If there is one device we as humans increasingly seem unable to live without, it’s our phones – a.k.a. mobile devices.
We use them for everything, from booking transport to ordering food, checking the weather to watching our favourite movies, and oh my, the anxiety should our batteries die or we can’t access the internet for a day!
But despite how significant mobile devices are in our modern, daily lives, they are one of the least protected or secured. Mobile device security is at the top of every company’s worry list these days — and for good reason. Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly difficult task.
The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is $3.86 million according to 'Cost of a Data Breach Report 2020' (commissioned by IBM).
The more realistic mobile device security hazards lie in some of these easily overlooked areas:
A smartphone knows everything about us
A person would probably not consider it smart to leave their debit and credit cards, ID number, and just about every other piece of personal information lying about in public, but many people have no problem keeping all that info, along with the log-in credentials required, on their phone. The same phone that may or may not even have a screen lock, much less any real security.
It’s a route into your wallet
Not only is a phone a repository for payment cards, but they are also mobile payment platforms hosting the owner’s Google, Apple, or Samsung payment info. This type of convenience leads to the next reason criminals love smartphones.
Autofill has become our best friend
Because we always have our phones, and they have the ability to make simple tasks like entering a bank easy, we have filled them with even more information making them extremely valuable to anyone with a criminal nature.
Data leakage
It may sound like a diagnosis from the robot urologist, but data leakage is widely seen as being one of the most worrisome threats to enterprise security. What makes the issue especially vexing is that it often isn’t criminal by nature; rather, it’s a matter of users inadvertently making ill-advised decisions about which apps are able to see and transfer their information. In August 2021, according to the BBC the UK was looking to de-regulate from the stringent GDPR rules forging it’s own path. The challenge with this perhaps, is that it could lead to a more complex web of cross border data leakage incidents – and no clear idea of whether they are reportable.
“The main challenge is how to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users,” says Dionisio Zumerle, research director for mobile security at Gartner. He suggests turning to mobile threat defence (MTD) solutions — products like Symantec’s Endpoint Protection Mobile, CheckPoint’s SandBlast Mobile, and Zimperium’s zIPS Protection. Such utilities scan apps for “leaky behaviour”, Zumerle says, and can automate the blocking of problematic processes.
Social engineering
The tried-and-true tactic of trickery is just as troubling on the mobile front as it is on desktops. Despite the ease with which one would think social engineering cons could be avoided, they remain astonishingly effective.
A staggering 81 percent of data breaches observed by Verizon’s Enterprise Solutions division are the result of phishing, according to the company’s 2021 Data Breach Investigations Report. While only 3 percent of users fall for phishing attempts, Verizon says, those gullible guys and gals tend to be repeat offenders: The company estimates that in a typical organisation, 15 percent of users who are successfully phished will be phished at least one more time within the same year.
What’s more, numerous bits of research suggest users are more vulnerable to phishing from mobile devices than desktops — by as much as three times, according to an IBM study, in part because a phone is where people are most likely to first see a message.
Wi-Fi interference
A mobile device is only as secure as the network through which it’s transmitting data. In an era where we’re all constantly connecting to public Wi-Fi networks, that means our info often isn’t as secure as we might assume.
Just how significant of a concern is this? According to new research being released by enterprise security firm Wandera, corporate mobile devices use Wi-Fi almost three times as much as they use cellular data. Nearly a quarter of devices have connected to open and potentially unsecured Wi-Fi networks and 4 percent of devices have encountered a man-in-the-middle attack — in which someone maliciously intercepts communication between two parties. If you don’t have a VPN, you’re leaving a lot of doors on your perimeters open.
Geolocation
There is more to cybersecurity than keeping your data out of the wrong hands. A phone also knows where you are, have been, work, hang out, etc. All bits of info that could be a problem if they happen to fall into the wrong hands.
Bluetooth
Criminals have been quick to capitalise on smartphones' many points of entry and exit, such as Wi-Fi, 4G, and Bluetooth. For several years now, Bluetooth has been a regular feature on smartphones and other mobile devices. Yet, like GPS, it is still seen as a potential entry point for cybercriminals. The effects of such an attack can result in Bluesnarfing – where a phone’s private information is compromised, or Bluebugging, which allows a criminal to more or less take complete control of your phone. Luckily, while there is a risk, these methods are becoming increasingly harder for hackers to exploit.
Mobile-specific scams
Criminals are also able to take advantage of one smartphone feature few people even use today. A phone call. In countries like China, for example, malware can be used to access devices and force them to call premium numbers that charge large amounts. These scams are not only potentially lucrative but can also spread across large numbers of devices.
Physical device breaches
Last but not least: A lost or unattended device can be a major security risk, especially if it doesn’t have a strong PIN or password and full data encryption.
Consider the following: according to AXIS Capital 35 views of Cyber, there are around 200 million PC’s and mobile devices in use and around 8% - 14% are infected with malware. When compared to India and China the number of mobile devices in use doubles and almost triples respectively with an eye watering 30% plus of those millions of devices being infected with malware. The moral of the story – be very careful when communicating or transacting in those two countries – because you might get a nasty infection.
The take-home message is simple: your mobile device security should be treated in the same way you would your own home, bank card, and private information.
GoldPhish educates end-users on the cyber threat and helps build more secure organisations with awareness training and phishing simulation
Get in touch for more information: info@goldphish.com