BYOD: bring your own danger

Issue 7 2020 Cyber Security

Mobile security is no longer optional, it is a necessity as almost 30% of companies worldwide suffered cyber-attacks focused on their mobile devices, and 60% of IT security professionals doubt that their companies can avoid a mobile security breach.

Over the last decade there has been a boom in the trend of using BYOD (Bring Your Own Device) devices in corporate environments. Despite the many advantages they offer, it is necessary to be aware of the dangers they generate for information security due to the low degree of protection of equipment such as smartphones, tablets, etc. Aware of this fact, Check Point Software Technologies identified five cyber threats that jeopardise the security of mobile devices and provides the keys to optimising their protection.

"There is no doubt that, in recent times, mobile devices (Android and iOS) have become an integral part of life both on a personal and professional level. Among their main characteristics are mobility and accessibility to information from anywhere," says Mario Garcia, general manager of Check Point for Spain and Portugal. "However, the proliferation of mobile devices, together with their low level of security, makes them one of the favourite targets of cybercriminals to put the security of corporate data at risk. Therefore, the conclusion is clear: protecting mobile devices is no longer optional, it is a necessity, regardless of the operating system they have."

Five cyber threats that put mobile devices at risk

1. Malicious apps: installing applications can lead to a multitude of risks such as data leaks, among others. Furthermore, the use of this type of software makes it easy for devices to become infected with mobile malware (one of the main trends in cyber threats for 2020) such as credential thieves, key loggers, remote access Trojans, etc. This type of computer virus also offers cyber criminals a simple and effective way to launch sophisticated, targeted Gen VI attacks. It is also important to note that another of the main dangers lies in the fact that users accept (without reading) the conditions of use and allow applications to access information stored on their device.

2. Vulnerabilities in devices: 27% of companies worldwide have suffered cyber-attacks which have compromised the security of mobile devices, according to the Check Point Security Report 2019. Therefore, vulnerabilities in components or the operating system itself (Android or iOS) pose a serious risk to data security. In addition to the security holes that can be found, weak security configurations on devices are also potential targets for cyber criminals, as they allow them to access all stored information and therefore put data security at risk.

3. Phishing: Phishing remains one of the threats with the highest success rate. In fact, according to a Verizon study, 90% of all cyber-attacks start with a phishing campaign. It is therefore not surprising that cyber criminals exploit the numerous messaging applications available on mobile devices to try to direct a user to a fake website. Phishing is generally spread via private and corporate email, SMS and messaging applications such as Slack, Facebook Messenger, WhatsApp, etc., allowing cyber criminals to access a wealth of information, and in some cases to make a profit.

4. Man-in-the-Middle (MitM) attacks: Mobile devices eliminate physical barriers and offer the possibility to connect and communicate from anywhere. Millions of messages containing sensitive information are exchanged every day, so cyber criminals take advantage of this to launch man-in-the-middle attacks, a method that allows them to intervene in data traffic between the device and the server. For example, a cyber-attack on an online banking service would allow the attacker to easily modify the details of a bank transfer.

5. Network-based attacks: It is essential to analyse the communications that mobile devices receive and send, as this can prevent a large number of attacks. This is because most variants of mobile malware need to establish a connection with the device's controlling server in order to be successful and produce data leaks. Therefore, detecting these malicious communication channels allows us to block communications and therefore prevent multiple types of attacks.

There is a false belief that the security of a mobile device is higher depending on the operating system. Although Android and iOS have their own protection tools, no operating system is impenetrable on its own, so both are susceptible to vulnerabilities and security breaches. Given this scenario, Check Point points out that mobile devices should be treated like any other point of connection to the corporate network in terms of security, risk management and threat visibility.

Therefore, in order to have the highest security standards, it is essential to comply with some policies such as device encryption, implement solutions such as remote data deletion, etc. Check Point, for its part, has SandBlast Mobile, a mobile threat defence solution that protects corporate devices from advanced mobile attacks. In addition, SandBlast Mobile protects employee devices from infected applications, Man-in-the-Middle attacks via Wi-Fi, operating system exploits, and malicious links in SMS messages. In other words, it provides mobile security by preventing, detecting and avoiding the most sophisticated cyber-attacks.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Understanding the evolving cybersecurity landscape
Issue 5 2021, Vox , Cyber Security
Given the global disruption that took place last year, it is hardly surprising that malware increased by 358% and ransomware by 435% as compared to 2019.

Protecting business from ransomware at the edge
Issue 4 2021 , Cyber Security
It might not always be possible to prevent ransomware from infecting remote networks, however, a robust backup and disaster recovery strategy can get the business back on track if systems are locked down.

How safe are our factories?
Issue 5 2021, Wolfpack Information Risk , Industrial (Industry), Cyber Security
In this, the first part of a series on cybersecurity for operational technology, Bryan Baxter asks how safe our factories are from cyber threats.

Managing a breach or ‘dirty’ network
Issue 5 2021 , Editor's Choice, Cyber Security
Nasser Bostan, head of security sales, Middle East and Africa, BT, shares BT’s insights gleaned from the SolarWinds incident and offers recommendations for organisations to step up their cybersecurity strategies.

Protecting your workforce
Issue 5 2021, J2 Software , Cyber Security
With Workforce Cyber Intelligence, organisations can reduce legal liability by identifying the personal online activities that put the enterprise at risk, while still protecting employee privacy.

Can businesses really protect their customers?
Issue 5 2021 , Cyber Security
Cyber-criminals use many methods to extract data from businesses or individuals, but spam remains one of the key means of parting consumers from their cash.

USBs threats are back
Issue 4 2021 , Cyber Security
Kaspersky has uncovered a rare, wide-scale advanced persistent threat (APT) campaign; initial infection occurs via spear-phishing emails containing a malicious Word document and can then spread to other hosts through removable USB drives.

Incedo consolidates its cybersecurity defence
Issue 4 2021 , Cyber Security
Check Point Software´s end-to-end solution safeguards Incedo and its customers from a global spike in cyberattacks, while reducing costs and increasing productivity.

Top 10 security misperceptions
Issue 4 2021 , Cyber Security, Security Services & Risk Management
The Sophos Rapid Response team has compiled a list of the most commonly held security misperceptions they’ve encountered in the last 12 months while neutralising and investigating cyberattacks in a wide range of organisations.

Top cybersecurity considerations for SMEs in 2021
Issue 3 2021 , Cyber Security, News
Cisco has published its 2021 SMB Security Outcomes Study, highlighting what SMB leaders are doing to thrive in today's ever-evolving threat landscape, as well as offering actionable insights on where they should focus.