Mobile security is at the top of every company’s worry list these days and for good reason. Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands can be an increasingly difficult task. That said, when the average cost of a corporate data breach is a whopping $3.68 million, which according to a 2018 report by the Ponemon Institute is 6.4 percent more than the estimated cost from last year, the stakes are seemingly higher than ever.
While it’s easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate. That’s thanks to both the nature of mobile malware and the inherent protections built into modern mobile operating systems.
The mobile security hazards that are expected to become more pressing in the coming years are:
1. Data leakage
This is seen as being one of the most worrisome threats to enterprises security as we head into the new year. The worst part about data leakage is that is isn’t nefarious by nature. Instead, it is based on wether users make ill-advised decisions about which apps are able to see and transfer their information.
Other issues beyond accidental leakage involve transferring company files onto a public cloud storage service, pasting confidential info in the wrong place, or forwarding an email to an intended recipient. For this type of leakage, data loss prevention (DLP) tools may be the most effective form of protection. This type of software is designed explicitly to prevent the exposure of sensitive information.
2. Social engineering
A staggering 91 percent of cyber crime starts with email, according to a 2018 report by security firm FireEye. The firm refers to such incidents as “malware-less attacks,” since they rely on tactics like impersonation to trick people into clicking dangerous links or providing sensitive info. Phishing, specifically, grew by 65 percent over the course of 2017, the company says, and mobile users are at the greatest risk of falling for it because of the way many mobile email clients display only a sender’s name — making it especially easy to spoof messages and trick a person into thinking an email is from someone they know or trust.
3. Wi-Fi interference
A mobile device is only as secure as the network through which it transmits data. In an era where we’re all constantly connecting to public Wi-Fi networks, that means our info often isn’t as secure as we might assume. According to research by enterprise security firm Wandera, corporate mobile devices use Wi-Fi almost three times as much as they use cellular data. Nearly a quarter of devices have connected to open and potentially insecure Wi-Fi networks, and 4 percent of devices have encountered a man-in-the-middle attack — in which someone maliciously intercepts communication between two parties — within the most recent month. McAfee, meanwhile, says network spoofing has increased “dramatically” as of late, and yet less than half of people bother to secure their connection while traveling and relying on public networks.
4. Out-of-date devices
Smartphones, tablets and smaller connected devices — commonly known as the Internet of Things (IoT) — pose a new risk to enterprise security in that unlike traditional work devices, they generally don’t come with guarantees of timely and ongoing software updates. This is true particularly on the Android front, where the vast majority of manufacturers are embarrassingly ineffective at keeping their products up to date — both with operating system (OS) updates and with the smaller monthly security patches between them — as well as with IoT devices, many of which aren’t even designed to get updates in the first place.
5. Cryptojacking attacks
A relatively new addition to the list of relevant mobile threats, cryptojacking is a type of attack where someone uses a device to mine for cryptocurrency without the owner’s knowledge. Essentially, it is a process that uses your company’s devices for someone else’s gain. It leans heavily on your technology to do it, which means affected phones will probably experience poor battery life and could even suffer from damage due to overheating components.
6. Physical device breaches
And of course, a lost or stolen device can be a major security risk, especially if it doesn’t have a strong PIN or password and full data encryption. Consider the following: In a 2016 Ponemon study, 35 percent of professionals indicated their work devices had no mandated measures in place to secure accessible corporate data. Worse yet, nearly half of those surveyed said they had no password, PIN, or biometric security guarding their devices — and about two-thirds said they didn’t use encryption. Sixty-eight percent of respondents indicated they sometimes shared passwords across personal and work accounts accessed via their mobile devices.