well-known risks and vulnerabilities.\n\n\nUndoubtedly some cybercriminals are using techniques to target mobile devices but their efforts are dwarfed by the huge number of other more \u2018mainstream\u2019 attacks being used against existing non-mobile applications and networks.\n\n\nIn addition to the high volume \u2018mainstream\u2019 attacks, there is a more worrying dark side that comes from very well funded cybercriminals and foreign governments who invest millions in vulnerability research to identify previously \u2018unknown\u2019 vulnerabilities (Zero Day) and build and use highly sophisticated exploits that are tested against security technologies before that are launched at their highly targeted victim. Their intent is to steal intellectual property to sell or gain economic advantage\n\n\nBut all of that doesn\u2019t mean we should be complacent with our mobile security. We know that cybercriminals follow the money and when one door is shut, they look at other opportunities to exploit. The same can be said for mobile. As businesses continue to embrace mobility and the benefits the Internet of Things brings, cybercriminals will turn their attention more seriously to those platforms.\n\n\nSo now is the time to follow best practice and to implement Bring Your Own Device (BYOD) policies that clearly define the proper use of employee-owned devices in the enterprise and embed security at the core of our policies and networks.\n\n\nWe know that in order to maintain control of the network:\n\n\nFirst, identify technologies that provide visibility into everything on the network \u2013 devices, operating systems, applications, users, network behaviours, files as well as threats and vulnerabilities. With this baseline of information they can track mobile device usage and applications and identify potential security policy violations.\nSecond, enterprises should leverage technologies that help apply security intelligence to data so that they can better understand risk. From there, it\u2019s possible to evaluate mobile applications to determine if they are malware and even identify vulnerabilities and attacks targeting mobile assets.\nThird, identify agile technologies that allow the company to adapt quickly and take action to protect systems in rapidly changing mobile environments. Enterprises need to create and enforce policies that regulate what data can be transmitted to BYOD users.\nFor employee owned devices it may be useful to lock down your organisation\u2019s network or computers (laptops, desktops, servers) with capabilities like application control. Consider approved applications that can be used by employees to remotely access their desktop computers back in the office form their tablet while travelling. While they may not be able to limit the installation of an application on the device, they can prevent it from running on corporate-owned computers.\n\n\nIn the meantime, cybersecurity professionals need to keep their attention firmly on the existing threats to their environments and not be dazzled by the headlines. But at the same time, they need to ensure they are ready for when that situation changes and concerns becomes reality.