Cybersecurity Snapshots #9 - Organizations Need to Address Mobile Security

Cybersecurity Snapshots #9 -

Organizations Need to Address Mobile Security

Businesses continue to be threatened by data breaches, but data suggests that working remotely is changing how data breaches may occur. Based on research by Ponemon, companies have a nearly 28% chance of experiencing at least one data breach in the next two years. The Bring Your Own Device (BYOD) trend, where people use their personal devices for work activities, was on the rise in 2019. With the coronavirus, many more employees work remotely and mobile device access to business data is now the norm, not the exception. Companies are ignoring their most vulnerable endpoint, and it is not the laptop, it is the mobile devices that employees use to access company data.

Researchers at Verizon conducted a study in 2019 and found that most companies allow mobile devices to access some of their most business-critical information, though the amount of access varies from company to company. They also found that 4 in 10 companies suffered a data breach through a mobile device.

According to an IBM study, users are three times more likely to respond to a phishing attack on a mobile device than a desktop, in part because a phone is where people are most likely to see a message first. The latest research by Verizon also supports that conclusion. The researchers at Verizon add that the smaller screen sizes and corresponding limited display of detailed information on smartphones (particularly in notifications, which frequently now include one-tap options for opening links or responding to messages) can also increase the likelihood of phishing success. Verizon also found that 15% of users who are successfully phished will be phished at least one more time within the same year.

Researchers at security firm Wandera found that 83 percent of phishing attacks took place out of the inbox, in the form of text messages, apps like Facebook Messenger and WhatsApp, a variety of games, and social media services. Mobile devices provide many avenues for a user or employee to be tricked by a phishing scheme, which could lead to a data breach. Individuals are also more vulnerable to social engineering attacks on mobile devices. Social engineering attacks are when adversaries try to exploit human psychology and susceptibility to trick victims into uncovering sensitive data or convince them to break security measures that will allow the adversary to gain access to the victim's network.

Other research by Wandera found that corporate mobile devices use Wi-Fi, almost three times as much as they use cellular data. Nearly a quarter of corporate mobile devices have connected to open, and potentially insecure Wi-Fi networks, where devices may encounter a man-in-the-middle-attack. This attack is where an adversary maliciously intercepts communication between two parties. Employees using corporate mobile devices should be warned not to connect to public Wi-Fi networks, and if they have too, they should use an enterprise-class VPN to help prevent a man-in-the-middle-attack. Employees should be made aware of the risks of mobile malware which is one of the fastest-growing threat categories of threats in cybersecurity, including iPhones.

Organizations should put into place mobile device management (MDM). Mobile device management refers to any tool or software designed to help IT administrators control and secure mobile devices like smartphones and tablets. The two critical elements of mobile device management are an MDM server that resides in a data center and an MDM agent that resides on a mobile device. When an IT admin needs to configure a mobile device on a company network, the admin inputs the new policy on the MDM server's management console. Mobile device management protects company data through device-level policies provided by the device manufacturer or platform provider. It also allows the administrator to control what apps can be downloaded on an employee's work cellphone, what corporate services can be accessed from the phone, and enable remote wiping if the device is lost or stolen. Organizations should also deploy network-layer threat detection on employee work phones. With intrusion detection, prevention (IDS/IPS), and anomaly detection, regardless of whether the threat comes through email, SMS, or app, device-level network-traffic monitoring would detect the abnormal traffic and flag it for remediation.

Since more employees are accessing critical business data with mobile phones, it is important that organizations put proper policies in place to keep their information as secure as possible. Organizations need to address mobile security, to help decrease the chance of a data breach from occurring through a mobile device.