Today’s mobile cybersecurity faces growing threats, an increasing complexity of devices, and more intelligent malware threats attacking devices, apps, and networks. The 2016 Mobile Threat Intelligence Report from Skycure showed that an estimated one-third of all executive devices had been exposed to network attacks in first quarter of 2016 alone, and that an average of 22.5% of those devices contained mobile malware. Security company Kaspersky also states that mobile threats to Android devices grew by over threefold in 2015, which makes sense considering an increasing reliance on mobile devices, mobile payment applications, and enterprise data access on relatively unsecured devices.
Despite the statistics, many companies struggle with initiating best practices for device security, network security, and controlling the risks associated with Bring Your Own Device (BYOD) policies.
BYOD Presents Increasingly Complex CyberSecurity Risks
More than two thirds of Americans own a smartphone and 99% of employees use phones in the workplace. BYOD is necessary for control over network and device security because employees who aren’t “allowed” to bring their phones bring them anyway. An Economist Intelligence Unit report suggests that 40% of persons interviewed bring their phones to work no matter what, while 50% said they consider their mobile device to be their primary computing device. BYOD is unavoidable, despite the fact that it allows employees to access networks with potentially compromised devices and apps.
BYOD also creates increasing complexity for IT security professionals, simply because of the range of operating systems and devices. One study showed that employees use an average of 4.6 devices for work, and many of these include Internet of Things (IoT) devices such as tablets, smart watches, and other networking devices. Many Android tablets are susceptible to the same Android malware as smartphones, like Hummingbad, which affects millions of phones and tablets worldwide.
This puts networks at risk from multiple types of attacks, including device, network, and app-based malware. In fact, risks associated with using apps are larger than many think. IT professionals are integrating apps for FTP, remote connections, file management, VPN, SSH Network Protocol connections, and much more, making them, and therefore company networks and servers, more vulnerable to mobile malware. A CC Insight Survey showed that only one-third of apps used by employees are created for the company. Instead, most use cloud-based SaaS apps like Adobe, Skype, LinkedIn, WhatsApp, Microsoft Office, etc., all of which create their own security, privacy, and data sharing risks. A study by FireEye also shows that 5 billion downloaded Android apps are susceptible to attack. That’s a big deal for corporations of all sizes.
How to Protect Your Network
The most common mobile malware threats include ransomware, spear phishing attacks, network attacks, app hacks, and even multi-device malware programs capable of capturing mTAN passwords (two-factor authentication passwords), all of which can threaten income, data security, and brand privacy. Android is also the most at-risk system, with more mobile malware families targeting its operating system than any other. In fact, Conficker, which allows operations and malware to be downloaded onto an infected Android phone, was responsible for 17% of all recognized mobile malware infections in the first quarter of 2016. Others like HummingBad, IOP, and Sality are also threats, as most of them allow remote access and control of an infected device. Because attacks come from networks, phishing, and apps, mobile cyber security must be as complex as the risks involved in order to protect businesses.
Here are a few ways to protect your company from mobile malware threats:
- Educate – One in two users report clicking on links from people they don’t know. Teaching employees about device security can help to reduce cyber security risks.
- Monitor your networks – Spear phishing, or the process of creating a username similar to others on the network to share phishing attacks, is a growing mobile approach.
- Integrate and monitor MDM (Mobile Device Management) to ensure that devices can be locked down or remotely wiped if they go missing.
- Regularly inspect and update devices. A MobileIron report found that 53% of enterprises have at least one device that is not compliant. The most common non-compliance trends include missing devices (33%), user removed PIN (22%), user removed mobile device management (5%), and old policies on device (20%).
- Create a robust security platform and network.
- Isolate and encrypt company data to prevent it from being stolen.
- Integrate device as well as network security.
- Pay attention to user privacy while integrating security.
The ISMG/IBM survey “The State of Mobile Security Group” reports that 30% of surveyed companies say they are focusing on device security, with an additional 25% aiming for application security as well as transaction and content security. Considering that mobile cyber security threats have gone up by 300% since 2015, that isn’t enough.
While your mobile security landscape will entirely depend on your workplace environment, your BYOD policy, your MDM policy, and your existing security protocols, it is crucial that you understand your current risks so that you can take the steps to correct them. A Threat Sketch Risk Assessment can help you to evaluate your company’s mobile cyber security threat landscape so you can make decisions regarding security measures and policies for your company.
About the Author: Brandy Cross is a freelance writer specializing in technology and marketing solutions for SMBs, with experience writing for everyone from startups to Fortune 500s.