5 Mobile Security Threats to Watch Out for in 2019
- December 5, 2018
Like 2017, 2018 has been quite an eventful year in terms of cyber-crimes, malware, and data breaches. Not just the web, the mobile industry got affected at an equal pace. Mobile Security threats have become more pressing because of an expected shift in web usage from desktop to mobiles and smartphones. Enterprises should keep their eyes open on mobile security issues in 2019.
Though, wasn’t as mandatory as it is now, mobile security is topping every company’s worry list and it shouldn’t be a surprise. Remember the T-Mobile’s data breach incident that took place in August this year with hackers stealing customer’s confidential data? This was just one incident; mobile hacking history shows hundreds of more similar cases. The stakes are higher than they ever were previously.
Do you know what the average cost of a data breach is? That’s a whopping $3.86 million – nearly 6.4% more than it was in 2017. (source: 2018 report by Ponemon Institute)
Malware might seem sensational enough to focus on, however, in case of mobiles, malware infections aren’t really common. Thanks to the advanced mobile threat detection and mitigation solution built into the present-day mobile operating systems. However, there are other rather serious mobile security threats that are easy to overlook, but in fact, are expected to become more obstinate to resolve in the coming year.
As naïve as it may sound, but data leakage is widely being witnessed as the most troublesome threat to enterprise cybersecurity as we progress towards 2019. In terms of a data breach, the Ponemon’s latest research reveals that the chances of companies to experience such an incident is 28% within the next two years.
The reason behind this is because of the ill-advised decisions made at user-end to transfer data using random apps. The only way to address this challenge is to implement an app inspecting way that doesn’t devastate the administrator and the users using it. One way to deal with this is to turn to mobile threat defense (MTD) solutions to scan apps for any sneaky leaky behavior, and also to automate the issues blocking processes.
Though the most cost-effective and intelligent way to avoid data leakage is to simply avoid to transfer company files onto a public storage platform, saving confidential data in a wrong place, or by accidentally forwarding an email to wrong recipients. Another way to defeat data leakage is to use Data Loss Prevention (DLP) tools to prevent sensitive information from being exposed to accidental scenarios.
Internet scams aren’t just limited to desktops but have hit a mobile front many times. Regardless of the thought of being able to dodge social engineering, it isn’t as effective as assumed. 2018 report by security company FireEye reveals that the source of 91% of cyber-attacks is a seemingly harmless sounding ‘email’. The attackers impersonate themselves to trick people into clicking on malicious links or providing their confidential data.
In 2017, Phishing grew tremendously, with mobile users being at the greatest risk of falling prey to it. Why this form of attack was easier to be fooled with is because these emails display only a sender’s name that becomes easier for the recipient to be tricked into thinking the email is genuinely from a person they know or trust.
In fact, an IBM study puts forward that users are more likely to encounter a phishing attack on a mobile front compared to a desktop. A mobile phone is an easy access to everyone for researching, checking emails etc, this has led to a rise in mobile susceptibility, especially at workplaces where the concept of BYOD work environment is growing rapidly.
Your mobile phone is only secure until it is transmitting data on a secure network. In times where we’re connected to the internet 24/7, either at home or public places, we cannot actually determine the security of our own data because of our own unawareness of using unsecured networks.
A research by Wandera, a security firm, reveals that corporate devices use Wi-Fi three times more than depending on cellular data. Being almost a quarter of devices connected to open and possibly unsafe Wi-Fi networks, 4% of devices have encountered a middleman attack where a third person or party vindictively interfere and disrupt communication between two different parties.
Technically, it isn’t very difficult for hackers to encrypt traffic. If you don’t use a VPN, chances are that you have left yourself exposed to cybercriminals to enter your perimeters.
Obsolete and Insecure Devices
IoT, which include smartphones, tablets, or any other smaller devices pose a security risk to enterprises, compared to traditional workplace devices. The reason being that these devices don’t necessarily come with a guarantee of automatic and timely software updates. This is specifically witnessed in Android OS where phone manufactures ineffectively lack in keeping their products up-to-date, compared to a rather close or confined Apple iOS. In fact, a lot of the Android devices don’t have come with a built-in patching mechanism, which is becoming a bigger threat these days.
Unless and until the mobile companies are taking this seriously, the only way to deal with this situation is to create very strong security policies and implement them at workplaces.
The concept of Crypto-jacking is relatively a new one that has appeared on the surface following cryptocurrency. In crypto-jacking, the attacker uses a device to mine for cryptocurrency without the device owner’s knowledge. In other words, in a crypto-mining process, the hacker gets access to your company’s devices and uses them for their own benefits. The hijacked phones, in this, experience a somewhat poor battery life, and could even suffer from damage because of excessive use.
According to Skybox Security analysis, unanticipated cryptocurrency mining made up nearly one-third of all attacks during the first half of 2018, which has led to a 70% rise in prominence since 2017. Although, the attacks, particularly in the mobile domain, have slightly been taken care of ever since the cryptocurrency apps have been banned on App store on iOS and Google Play store on Android devices. Nonetheless, security firms continue to monitor that such attacks haven’t completely stopped because of apps downloaded through unofficial third-party websites.
For now, there is no way to absolutely ward off these attacks, apart from using selected devices at work and implementing a strong security check in place. Seeing the rising interest in this area and no identification of which companies are under threat, it’s something one should stay watchful of in the coming year.
Here’s your take-home message: Do not leave it completely on your users’ or employees’ a workplace to take care of these aspects. No assumptions, just policies needed to be put in the right place at the right time and take necessary measures to see that they are followed by. Before the odds get worse, get your applications and devices tested by experts.
And for that, you know where to go.