Written by Graeme Gussin, Account Manager at Conosco
Mobile security is top of many organisations’ priority lists. This is not surprising given that 60% of mobile devices are now being used to access corporate data.
The shift to long-term remote working in 2020 meant that many business models and security strategies were turned on their head. Organisations that had solutions in place to protect on-premise infrastructure and desktop devices suddenly faced new challenges. How to give employees secure access to business-critical information from anywhere? And how to protect IT assets and mobile endpoints?
Almost a year later and with remote working here to stay, we explore 5 mobile security threats that are on the rise in 2021.
What are Mobile Security Threats?
Malicious actors are always looking for ways to breach an unsuspecting organisation’s defences. A mobile security threat is an attack on a user’s mobile device (such as a smartphone or iPad) with the intention of stealing sensitive data or compromising systems.
There are a variety of mobile security threats including:
- Malicious Apps: When downloading apps always use official App stores and check before granting any data permissions. Attackers are using malicious apps and exploiting users by stealing data and leaking it to third parties.
- Phishing: Phishing attacks commonly take place on the web usually via email or text. They are often disguised as coming from a trustworthy source but by clicking on an attachment or link, hackers can gain access to your mobile device.
- Vulnerable Networks: Unsecured networks, such as free public Wifi, are a target for attackers. In some cases, they will spoof a network creating a fake Wifi that asks users to enter login details. Once the victim has handed over their username and password hackers can then use that information to compromise other accounts.
- Lost or stolen devices: If a device falls into the wrong hands you could be leaving your business vulnerable to a data breach. Putting measures in place such as biometric authentication or encrypting apps can go some way to helping you keep devices protected but more advanced business solutions are vital.
Once an attacker has access to your systems they can wreak havoc across your organisation, stealing user login credentials and spoofing identities. What begins as a single breach on one device can rapidly spread across the organisation. Any loss of information or data leaks will have serious financial, reputational and operational consequences for your business.
5 Mobile Security Threats in 2021
As technology becomes more advanced, cyber-attacks have become more sophisticated. With remote working considered the ‘new normal’ businesses must balance accessibility, ensuring employees have all the services and information they need, with security, implementing controls and policies to stop an employee from accidentally compromising the business. According to a study by IBM and Ponemon having a solely remote workforce can increase the cost of a data breach by as much as $137,000.
With this in mind, here are 5 mobile security threats that businesses face in 2021.
1) Phishing emails continue to rise
According to a study by IBM, users are three times more likely to respond to a phishing attack on a mobile device. Why? Because people are often far less cautious than they would be on their work desktop. What’s more, the smaller screens and the prominent position of action-oriented buttons make it harder for users to spot the tell-tale signs of a malicious attacker.
The use of Phishing emails has been rising year on year and will continue to be the primary culprit of data breaches in 2021 with one study showing that 91% of cyber-attacks are due to phishing emails.
2) BYOD: Blurring the corporate and personal network edge
Although businesses were sceptical, many have now seen first-hand the multiple benefits of remote working. One of those benefits is cost savings made on infrastructure, with businesses promoting a Bring Your Own Device (BYOD) strategy.
A recent study showed that 87% of companies allow employees to access mobile business apps from personal devices, with 34% reporting an increase in productivity. However, as the boundaries between work and home life become blurred, cyber security perimeters must be reinforced. Businesses that fail to put formal BYOD policies in place and restrict usage are at a higher risk of data leakage.
3) 5G and the acceleration of data theft
The UK 5G network facilitates the use of connected mobile devices offering faster download speeds and lower latency. 5G is expected to revolutionise the way we work, with many new smartphone models already connected to the network.
5G requires a new approach to cyber security. Thanks to the increased bandwidth, malware and other malicious programs will be able to steal a wealth of data in a shorter period of time. With new 5G cell towers being erected around the UK, we’ll see an upsurge of mobile data leakage.
Furthermore, 5G and the inception of the Internet of Things (IoT) could see a rise in spying attempts through microphones, cameras and other apps. 82% of IT professionals predict that unsecured IoT devices would cause a catastrophic data breach within their organisation.
4) Accidental Data Leakage
One of the biggest threats to mobile security in 2021 is data leakage. This most commonly occurs as a result of employees downloading apps and granting access permissions without fully understanding what the app will do with the information.
It can also happen as a result of human error. For example the use of unsecured cloud services to store confidential information or simply by sending emails to the wrong recipient.
5) APIs increasing fraudulent activity
Businesses are using Application Programming Interfaces (API) to connect applications with third-party platforms. An example of this is Facebook; they allow mobile app developers limited access to a Facebook user’s profile information, whilst also allowing users to log in to third-party apps using their Facebook credentials as verification.
The banking industry is another example where API is being used to share client data with third-party applications. Although this will make life easier, this technology comes with its fair share of risk. Regulatory bodies are calling for businesses that use API to be more stringent about the third parties they work with and put controls in place to ensure access to customer data is compliant, reducing the risk of fraudulent activity.
How can businesses protect mobile devices?
With the continuing rise in cyber attacks on mobile devices, a tougher approach is needed. Creating a security-focussed IT strategy is the first step.
Whether you use a business mobile device or your personal smartphone, 35% of surveyed professionals indicated they had no mandated measures in place to secure accessible corporate data.
What security measures can your business take to protect against mobile security threats?
Basic Cyber Security – Never underestimate the power of instilling strong basic cyber security practice into your business. From using secure passwords to enabling two-factor authentication, and from using secure VPN connections to spotting phishing emails, all employees should receive regular security training.
Mobile Security and Compliance Policies – With the majority of your workforce accessing information from home having a well-documented mobile policy will set business expectations and hold employees accountable for their actions.
Mobile Device Management (MDM) – Any business that operates a remote workforce should have an MDM solution. It allows administrators to control, secure and enforce policies across a range of mobile devices. Should an employee lose their device MDM allows businesses to wipe the device preventing access to sensitive information and protecting corporate networks.
Mobile Endpoint Detection and Response (EDR) – To prevent a breach organisations must constantly monitor their environment and be able to detect incidences quickly. EDR enables organisations to monitor all endpoint and network events and respond to advanced threats.
Zero Trust Security – This approach to IT security requires every person who wants to access corporate networks and resources to undergo strict identity verification. This can be extremely effective in stopping hackers that have successfully breached one device, from accessing other areas of your infrastructure.
Regular Vulnerability Testing – Regardless of your size or industry, vulnerability assessments should be carried out regularly. They will enable your organisation to identify any weaknesses in your defences and ensure you are mitigating new threats as they arise.
Mobile security threats are ever-present in today’s society. With businesses producing more data than ever and with innovative technology allowing us to access information from anywhere, organisations must put security measures in place to protect their mobile estate.