BYOD: bring your own danger

Issue 7 2020 Cyber Security

Mobile security is no longer optional, it is a necessity as almost 30% of companies worldwide suffered cyber-attacks focused on their mobile devices, and 60% of IT security professionals doubt that their companies can avoid a mobile security breach.

Over the last decade there has been a boom in the trend of using BYOD (Bring Your Own Device) devices in corporate environments. Despite the many advantages they offer, it is necessary to be aware of the dangers they generate for information security due to the low degree of protection of equipment such as smartphones, tablets, etc. Aware of this fact, Check Point Software Technologies identified five cyber threats that jeopardise the security of mobile devices and provides the keys to optimising their protection.

"There is no doubt that, in recent times, mobile devices (Android and iOS) have become an integral part of life both on a personal and professional level. Among their main characteristics are mobility and accessibility to information from anywhere," says Mario Garcia, general manager of Check Point for Spain and Portugal. "However, the proliferation of mobile devices, together with their low level of security, makes them one of the favourite targets of cybercriminals to put the security of corporate data at risk. Therefore, the conclusion is clear: protecting mobile devices is no longer optional, it is a necessity, regardless of the operating system they have."

Five cyber threats that put mobile devices at risk

1. Malicious apps: installing applications can lead to a multitude of risks such as data leaks, among others. Furthermore, the use of this type of software makes it easy for devices to become infected with mobile malware (one of the main trends in cyber threats for 2020) such as credential thieves, key loggers, remote access Trojans, etc. This type of computer virus also offers cyber criminals a simple and effective way to launch sophisticated, targeted Gen VI attacks. It is also important to note that another of the main dangers lies in the fact that users accept (without reading) the conditions of use and allow applications to access information stored on their device.

2. Vulnerabilities in devices: 27% of companies worldwide have suffered cyber-attacks which have compromised the security of mobile devices, according to the Check Point Security Report 2019. Therefore, vulnerabilities in components or the operating system itself (Android or iOS) pose a serious risk to data security. In addition to the security holes that can be found, weak security configurations on devices are also potential targets for cyber criminals, as they allow them to access all stored information and therefore put data security at risk.

3. Phishing: Phishing remains one of the threats with the highest success rate. In fact, according to a Verizon study, 90% of all cyber-attacks start with a phishing campaign. It is therefore not surprising that cyber criminals exploit the numerous messaging applications available on mobile devices to try to direct a user to a fake website. Phishing is generally spread via private and corporate email, SMS and messaging applications such as Slack, Facebook Messenger, WhatsApp, etc., allowing cyber criminals to access a wealth of information, and in some cases to make a profit.

4. Man-in-the-Middle (MitM) attacks: Mobile devices eliminate physical barriers and offer the possibility to connect and communicate from anywhere. Millions of messages containing sensitive information are exchanged every day, so cyber criminals take advantage of this to launch man-in-the-middle attacks, a method that allows them to intervene in data traffic between the device and the server. For example, a cyber-attack on an online banking service would allow the attacker to easily modify the details of a bank transfer.

5. Network-based attacks: It is essential to analyse the communications that mobile devices receive and send, as this can prevent a large number of attacks. This is because most variants of mobile malware need to establish a connection with the device's controlling server in order to be successful and produce data leaks. Therefore, detecting these malicious communication channels allows us to block communications and therefore prevent multiple types of attacks.

There is a false belief that the security of a mobile device is higher depending on the operating system. Although Android and iOS have their own protection tools, no operating system is impenetrable on its own, so both are susceptible to vulnerabilities and security breaches. Given this scenario, Check Point points out that mobile devices should be treated like any other point of connection to the corporate network in terms of security, risk management and threat visibility.

Therefore, in order to have the highest security standards, it is essential to comply with some policies such as device encryption, implement solutions such as remote data deletion, etc. Check Point, for its part, has SandBlast Mobile, a mobile threat defence solution that protects corporate devices from advanced mobile attacks. In addition, SandBlast Mobile protects employee devices from infected applications, Man-in-the-Middle attacks via Wi-Fi, operating system exploits, and malicious links in SMS messages. In other words, it provides mobile security by preventing, detecting and avoiding the most sophisticated cyber-attacks.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Prevention-first approach to cybersecurity
News Cyber Security
Check Point CEO, Gil Shwed, highlights the increasing importance of artificial intelligence in defending evolving networks and protecting against cyber threats at annual CPX 360 customer and partner event.

How much protection does cyber insurance really give businesses?
Cyber Security Security Services & Risk Management
If organisations don’t meet even the minimum requirements of security and data protection, insurance will do them little good. Instead, it needs to be just one part of the digital resiliency toolbox.

Introducing adaptive active adversary
Cyber Security Products
New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and improved frontline defences against advanced cyberthreats and streamline endpoint security management.

Eleven steps to an effective ransomware response checklist
Editor's Choice Cyber Security
Anyone is a viable target for ransomware attacks and should have a plan in place to deal with a worst-case scenario. Fortinet offers this ransomware attack response checklist to effectively deal with an active ransomware attack.

Blurring the lines between data management and cybersecurity
Cyber Security IT infrastructure
In the past, data management and cybersecurity would fall under separate domains, but with more organisations making the shift to the cloud, data management and data protection have merged, essentially blurring the lines between the two.

Recession? Do not skimp on cybersecurity
Cyber Security Security Services & Risk Management
While economists are studying their crystal balls, businesses have to prepare for the worst, and preparing for a recession means cutting costs and refocusing resources; however, they must ensure they do not end up creating an enormous risk.

Organisations are increasing modern data protection for cloud workloads
Cyber Security
The Veeam Cloud Protection Trends Report for 2023 identifies what is driving IT leaders to change strategies, roles and methods related to both production and protection of cloud-hosted workloads.

Cybersecurity in Africa: The challenges and solutions
Training & Education Cyber Security
Africa faces a significant challenge when it comes to the availability and distribution of cybersecurity talent and secure IT infrastructures. Facing this challenge will require supporting and nurturing the next generation of security graduates and professionals.

Zero Trust to dominate 2023
Cyber Security Access Control & Identity Management
Traditional ways of safeguarding data are no longer sufficient in 2023. Zero Trust has emerged as a more proactive way for businesses to keep their systems, data, and networks protected against compromise.

Cybersecurity in 2023
Technews Publishing Gallagher Cyber Security
What is on the cybersecurity menu in 2023? Hi-Tech Security Solutions offers two views from industry players on the risk environment and what to look out for in the cyber world in the coming year.