Security threats have turned to the Mobile industry
It’s not only the data exist in our PCs and desktops that are the bread and butter of hackers, but our smartphones are also a prime target for them. Do you know, back in 2018, 151,359 new mobile banking Trojans and 60,176 new mobile ransomware Trojans were detected.
If you’re in Iran, then you’re at high risk.
Our phone might not be a hotbed of sensitive information, but yes if that cell phone would belong to one of the thousands of employees of a well-known organization, then that mobile would be of 1000s of bucks for hackers.
That’s the reason why mobile security is at the top of every company’s worry list these days — and it’s for good reason; almost all the workers now accessing corporate data from smartphones, means keeping sensitive info out of the wrong hands is becoming an intricate puzzle.
While it’s easy to focus on the subject of malware, the truth is that mobile malware is incredibly uncommon – with your odds of being infected less than your odds of being struck by lightning.
Thanks to the nature of mobile malware and the built-in protections of modern mobile operating systems.
To get the hold of such threats, businesses should know the types of mobile threats.
Types of Mobile threats
Like viruses and spyware, there are a variety of security threats that affect mobile devices. I am dividing them into several categories – application-based, network-based, and web-based threats.
Downloadable applications present different security issues for mobile devices.
“Malicious apps” look fine upon downloading, but are specifically designed to commit fraud; more than 24000 mobile apps blocked by various app stores every day.
Sometimes some legitimate software also is exploited for fraudulent purposes.
Application-based threats are:
- Malware – a malicious performance while installing on your phone. Without your consent, malware can make changes to your bill, send unsolicited messages to anyone in your contact list, or give an attacker control of your device.
- Spyware – It is designed to collect or use your data including call history, text messages, browser history, user location, contact list, email, and photos. The stolen information could be used for financial fraud and/or identity theft.
- Silent hackers – Caused by applications that are not malicious, but gather information (e.g., contact lists, location, personally identifiable information) to perform their function.
- Vulnerable Applications – These are apps with flaws, exploited enough for malicious purposes. Such vulnerabilities allow an attacker to access personal information, perform malpractices, stops a service, or download apps without your knowledge.
Mobile devices support cellular networks and local wireless networks (WiFi, Bluetooth). Both of them can host different classes of threats:
Network exploits – They take advantage of flaws in the mobile operating system or software that
- operates on local or cellular networks. Once connected, they install malware on your phone.
- Wi-Fi Sniffing – It intercepts data while traveling through the air between the device and the WiFi; thanks to those applications and web pages that do not use proper security measures, sending unencrypted data across the network, letting outsiders read the data as it travels.
Because mobile devices are connected to the Internet and frequently using web-based services, letting web-based threats posing persistent issues for mobile devices.
- Phishing Scams – They use email, text messages, Facebook, and Twitter to send you malicious links or to trick you into providing sensitive information.
- Browser exploits – They take advantageous vulnerabilities in your mobile web browser or software; visiting an unsafe web page can trigger a browser exploit to install malware or perform other malicious actions.
- Drive-By Downloads – it’s an automatic approach to download an application when you visit a web page; some requires your action/s, while others start automatically.
You’ll find the more realistic mobile security hazards in some easily overlooked areas, all of which are expected to be more pressing as we are on our way through 2019:
- Social engineering – Humans are easier to hack than technology
The tried-and-true tactic of trickery is as troubling on the mobile as it is on other fronts; though it’s quite the easiest to avoid social engineering cons, they are still effective.
A staggering 91 percent of cybercrime begins with a phishing email; this one email could infiltrate your entire organization. According to the same report, hackers use tactics like impersonation, whaling, CEO fraud, W2 scams, credential harvesting, etc., to trick people into clicking dangerous links or providing info.
According to IBM – users are three times more likely to respond to a phishing attack on a mobile than a desktop because a phone is where people first see a message. While 4 percent of them actually click on phishing-related links.
Thanks to the line between work and personal, which is continuing to blur; now more and more workers are accessing multiple inboxes — connected to both work and personal accounts simultaneously. Almost everyone runs some personal stuff online during the workday; consequently, the notion of receiving of a personal email alongside work-related messages doesn’t count unusual on the surface, even if it may be a ruse.
- Data leakage – You’ve to be the robot urologist
It sounds like a diagnosis from the robot urologist, but data leakage is one of the most worrisome threats to enterprise in 2019. Remember those nonexistent odds of being infected with malware? And, when it comes to a data breach, companies have a 28 percent chance of experiencing at least one incident in the coming two years.
What makes this issue more vexing is that it often isn’t nefarious; rather, it’s a matter of users making ill-advised decisions about which apps can see and transfer their information.
Other user errors could be -transferring company files onto a public cloud storage service, forwarding an email
to an unintended recipient or pasting confidential info in the wrong place.
For such types of leakage, using data loss prevention (DLP) tools are by far the most effective form of protection; such software explicitly prevents the exposure of sensitive information, even in accidental scenarios.
- Wi-Fi interference – The easiest to happen
Security of a mobile device is only possible if the network through which it transmits data is impenetrable.
We are all fearlessly connecting to public Wi-Fi networks, without assuming the security of our data while connected to such networks; approximately 24.7% of Wi-Fi hotspots in the world are not encrypted.
You must be wondering how significant of a concern is this with businesses?
According to research by Wandera, corporate mobile devices use Wi-Fi three times as much as they use cellular data; nearly a quarter of them connect to open Wi-Fi networks and 4 percent of devices have encountered a MITM attack.
The best way is to encrypt internet traffic, using different software or leave doors on your perimeters open.
- Out-of-date devices – Updates sound creepy but saves your bucks in the long run
Smartphones, tablets, and other connected devices — Internet of Things (IoT) — started posing a new risk to enterprise security in a non-traditional manner. Such devices often come without guarantees of timely and ongoing software updates, especially on the Android front, where the majority of manufacturers are embarrassingly ineffective at keeping their products up to date.
Many of them don’t even have a patching mechanism, and that’s why becoming more and more of a threat these days.
Again, a solid policy goes a long way. There are Android and other devices that do receive timely and reliable ongoing updates; in case you’ve no time to look for the updates, better to get equipped with any Android privacy and security tools.
Until the IoT becomes less of the wild west, it requires companies to create their own security net around them, or else let them remain vulnerable.
- Poor password hygiene
It must sound old school, but somehow, users are still not taking passwords seriously; thanks to passwords to secure our accounts so easily, but when we will understand its importance?
When you’re carrying phones that contain both company accounts and personal sign-ins, taking passwords lightly is a fool’s decision.
Breaching a password means breaching all the passwords – as we often use one password combination for all the accounts.
Don’t believe me?
Have a look at this survey by Google and Harris Poll;
- Half of Americans reuse passwords across different accounts.
- Nearly a third of them aren’t using two-factor authentication (or don’t even know).
- Only a quarter of netizens are actively using a password manager, means many of them probably don’t have particularly strong passwords.
Things didn’t get worse from there only.
According to LastPass, more than half of the professionals use the same passwords for both personal and work accounts. And an average employee shares six passwords with a co-worker within the course of his or her employment.
So, which mobile threat is winning?
According to Verizon, weak or stolen passwords are to be blamed for more than 80 percent of hacking-related breaches occurred in businesses.
From a mobile in particular — where workers sign in quickly to apps, sites, and services — think about the greater risk that could pose to your organization’s data if even just an employee is sloppily typing the same password they use for a company account on a random retail site, message forum, or chat app.
Now merge that risk with the aforementioned risk of Wi-Fi interference, multiply it with the total number of employees in your workplace, and imagine the layers of exposure points that could rapidly add up.