Category: Mobile Security

docuserve-application-based-threats

Mobile Security Threats – Present and Future

As the number of mobile devices increases around the world, keeping the digital content safe and secure is becoming a challenge. With cybercrimes on the rise, data breaches these days are becoming a norm rather than an exception. Mobile security, therefore, is a serious concern, and it is important to know the security threats that can affect your mobile devices. Just as viruses and spyware can infect your computers, mobile devices are also susceptible. Mobile threats can be categorized as follows: application-based threats, web-based threats, network-based threats and physical threats.

 

What is an application-based threat?

Downloading an app can bring in several types of security threats. It is not easy to detect a malicious app because they look fine on a download site, but these apps are specifically designed to carry out malicious activity. Application-based threats can be categorized as follows:

 

Malware – Once downloaded and installed on your phone, malware can send unwanted messages to your contacts, make changes to your phone bill or hand over control of your device to the hacker – all without your knowledge.

 

Spyware – This is software used to gather information about a person or organization, which can later be used for activities like financial fraud or identity theft. Phone call history, user location, contact list, text messages, browser history, private photos and emails are common data targeted by spyware.

 

Privacy threats – These are applications that might not be malicious, but collect or use sensitive information like contact lists, location and other personally identifiable information that can be used for fraudulent purposes.

 

Vulnerable applications – These are apps that contain errors that can be used for malicious purposes. Vulnerabilities like these allow the attacker to take control of your device by accessing sensitive information, stopping a particular service from proper functioning, carrying out undesirable actions or downloading apps on your device – again, without your knowledge.

 

What are web-based threats?

Since mobile devices are always connected to the internet and often used to access web-based services, web-based threats pose a serious threat to mobile devices. Some of these are:

 

Phishing scams – Phishing links are sent through email, text messages, Twitter, and Facebook, connecting you to websites that are designed to extract information (like passwords or account numbers) by tricking you. It is not easy to ascertain whether these messages and sites are fraudulent, as they very closely resemble the legitimate websites.

 

Drive-by downloads – It is a program that automatically gets downloaded to your device when you visit a web page. And, in some cases, the application starts automatically even without your knowledge.

 

Browser exploits – This is a form of malicious code that takes advantage of a flaw in your mobile web browser or software. It is typically launched by Flash player, image viewer or PDF reader. Sometimes when you visit a web page that is unsafe, you can put in motion a browser exploit that installs malware or performs other unwanted actions on your device.

 

What are network-based threats?

Mobile devices support both cellular networks as well as local wireless networks, such as Wi-Fi and Bluetooth. These networks can host the following threats:

Network exploits – It takes advantage of the vulnerabilities of the mobile operating system or other software that operates on cellular or local networks. Once connected to your device, can malware can be installed on your phone without your knowledge.

Wi-Fi sniffing – When proper security measures are not taken by websites and applications, they send unencrypted data across the network, which can be intercepted by cyber criminals as it travels.

 

What are physical threats?

 

Simply stated, the main physical threat is the possibility of your mobile device being stolen. Most of our important personal information is there – as well as sensitive corporate information, for those who conduct business on their mobile device. In this case, theft of a mobile device leaves your company’s sensitive proprietary information vulnerable, as well as the account and/or personal information of clients and vendors – not to mention the resulting PR nightmare once the resulting data breach is made public.

 

The current state of mobile security

 

Kyle Johnson – site editor for BrianMadden – provides insight on the overall severity of mobile security threats. He focused on findings in Google’s “Android Security 2017 Year In Review” and statistics from mobile security vendor Lookout. While the Google report can be accessed via the link provided in the previous sentence for those who are interested, Johnson’s take-home summary states that the frequency in which Android users encounter a potentially harmful app (PHA) are as follows:

  • “In 2016, the annual probability that a user downloaded a PHA from Google Play was 0.04% and we reduced that by 50% in 2017 for an annual average of 0.02%.”
  • “In 2017, on average 0.09% of devices that exclusively used Google Play had one or more PHAs installed. The first three quarters in 2018 averaged a lower PHA rate of 0.08%.”

 

Regarding Lookout, Johnson reported it offered a wide range of data for both Android and iOS mobile operating systems. According to Lookout, 56% of their users (both consumer and enterprise) between January to September 2018 clicked on a phishing link through their mobile devices. There has been a steady growth of 85% every year since 2011 in which users fell for mobile phishing links.

