Mobile security threats continue to plague businesses
By Nebojsa Ciric
In the past decade, the smartphone has become an indispensable part of our everyday life. We use it for organizing our day and communicating with friends and colleagues. But we also use it for accessing online entertainment and performing business-related tasks. Unfortunately, the widespread use of smartphones has its drawbacks. It has made them an attractive target for hackers, thieves and cyber-warfare agents. As a result, mobile security is becoming a major concern in the corporate sector.
According to a recent study by the Ponemon Institute, the average cost of a corporate data breach is $3.86m. Small businesses are particularly at risk – a report conducted by Verizon found that small businesses accounted for 43% of all corporate data breaches. Mobile devices are having a prominent role in these attacks. The biggest problem is that businesses tend to overestimate the effectiveness of their mobile security precautions, so corporate management should educate themselves on the security risks that mobile devices present to their companies. To further this goal, here is a primer on the current state of mobile security.
Social engineering attacks on the rise
Cyberattacks based on social engineering and exploiting human behavior are some of the most widely-used forms of attack. They use methods such as phishing, pretexting and baiting. In a 2019 studyconducted by Mimecast, 94% of participating organizations reported experiencing phishing attacks in the last 12 months.
Social engineering attacks are common on mobile platforms – IBM claims that mobile users are three times more likely than desktop users to fall for phishing scams. Employees tend to use the same device for both private and business matters, which makes it easy for attackers to gain access to corporate data as well as personal information.
Social engineering attacks are difficult to defend against through technological means. The best course of action is to take the appropriate preventive measures. Bring your employees up-to-date with the latest security threats. Educational material on security will make them much more engaged. They will become more proficient at avoiding attacks, especially ones that rely on human negligence or lack of knowledge.
Hackers continue to exploit wireless networks
Corporate employees are always on the move. This means they often use a variety of networks to connect online. And a smartphone is only as secure as the network it is using to transmit data. Unfortunately, many public Wi-Fi networks are less secure than we assume. Hackers will use these networks to perform a variety of attacks, such as the man-in-the-middle attack or the evil twin attack. Hackers easily track online interactions to steal sensitive data. They can even completely hijack your mobile device.
The first line of defense is an appropriate level of cybersecurity awareness across the organization, through staff training courses either online or otherwise. Up-to-date WiFi systems is also a must. Other preventive measures include avoiding connections to suspicious Wi-Fi networks and sharing sensitive information over a public Wi-Fi. A further measure would be to encrypt all outgoing mobile traffic, as well as apply for a VPN service.
Heightened risk of physical breaches
According to Shred-It, 40% of business owners believe negligence to be the biggest factor behind data breaches. An unattended mobile device can pose a serious security risk. More so if it lacks proper security measures such as a PIN code or fingerprint lock. Even these measures are not enough to prevent more advanced hacking attempts. These include electromagnetic waveform attacks, or juice jacking attacks. What is worse, the Ponemon study found that 35% of professionals did not use any security measures.
There are several measures you can take to reduce the risk of physical device breaches. These includeraising security awareness and enacting security policies. For example, one of the policies can specify that employees must use the security features provided by their devices such as password protection or encryption.
Mobile security clouded by shadow IoT
Tablets, smartphones and other smaller connected devices are a major concern. We call them shadow IoT, i.e., devices employees use without the knowledge of the IT department. These devices are dangerous, because they do not guarantee regular software updates. This is a common issue with a lot of Android devices. But manufacturers seem to struggle to keep their products updated.
The lack of proper security measures makes IoT devices easy targets for hackers. Luckily, not all Android devices are insecure. Some of them receive timely software updates, making them less prone to an attack. But until every device is safe, enterprises must enforce their own cybersecurity measures, such as holding regular security checks.
Weak passwords still a major issue
Password hygiene is a long-standing issue associated with computer use that does not seem to be going away. Predictably, "123456" topped SplashData's list of most common passwords, while a study conducted by the UK's National Cyber Security Centre and Troy Hunt of website Have I Been Pwned reported that 23 million users worldwide had accounts breached with this exact password.
Weak passwords are especially devastating in conjunction with a "bring your own device" policy, where employees use the same phone for both private and business accounts. A further issue is the fact that few corporate employees use two-factor authentication. Combined with weak passwords, this increases the susceptibility of businesses to cyberattacks. A study by Preempt reported that one in fiveemployees in enterprises uses passwords that are susceptible to compromise.
There are several best practices for password-based security systems. First, it is important to never reuse passwords. This allows hackers to gain access to many accounts at once. Second, passwords should be periodically changed in case there is a data leak. Finally, two-factor authentication should be enabled when possible to add an extra layer of security.
Keep your enterprise safe
Enterprises can save tons of money if they prepare well against cybersecurity attacks. Every employee has at least one mobile device and these have become easy targets for hackers. Individuals must learn how to secure mobile devices to stay protected. This keeps businesses safe from the looming threat of a cyberattack.
Tablets and laptops are still in heavy use. But most of our online activity revolves around the smartphone. It has become the main hub of our digital activities. It is therefore imperative we become aware of the dangers associated with their use.