Mobile devices are one of the weakest links in cyber security for businesses, yet very little is being done to mitigate the risks around these top 5 types of mobile device breaches.
In my blog on 3rd Party APIs, I discussed why cyberattacks have become much more focused and planned. Criminal researchers are studying a business’s systems and taking the time to carefully identify weak packages and tools on targeted servers. Mobile devices are an often overlooked weak link into business data.
According to the Checkpoint 2019 Cyber Security Report, 59% of IT professionals do not use a mobile threat defense solution capable of detecting leading threats like malware, malicious apps, man-in-the-middle attacks, and system vulnerabilities. Only 9% of surveyed IT professionals consider threats on mobile devices to be a significant security risk yet malware can propagate from an unprotected mobile device to an organizations’ cloud or on-premises networks, exploiting this weak link in enterprise security defenses.
A smartphone today contains very personal information as well as confidential business information. It knows where the user is at all times, who they talk to, what they say, what is texted and posted on social media, their personal pictures, passwords, and their business email, communications and documents. Attacks on mobile devices yield a bigger reward and are typically an easier target. Today, employees use their smartphone more than their computers for business activities.
1. Man-in-the-Middle Attacks
Public WiFi networks, such as those in airports and hotels, create an opportunity for a cybercriminal to launch Man-in-the-Middle (MitM) attacks that capture any data transmitted over the WiFi network such as credentials, emails, data submitted to web forms, and more. According to MobileIron’s Global Threat Report, in the first six months of 2018, 15% of protected devices detected a MitM attack. Research by enterprise security firm Wandera reports that corporate mobile devices use Wi-Fi almost three times as much as they use cellular data. Over half of all organizations (55%) have at least one user who connected to a risky hotspot last month.
2. Rogue Apps
Installing unapproved or rogue apps easily opens the door for cybercriminals to gather information from mobile devices. According to Verizon’s Mobile Security Index 2019 report, only 40% of organizations said they limit users to installing apps from a recognized app store, such as Apple App Store and Google Play Store. While Apple and Google are cracking down on the behavior of apps in their stores, it is still not foolproof. A more recent example exposed last fall is Adware Doctor, where upon installation it would collect the browser history and attempt to upload it to a rogue server.
Users install apps from other sites as well because they offer convenient functionality but these apps often secretly upload data to cybercriminals. Only 3% of businesses totally block users of company mobile devices from installing any apps. 35% of organizations have at least one device with one or more side loaded apps installed.
3. Data Leakage
Data leakage is another common way data is exposed to cybercriminals. According to Verizon, there is a 28% chance that a business will experience a leak at least once every two years. There are two basic ways this happens. The first is improper app setup where users inadvertently allow apps to see and transfer their information. A recent example of this is the fitness app Strava. Users can share their running routes using GPS data from FitBits, cellphones, and other fitness tracking devices.
The app shares this information with other athletes through a global heat map. Soldiers used the app to track their running activities resulting in a high concentration of runners in specific locations. Comparing this to well-known US Military base locations clearly shows the locations of those bases on the heat map – plus US Military bases in obscure, potentially sensitive areas - easily informing anyone wanting to attack those troops of their location. (Yes, the Department of Defense is reviewing their policy regarding these apps to ensure the safety and security of US troops.)
The second frequent cause of data leakage is through accidental disclosure. Since mobile devices use a small display, there is often less information visible to the user - causing information to be sent to the wrong email address. This is a frequent problem in the Healthcare industry where it was the top cause of almost all breaches reported.
4. Social Engineering
Social Engineering remains a top cause of data breaches on mobile devices. 91% of cybercrime starts with email. Mobile users are at higher risk because mobile devices only display the sender’s name, making it easier to trick the reader into thinking it is someone they know. Once an organization exceeds 1,000 employees, the likelihood of a phishing incident reaches 85% and continues to increase exponentially as the employee count climbs. And it is often unnoticeable because the malware is deployed, credentials are stolen, remote access is gained, data is stolen and additional compromises happen…
5. Device Loss and Theft
I would be remiss if I did not include device loss and theft in this list. Kensington published research stating 70 million smartphones are lost or stolen every year. Only 7% are recovered. 4.3% of business owned smartphones are lost or stolen each year. According to Verizon, 1% to 2% of all mobile phones and tablets do not have a lock screen configured. 5% of Android devices in 500-999 employee companies have no lock screen configured. And 48% of companies using a Mobile Device Management solution enforce a lock screen on all devices. This is an easy one, lock your mobile devices!
Final Thoughts
Cybercriminals are targeting mobile devices because they are a weak link and the data on them is valuable in the cybercrime market. The solutions are not complex, VPN use will help prevent MitM attacks over public WiFi, stick to Apple and Google Stores for Apps, be careful what permissions users give to apps and use tools to monitor app behavior. Now is a great time to educate users on the threats to their mobile devices and how to prevent data theft.