BYOD: bring your own danger

Issue 7 2020 Cyber Security

Mobile security is no longer optional, it is a necessity as almost 30% of companies worldwide suffered cyber-attacks focused on their mobile devices, and 60% of IT security professionals doubt that their companies can avoid a mobile security breach.

Over the last decade there has been a boom in the trend of using BYOD (Bring Your Own Device) devices in corporate environments. Despite the many advantages they offer, it is necessary to be aware of the dangers they generate for information security due to the low degree of protection of equipment such as smartphones, tablets, etc. Aware of this fact, Check Point Software Technologies identified five cyber threats that jeopardise the security of mobile devices and provides the keys to optimising their protection.

"There is no doubt that, in recent times, mobile devices (Android and iOS) have become an integral part of life both on a personal and professional level. Among their main characteristics are mobility and accessibility to information from anywhere," says Mario Garcia, general manager of Check Point for Spain and Portugal. "However, the proliferation of mobile devices, together with their low level of security, makes them one of the favourite targets of cybercriminals to put the security of corporate data at risk. Therefore, the conclusion is clear: protecting mobile devices is no longer optional, it is a necessity, regardless of the operating system they have."

Five cyber threats that put mobile devices at risk

1. Malicious apps: installing applications can lead to a multitude of risks such as data leaks, among others. Furthermore, the use of this type of software makes it easy for devices to become infected with mobile malware (one of the main trends in cyber threats for 2020) such as credential thieves, key loggers, remote access Trojans, etc. This type of computer virus also offers cyber criminals a simple and effective way to launch sophisticated, targeted Gen VI attacks. It is also important to note that another of the main dangers lies in the fact that users accept (without reading) the conditions of use and allow applications to access information stored on their device.

2. Vulnerabilities in devices: 27% of companies worldwide have suffered cyber-attacks which have compromised the security of mobile devices, according to the Check Point Security Report 2019. Therefore, vulnerabilities in components or the operating system itself (Android or iOS) pose a serious risk to data security. In addition to the security holes that can be found, weak security configurations on devices are also potential targets for cyber criminals, as they allow them to access all stored information and therefore put data security at risk.

3. Phishing: Phishing remains one of the threats with the highest success rate. In fact, according to a Verizon study, 90% of all cyber-attacks start with a phishing campaign. It is therefore not surprising that cyber criminals exploit the numerous messaging applications available on mobile devices to try to direct a user to a fake website. Phishing is generally spread via private and corporate email, SMS and messaging applications such as Slack, Facebook Messenger, WhatsApp, etc., allowing cyber criminals to access a wealth of information, and in some cases to make a profit.

4. Man-in-the-Middle (MitM) attacks: Mobile devices eliminate physical barriers and offer the possibility to connect and communicate from anywhere. Millions of messages containing sensitive information are exchanged every day, so cyber criminals take advantage of this to launch man-in-the-middle attacks, a method that allows them to intervene in data traffic between the device and the server. For example, a cyber-attack on an online banking service would allow the attacker to easily modify the details of a bank transfer.

5. Network-based attacks: It is essential to analyse the communications that mobile devices receive and send, as this can prevent a large number of attacks. This is because most variants of mobile malware need to establish a connection with the device's controlling server in order to be successful and produce data leaks. Therefore, detecting these malicious communication channels allows us to block communications and therefore prevent multiple types of attacks.

There is a false belief that the security of a mobile device is higher depending on the operating system. Although Android and iOS have their own protection tools, no operating system is impenetrable on its own, so both are susceptible to vulnerabilities and security breaches. Given this scenario, Check Point points out that mobile devices should be treated like any other point of connection to the corporate network in terms of security, risk management and threat visibility.

Therefore, in order to have the highest security standards, it is essential to comply with some policies such as device encryption, implement solutions such as remote data deletion, etc. Check Point, for its part, has SandBlast Mobile, a mobile threat defence solution that protects corporate devices from advanced mobile attacks. In addition, SandBlast Mobile protects employee devices from infected applications, Man-in-the-Middle attacks via Wi-Fi, operating system exploits, and malicious links in SMS messages. In other words, it provides mobile security by preventing, detecting and avoiding the most sophisticated cyber-attacks.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Trying to catch the big phish
J2 Software Cyber Security
Rather than focus on techniques, John Mc Loughlin, CEO of J2 discusses how phishing applications have changed to match new security standards.

Read more...
Corporations protected, but not secure
News Cyber Security Security Services & Risk Management
Nearly three quarters of South Africa’s top 100 corporates are investing more in cybersecurity than the industry average, but an almost equal proportion don’t feel fully protected by their current cybersecurity strategy.

Read more...
People and processes for banking security
Vox Cyber Security Security Services & Risk Management
South Africa is the third most-targeted country worldwide when it comes to cybercrime and it is no different with the local banking sector, which needs to ensure its systems and people are ready.

Read more...
Dashboard for streamlined ransomware recovery
Cyber Security
The new CyberSense interface provides intuitive post-attack forensic reports that provide powerful insight into data corruption due to a ransomware attack, facilitating ransomware recovery.

Read more...
You have a ‘super malicious insider’
J2 Software Cyber Security
There’s a super malicious insider who is technically proficient and often acutely aware of an organisation’s technical limitations in proactively detecting insider threats.

Read more...
Secret monthly fee
Kaspersky Cyber Security
Kaspersky researchers have observed fraudsters actively spreading Trojans, which secretly subscribe users to paid services, disguised as various mobile apps, including popular games, healthcare apps and photo editors.

Read more...
Keep cloud-based security simple
Cyber Security
SA businesses have more mobile workforces now, which means a greater need for cloud security that follows data and users wherever they are amidst increase in cyberattacks.

Read more...
How crypto cons work and how to protect yourself
Cyber Security
The digital gold rush is here. As more people attempt to make money from cryptocurrencies, criminals and con artists aren’t far behind, says Carey van Vlaanderen, CEO of ESET South Africa.

Read more...
Ongoing cybersecurity with a click
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Maintain your cybersecurity posture with web services from Pretect designed to keep your IT infrastructure optimally protected 24 x 7.

Read more...
The battle of AI and ML in the cybersecurity world
Cyber Security Products
The security industry is using ML/AI in various applications such as tackling huge volumes of malware, detecting spam and business email compromises, analysing network traffic, using facial recognition and more.

Read more...