BYOD: bring your own danger

Issue 7 2020 Information Security

Mobile security is no longer optional, it is a necessity as almost 30% of companies worldwide suffered cyber-attacks focused on their mobile devices, and 60% of IT security professionals doubt that their companies can avoid a mobile security breach.

Over the last decade there has been a boom in the trend of using BYOD (Bring Your Own Device) devices in corporate environments. Despite the many advantages they offer, it is necessary to be aware of the dangers they generate for information security due to the low degree of protection of equipment such as smartphones, tablets, etc. Aware of this fact, Check Point Software Technologies identified five cyber threats that jeopardise the security of mobile devices and provides the keys to optimising their protection.

"There is no doubt that, in recent times, mobile devices (Android and iOS) have become an integral part of life both on a personal and professional level. Among their main characteristics are mobility and accessibility to information from anywhere," says Mario Garcia, general manager of Check Point for Spain and Portugal. "However, the proliferation of mobile devices, together with their low level of security, makes them one of the favourite targets of cybercriminals to put the security of corporate data at risk. Therefore, the conclusion is clear: protecting mobile devices is no longer optional, it is a necessity, regardless of the operating system they have."

Five cyber threats that put mobile devices at risk

1. Malicious apps: installing applications can lead to a multitude of risks such as data leaks, among others. Furthermore, the use of this type of software makes it easy for devices to become infected with mobile malware (one of the main trends in cyber threats for 2020) such as credential thieves, key loggers, remote access Trojans, etc. This type of computer virus also offers cyber criminals a simple and effective way to launch sophisticated, targeted Gen VI attacks. It is also important to note that another of the main dangers lies in the fact that users accept (without reading) the conditions of use and allow applications to access information stored on their device.

2. Vulnerabilities in devices: 27% of companies worldwide have suffered cyber-attacks which have compromised the security of mobile devices, according to the Check Point Security Report 2019. Therefore, vulnerabilities in components or the operating system itself (Android or iOS) pose a serious risk to data security. In addition to the security holes that can be found, weak security configurations on devices are also potential targets for cyber criminals, as they allow them to access all stored information and therefore put data security at risk.

3. Phishing: Phishing remains one of the threats with the highest success rate. In fact, according to a Verizon study, 90% of all cyber-attacks start with a phishing campaign. It is therefore not surprising that cyber criminals exploit the numerous messaging applications available on mobile devices to try to direct a user to a fake website. Phishing is generally spread via private and corporate email, SMS and messaging applications such as Slack, Facebook Messenger, WhatsApp, etc., allowing cyber criminals to access a wealth of information, and in some cases to make a profit.

4. Man-in-the-Middle (MitM) attacks: Mobile devices eliminate physical barriers and offer the possibility to connect and communicate from anywhere. Millions of messages containing sensitive information are exchanged every day, so cyber criminals take advantage of this to launch man-in-the-middle attacks, a method that allows them to intervene in data traffic between the device and the server. For example, a cyber-attack on an online banking service would allow the attacker to easily modify the details of a bank transfer.

5. Network-based attacks: It is essential to analyse the communications that mobile devices receive and send, as this can prevent a large number of attacks. This is because most variants of mobile malware need to establish a connection with the device's controlling server in order to be successful and produce data leaks. Therefore, detecting these malicious communication channels allows us to block communications and therefore prevent multiple types of attacks.

There is a false belief that the security of a mobile device is higher depending on the operating system. Although Android and iOS have their own protection tools, no operating system is impenetrable on its own, so both are susceptible to vulnerabilities and security breaches. Given this scenario, Check Point points out that mobile devices should be treated like any other point of connection to the corporate network in terms of security, risk management and threat visibility.

Therefore, in order to have the highest security standards, it is essential to comply with some policies such as device encryption, implement solutions such as remote data deletion, etc. Check Point, for its part, has SandBlast Mobile, a mobile threat defence solution that protects corporate devices from advanced mobile attacks. In addition, SandBlast Mobile protects employee devices from infected applications, Man-in-the-Middle attacks via Wi-Fi, operating system exploits, and malicious links in SMS messages. In other words, it provides mobile security by preventing, detecting and avoiding the most sophisticated cyber-attacks.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Identity is a cyber issue
Access Control & Identity Management Information Security
Identity and access management telemetry has emerged as the most common source of early threat detection, responsible for seven of the top 10 indicators of compromise leading to security investigations.

Read more...
Identity and authentication
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security Security Services & Risk Management
Identity authentication is a crucial aspect of both physical security and cybersecurity. SMART Security Solutions obtained insights into the topic and the latest developments from three companies.

Read more...
From QR code to compromise
Information Security News & Events
A new attack vector involves threat actors using fraudulent QR codes emailed in PDF attachments to bypass companies' phishing security measures by requiring users to scan the code with their mobile phones.

Read more...
Organisations fear AI-driven cyberattacks, but lack key defences
Kaspersky Information Security News & Events Training & Education
A recent Kaspersky study reveals that businesses are increasingly worried about the growing use of artificial intelligence in cyberattacks, with 56% of surveyed companies in South Africa reporting a rise in cyber incidents over the past year.

Read more...
Vodacom Business unveils new cybersecurity report
Information Security IoT & Automation
Cybersecurity as an Imperative for Growth offers insights into the state of cybersecurity in South Africa, the importance of security frameworks in digital resilience and the latest attack methods adopted by cyberattackers.

Read more...
Smart surveillance and cyber resilience
Axis Communications SA Surveillance Information Security Government and Parastatal (Industry) Facilities & Building Management
South Africa’s critical infrastructure sector has to step up its game regarding cybersecurity and the evolving risk landscape. The sector has become a prime target for cybercriminals on top of physical threat actors, and the consequences of an incident can be far-reaching.

Read more...
NIS2 compliance amplifies skills shortages and resource strain
Information Security Security Services & Risk Management
A new Censuswide survey, commissioned by Veeam Software reveals the significant impact on businesses as they adapt to this key cybersecurity directive, with 95% of EMEA businesses siphoning other budgets to try and meet compliance deadline.

Read more...
Cybersecurity needs 4,7 million professionals
Information Security
Despite all the efforts organisations worldwide put into preventing cyberattacks, global cybercrime has snowballed to $9,2 trillion in 2024 and is expected to grow by another 70% to $15,6 trillion by the end of a decade.

Read more...
Autonomous healing systems are the future
Infrastructure Information Security AI & Data Analytics
Autonomous healing software, an emerging technology, is gaining traction for its potential to transform how organisations manage software maintenance, security, and system performance.

Read more...