Mobile security is no longer optional, it is a necessity as almost 30% of companies worldwide suffered cyber-attacks focused on their mobile devices, and 60% of IT security professionals doubt that their companies can avoid a mobile security breach.
Over the last decade there has been a boom in the trend of using BYOD (Bring Your Own Device) devices in corporate environments. Despite the many advantages they offer, it is necessary to be aware of the dangers they generate for information security due to the low degree of protection of equipment such as smartphones, tablets, etc. Aware of this fact, Check Point Software Technologies identified five cyber threats that jeopardise the security of mobile devices and provides the keys to optimising their protection.
"There is no doubt that, in recent times, mobile devices (Android and iOS) have become an integral part of life both on a personal and professional level. Among their main characteristics are mobility and accessibility to information from anywhere," says Mario Garcia, general manager of Check Point for Spain and Portugal. "However, the proliferation of mobile devices, together with their low level of security, makes them one of the favourite targets of cybercriminals to put the security of corporate data at risk. Therefore, the conclusion is clear: protecting mobile devices is no longer optional, it is a necessity, regardless of the operating system they have."
Five cyber threats that put mobile devices at risk
1. Malicious apps: installing applications can lead to a multitude of risks such as data leaks, among others. Furthermore, the use of this type of software makes it easy for devices to become infected with mobile malware (one of the main trends in cyber threats for 2020) such as credential thieves, key loggers, remote access Trojans, etc. This type of computer virus also offers cyber criminals a simple and effective way to launch sophisticated, targeted Gen VI attacks. It is also important to note that another of the main dangers lies in the fact that users accept (without reading) the conditions of use and allow applications to access information stored on their device.
2. Vulnerabilities in devices: 27% of companies worldwide have suffered cyber-attacks which have compromised the security of mobile devices, according to the Check Point Security Report 2019. Therefore, vulnerabilities in components or the operating system itself (Android or iOS) pose a serious risk to data security. In addition to the security holes that can be found, weak security configurations on devices are also potential targets for cyber criminals, as they allow them to access all stored information and therefore put data security at risk.
3. Phishing: Phishing remains one of the threats with the highest success rate. In fact, according to a Verizon study, 90% of all cyber-attacks start with a phishing campaign. It is therefore not surprising that cyber criminals exploit the numerous messaging applications available on mobile devices to try to direct a user to a fake website. Phishing is generally spread via private and corporate email, SMS and messaging applications such as Slack, Facebook Messenger, WhatsApp, etc., allowing cyber criminals to access a wealth of information, and in some cases to make a profit.
4. Man-in-the-Middle (MitM) attacks: Mobile devices eliminate physical barriers and offer the possibility to connect and communicate from anywhere. Millions of messages containing sensitive information are exchanged every day, so cyber criminals take advantage of this to launch man-in-the-middle attacks, a method that allows them to intervene in data traffic between the device and the server. For example, a cyber-attack on an online banking service would allow the attacker to easily modify the details of a bank transfer.
5. Network-based attacks: It is essential to analyse the communications that mobile devices receive and send, as this can prevent a large number of attacks. This is because most variants of mobile malware need to establish a connection with the device's controlling server in order to be successful and produce data leaks. Therefore, detecting these malicious communication channels allows us to block communications and therefore prevent multiple types of attacks.
There is a false belief that the security of a mobile device is higher depending on the operating system. Although Android and iOS have their own protection tools, no operating system is impenetrable on its own, so both are susceptible to vulnerabilities and security breaches. Given this scenario, Check Point points out that mobile devices should be treated like any other point of connection to the corporate network in terms of security, risk management and threat visibility.
Therefore, in order to have the highest security standards, it is essential to comply with some policies such as device encryption, implement solutions such as remote data deletion, etc. Check Point, for its part, has SandBlast Mobile, a mobile threat defence solution that protects corporate devices from advanced mobile attacks. In addition, SandBlast Mobile protects employee devices from infected applications, Man-in-the-Middle attacks via Wi-Fi, operating system exploits, and malicious links in SMS messages. In other words, it provides mobile security by preventing, detecting and avoiding the most sophisticated cyber-attacks.
© Technews Publishing (Pty) Ltd | All Rights Reserved