Mobile has become a critical component of enterprise operations, with the Internet and ubiquity of devices being used anytime, anywhere. And, just like your employee’s PCs are susceptible to viruses and spyware, so are their mobile devices. In fact, the average large enterprise has over 2,000 unsafe mobile apps installed on employee devices, while 74 percent of IT leaders report that their organization have experience a data breach as a result of a mobile security issue.
These mobile threats are lucrative for hackers due to the volume of corporate and personal data that devices hold. Furthermore, they can leverage mobile devices as an entry point to move laterally across company networks. This has not gone unnoticed by IT security professionals, who say mobile devices are the hardest enterprise asset to defend. However, at the same time, according to a recent Verizon report, 32 percent of mobility professionals said their organization sacrifices mobile security to improve business performance.
Let’s look at some of the mobile threats targeting your employee’s devices and putting your data security at risk – and why it’s critical to take action as we move into a new year.
Phishing Goes Mobile
One of the most tried-and-true scams that cybercriminals use is even more problematic on mobile. With a phishing attempt via email, SMS messaging, or embedded in a fake ad, all it takes is one wrong tap for a smartphone to become compromised. According to security technology company, Lookout, the rate at which people fall for phishing URLs on mobile has increased 85 percent every year since 2011.
After a device is compromised in a phishing scheme, there are generally two ways that a hacker can cause damage. First, they can infiltrate your corporate system by scamming the victim to enter work credentials. Once the sensitive information is entered, monitoring software is then downloaded onto the device and the fraudster can then track and harvest all of the victim’s activity. Once inside, the hacker can move about within your infrastructure and capture sensitive corporate and personal data.
Hackers often take advantage of people’s curiosity to try new mobile apps by creating Trojan or “spoof” apps that trick users into downloading malware onto their smartphone.
IT security company, ESET, analyzed a set of 29 mobile banking Trojan apps found in the Google Play store between August and October 2018. These apps infiltrate phone systems and impersonate the victim’s banking apps, luring individuals to enter precious login information linked to their financial accounts. Before Android was able to identify and remove these malicious apps from the app store, 30,000 users had already installed them.
Man-in-the-Middle (MITM) Attacks
Hackers use MITM attacks as a way to intercept data being transmitted between senders and receivers. These schemes often take place in areas where there is public Wi-Fi, since people are using their mobile devices for work and transmit data across unsecured networks. The fraudster will set up a fake wireless connection that looks legitimate to fool users into joining their free hotspot.
Once a shared internet connection is established, hackers can monitor all activity and intercept the data being sent from person to person or network to network. This is why you should never perform any transactions that require signing into accounts or sending money while connected to a public Wi-Fi network – you never know who could be watching.
WEBINAR | Mobile Threat Defense for Enterprises
As hard as it is to defend against mobile threats, it can be almost impossible for IT and Information Security teams to enforce mobile security policies. Employees are bringing their own devices to work, telecommuting, browsing social media, downloading apps, and sending work-related communications while on-the-go. This lack of control has left organizations vulnerable to cyberattacks more than ever.
Watch EZShield’s on-demand, free webinar to learn:
- The state of today’s data breach & cyber threat environments and what you & your organization should be aware of
- Steps for defending against some of the latest threats to mobile device & app security
- An exclusive view into Mobile Defense Suite™ for both consumers & enterprises