Cyberattacks on mobile devices are on the rise and
organisations still aren’t taking the necessary steps to alleviate the problem.
9% of organizations suffered a mobile malware attack in 2022 (Check Point 2023 Cyber Security
Report). The UK witnessed a 17% rise in the last year alone, with a 25% increase in fraud
victims over two years. According to the Mobile Security Index 2019, only 12% of respondents had
baseline protections such as encryption, “need-to-know” access, two-factor authentication, and
no default passwords. A shocking statistic reveals that one in every 20 fraud attacks can be
traced back to a rogue mobile application. The motivation behind most attacks is financial
according to Verizon’s Data Breach Investigations Report. This calls for organizations to
prioritize mobile security to mitigate potential risks.
Despite the escalating threats, organizations often overlook the significance of securing mobile devices. The consequences of a security breach are severe, ranging from reputational damage to financial loss and downtime. Industries such as healthcare, hospitality, public sector, retail, and finance are particularly vulnerable. In 2018, the average cost of a data breach in the United States was $3.86 million, emphasizing the urgency for robust mobile security. Despite these alarming statistics, organizations are lagging in implementing essential security measures.
Threats related to mobile security in organisations.
The Mobile Security Index 2019 categorizes threats into four layers:
1. User behavior
2. App-based
3. Device-based and
4. Network-based,
providing numerous opportunities for cybercriminals to breach organizations. Practises such as
Bring your Own Device (BYOD) introduces new cybersecurity risks to organizations. Existing
solutions that are designed to secure corporate devices do not provide an effective
cybersecurity solution for BYOD. Finding an effective solution can be challenging due to the
unique risks that BYOD deployments impose.
Threats arising from user behavior pose a significant risk to mobile security as individuals often engage in unsafe practices, like clicking on suspicious links or downloading unverified apps. Neglecting software updates and falling for social engineering tactics further expose devices to vulnerabilities. Insecure Wi-Fi connections and lax use of security features amplify the risk. Mobile security solutions must adapt to address evolving user behavior threats and provide robust defense in the dynamic mobile threat landscape.
App-based security threats include a range of risks targeting mobile applications, including malware and spyware disguising themselves as legitimate apps, unauthorized access to sensitive data, phishing attacks through fraudulent app mimics, insecure data storage, fake or rogue apps designed for malicious purposes, vulnerabilities in outdated software, man-in-the-middle attacks intercepting communication, and unsecured APIs exposing sensitive data. Mitigation involves users downloading apps from trusted sources, keeping software updated, and being cautious with permissions. Developers play a vital role in app security by implementing robust coding practices, conducting security assessments, and promptly addressing identified vulnerabilities.
Device-based threats involve risks and vulnerabilities that directly target the hardware and operating system of mobile devices. These threats can include malicious software that exploits weaknesses in the device’s firmware or operating system, potentially leading to unauthorized access, data breaches, or the installation of harmful applications. Other device-based threats may exploit hardware vulnerabilities, such as weaknesses in device encryption or insecure biometric authentication methods. Additionally, physical attacks on mobile devices, like theft or tampering, can pose significant risks if not properly mitigated.
Network-based threats involve risks stemming from vulnerabilities in the communication channels between mobile devices and the broader network. These threats include Man-in-the-Middle (MitM) attacks, where malicious actors intercept and potentially manipulate data exchanged between the device and the network. Unsecured Wi-Fi networks can expose devices to eavesdropping and unauthorized access. DNS spoofing and phishing attacks targeting network protocols can redirect users to malicious websites. Furthermore, attackers can exploit weaknesses in cellular networks to launch attacks or intercept communications.
Implementing a comprehensive mobile security program is
crucial.
The Verizon Mobile Security Index 2019 reported an increase in incidents involving mobile
devices, emphasizing the need for heightened security measures. Cybercriminals are adapting
their techniques, exploiting vulnerabilities in mobile security, and utilizing encryption to
conceal their actions. To address this gap, organizations must adopt a proactive approach to
mobile security. Implementing a comprehensive mobile security program is crucial, considering
the potential risks associated with data breaches.
Published on Medium