Nowadays, mobile security ranks high on the list of concerns for all companies, and this is for good reason: now almost all workers access company data from smartphones on a regular basis. It means that keeping sensitive information safe is an increasingly complex puzzle. The stakes are higher than ever: The average cost of a corporate data breach is $ 3.86 million, according to a report published in 2018 by Ponemon Institute.
1. Data Leak
This may seem like a diagnosis from the urologist robot, but data leakage is considered one of the most worrying threats to business security in 2019. Do you remember these almost non-existent chances of being infected by Malware? According to Ponemon’s latest research, companies have about a 28% chance of experiencing at least one incident in the next two years, more than one in four.
What makes the issue particularly problematic is that it is often not harmful in nature; rather, it is about users who inadvertently make reckless decisions about which apps can see and transfer their information.
To prevent data leak, Data Loss Prevention (DLP) tools can be the most effective form of protection. This software is explicitly designed to prevent the exposure of sensitive information, even in accidental scenarios.
2. Wi-Fi interference
A mobile device is as secure as the network through which it transmits data. At a time when everyone is permanently connected to public Wi-Fi networks, our information is often not as secure as you might think.
How serious is this concern? According to Wandera enterprise security company research, enterprise mobile devices use Wi-Fi almost three times more than cellular data. Nearly a quarter of the devices connected to open and potentially dangerous Wi-Fi networks, and 4% of them experienced an “intermediate” attack – during which a man maliciously intercepted them – in the most recent month. McAfee, meanwhile, says that network spoofing has increased “dramatically” for a long time, but less than half of users are afraid to protect their connection when they move and rely on public networks.
However, selecting the right VPN is not so simple. As with most security considerations, a compromise is almost always necessary. An effective VPN should know how to activate only when absolutely necessary, not when a user accesses something like a news site or works in an application deemed secure.
3. Malware-Ridden Apps
There are many classifications of mobile malware threats and ways in which hackers deceive users. In 2019, some mobile apps are one of the most likely vectors of malware.
Often, workers sometimes download applications perceived by reliable companies. However, the applications are actually fake applications that act as legitimate and contain malware. Users probably do not understand it, but continue to download it, enter their personal information and are infected with malware. There have been thousands of malicious applications online and some of them have received millions of downloads. A recent report revealed that attacks by so-called illegal mobile applications have increased by 300%. Companies must prevent employees from downloading apps from unreliable sources.
4. Cryptojacking attacks
Cryptojacking appeared on the desktop but recorded an increase in the mobile range of 2017 at the beginning of 2018. The unwanted cryptocurrency mining represented one-third of all attacks in the first half of 2018, according to percentage analysis of increased notoriety during this period compared to the previous semester. And the crypto-hacking attacks on mobile phones increased between October and November 2017, when the number of mobile devices involved increased, according to a report by Wandera.
Analysts have also noted the possibility of crypto jacking via Internet-connected decoders, which some companies might use for streaming video. According to security firm Rapid7, hackers have found a way to take advantage of an obvious loophole that makes Android Debug Bridge, a command-line developer tool only, accessible and improper to use on such devices.
Hackers have used phishing scams to steal personal and business data. A common example is fraudulent e-mails in which users report details in error, causing theft of sensitive information.
On mobile devices, phishing scams take the form of text messages that invite users to reveal details, such as passwords. Known as SMiShing, this means that users receive a message inviting them to call a phone number. When the user calls, the phone data is easily retrieved. The user and the organization may not even be aware of the violation, especially if no security software is used on the mobile device.
SMiShing’s best defense is to teach users not to answer calls with unknown text messages, especially if the phone number seems suspicious.