Mobile Is the New Target

It’s safe to say that the future of computers and communication lies not in the conventional desktop, but with mobile devices like smartphones, tablets, and laptops. The ease of operation, the single point benefits they offer, their price effectiveness, and their size make them a hot favorite, ideal to use from any place that provides an internet connection. The proliferation of software and applications too has done its bit for this form of computing. Organizations too have joined the fray, equipping their employees with smart handheld devices connected to the organization network. The Internet of Things (IoT) has contributed its bit to the proliferation. It is estimated that by 2025, there will be 75 billion ‘things’ connected to the internet.

But what is often overlooked in the euphoria of the smart benefits, is the fact that mobile devices are one of the fastest-growing attack spaces for hackers and cybercriminals.

The threat is tangible

Finances Online’s statistics report ⁽¹⁾ says that laptops, mobile phones, and tablets are the most vulnerable to cybercrimes, ahead of wireless access points, servers, and routers.

Forbes ⁽²⁾  categorically states that while on the one hand, the increase in mobility has revolutionized the way we do business, it has, on the other hand, also created new security risks. A 2021 article says that Small Businesses – one of the main targets after corporates – are majorly unprepared to prevent, detect or respond to cyberattacks. The article alludes to a general feeling on the part of these businesses that hackers would not bother to waste time in a cyberattack. The reverse is actually true, with hackers having a field day.

What’s alarming is that it takes the hacking of just one device for a hacker to not only get access to the individual’s data but also gain access to the company network via the hacked device.

Why mobile devices are being targeted

Here are some of the reasons that mobile devices are targeted.

1. Mobile devices provide an easy gateway for cybercriminals to steal passwords and then gain access to company networks
2. A considerable number of employees use their mobile devices to access company networks. Satrix ⁽³⁾ puts the figure as high as 39%. Hacking a device allows cybercriminals to gain access to company data
3. Mobile devices come with a data-rich environment that if hacked allows the user to gain access to contacts, credit card information, social media accounts, investments, and even ‘eavesdrop’ on confidential interactions by seizing control of the device’s camera and microphone.
4. Mobile devices offer the hacker the opportunity to install malware and ransomware that can be leveraged to perpetrate fraud.
5. A significantly high percentage of mobile device users spend their time accessing the internet over unsecured networks and unprotected locations away from the corporate network, making them easy targets for hackers. Forbes puts this percentage at 80%.
6. Users of mobile devices access several applications that offer opportunities for hackers to gain access to the devices due to vulnerabilities therein or via phishing / social engineering methods. Satrix says that nearly 70% of online fraud is accomplished via mobile platforms
7. Many organizations opt for a Bring-your-own-device (BOYD) policy for company work, making it relatively easy for hackers to gain access to the device and thereby the company network

Stepping up Mobile Security

Mobile Security solutions can obviously have untold benefits for an organization. From safeguarding organization devices from malicious advertisers and keeping viruses and Trojans at bay to providing upgrades and patches that keep devices battle-ready in the event of an attack, to safeguarding confidential data and even automatically deleting data from a lost device, to using industry-standard virus protection, to providing VPN-enabled internet access, mobile security is more than ever the need of the hour.

Organizations would need to do the following:

• Establish a device policy that may include for example clear divisions between work areas and personal areas that the employee can use
• Regularly install upgrades and patches to ensure up-to-date protection
• Install a good management device software
• Encrypt data storage
• Monitor traffic to and from the device with the use of firewalls
• Keep a backup of all data and applications on devices

Forbes suggests a solution that takes care of the following types of protection:

• Perimeter Protection, a method of threat management that allows you to create a firewall that protects the company network, systems, and data from external threats (malware, viruses, and more)
• Private Network Access for secure access to specific company apps and data for those who need it without opening the entire network
• Mobile Device Protection with a cloud-based security solution that allows company employees to be protected regardless of how or where they access the internet
• Monitoring and Remediation which uses artificial intelligence (AI) to proactively search PCs, tablets, and servers for threats, quickly detecting issues and providing remediation

Best Practices in mobile security

An interesting development in mobile security is imminent for personnel using Government-Furnished Equipment (GFE) mobile devices. The Cybersecurity and Infrastructure Security Agency ⁽⁴⁾ (CISA) reports that their Cyber Quality Services Management Office (QSMO) will offer mobile cybersecurity shared services to minimize risks inherent in the GFE devices due to the sensitive nature of activities of their personnel. The first is Mobile Application Vetting (MAV) which facilitates security integrity checks of government-developed and third-party mobile apps. The second is Traveler-Verified Information Protection (T-VIP) which makes comparisons of pre-travel and post-travel scans of the GFE devices and identifies suspicious changes on the devices made during their personnel’s travels during diplomatic and other missions/travels. CISA calls these game-changing developments to augment mobile security.

MAV and T-VIP could arguably lead the way for the development of similar mobile security measures for the industry at large.

Outlook

With the ease of operation that they offer amongst other benefits, one cannot see any change in the pattern of mobile device usage. However, a good sign is that organizations are taking the threat to mobile devices seriously and stepping up their mobile security initiatives. Hopefully, this mindset will also rub on to individual users so that they do not fall prey to the burgeoning lot of hackers out there looking to make hay while the cyber sun shines!

Aurora IT with its Mobile Security and Network Security Services and Firewalls can help organizations put in place effective mobile security solutions. For more information, please visit our website www.aurorait.com or call us at (888) 282-0696

References

1. Finances Online: 73 Important Cybercrime Statistics: 2021/2022 Data Analysis & Projections – Financesonline.com
2. Forbes: 5 Reasons Hackers Target Mobile Devices And How To Stop Them (forbes.com)
3. Satrix: Why is Mobile Cybersecurity Becoming so Critical Day by Day? | by BHHAAVIK G. PATEL | Cyber Security Solutions | Medium
4. CISA: https://www.cisa.gov/mobile-cybersecurity-shared-services