 

As far as app-based threats are concerned, it is 4.7% for enterprise Android devices and 0.1% for IOS devices. While 20% of the app-based threats are Trojans, the other 80% are adware and other app-based threats.

 

However, concludes Johnson, “One thing that remains top of mind while examining the data is that we want to know how many data breach incidents can be directly attributed to mobile devices. Unfortunately, this is apparently difficult to determine.”

 

Mobile security projections for 2019

The Global Security Threat Outlook 2019 was recently released by the Information Security Forum which details the security risks and encumbrances to mitigate the risks.

Here are top four security threats businesses should expect in 2019:

 

Ransomware and cybercrime are expected to become more sophisticated – Though the ransomware attack frequency has decreased in 2018, the attacks have become more potent and targeted. Instead of indiscriminately attacking any computer, crypto jacking malware is being used to target enterprise networks. According to the report, it is not easy to calculate damages from ransomware, but still, it claims that globally more than $5 billion were lost from ransomware in 2017. The report also cautions that ransomware on mobile devices is set to increase in the future.

 

The weak link in security is smart devices – As smart devices such as personal assistants on smartphones and internet-connected devices become even smarter, the security threat is set to increase. According to the report, these devices are security black boxes, and it is difficult for organizations to keep track of the information that is leaving the network or what is secretly being captured and transmitted by these smart devices. When breaches occur, organizations will be held responsible by regulators and customers for inadequate data protection.

 

It is difficult for legislation to keep up with the security realities – Unfortunately, our elected lawmakers possess little – if any – knowledge about today’s technologies. Therefore, security best practices legislation either comes in too late or not at all. At times, sweeping changes are made without providing prior information to corporations, which makes it difficult for them to implement the compliance norms. According to the report, it becomes difficult for the organizations to keep abreast of such developments that could also impact their business model. It will particularly impact cloud implementations, as understanding the location of cloud data is a difficult task.

 

Supply chain security is a hopeless case – According to the report, organizations in 2019 will find that ensuring the security of their supply chain is a hopeless case. Irrespective of the supply chain provider, organizations should focus on managing their key data and knowing where and how the data has been shared across various channels and boundaries. In 2019, it will be important to compartmentalize access to data and fingerprinting data shared with third parties to detect leaks.

 

If businesses and individuals don’t adopt ways and means to secure their proprietary content, confidential company secrets, or personal data, their data can be compromised by hackers pretty easily. Whether it is cryptography to secure your data in the cloud, video encryption to protect your corporate training materials, or content encryption solution to protect your mobile devices, companies (and individuals) these days have various options to keep their information safe and secure from prying eyes.

 

What you need to do is make a smart move and select a reliable data protection company like DocuServe to ensure that all your data remains safe and secure. From securing your data in the cloud and protecting your corporate secrets to keeping your mobile devices safe, DocuServe is a one-stop shop. Contact us to learn more about our industry-leading solutions.


Cybersecurity Degree Programs, Cybersecurity Masters Degree, Degree in Cyber Security, Online Security, Internet Security

Interested in Internet Security? Get a Cybersecurity Masters Degree!

Cybersecurity Degree Programs, Cybersecurity Masters Degree, Degree in Cyber Security, Online Security, Internet Security

No one can forget the infamous Sony Pictures security breach of 2014, where confidential information was released courtesy of computer hackers who called themselves the “Guardians of Peace.”

Cybersecurity attacks are becoming more frequent, and the demand for jobs is reaching a fever pitch. A new report out from Cybersecurity Ventures estimates there will be 3.5 million unfilled cybersecurity jobs by 2021, up from 1 million openings last year.

Employment figures from the U.S. and India highlight the cybersecurity labor crisis.

In 2017, the U.S. employed nearly 780,000 people in cybersecurity positions, with approximately 350,000 current cybersecurity openings, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE), a program of the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce.

Most IT security jobs require at least a bachelor’s degree in a computer related field however many colleges are expanding to have cybersecurity master’s degree programs, and here are some of them…

 

American Military University Logo_Cybersecurity Masters Degree Programs

American Military University (Charles Town, W.Va.) – The Master of Science in Cybersecurity Studies program takes a broad, multidisciplinary approach to preventing and responding to large-scale cyber threats and cyber attacks. The first half of the online, two-year program provides a foundation in network security, information assurance, cyber crime and digital forensics. The second half focuses on the issues, policies, practices and perspectives of various sectors, critical infrastructures, agencies and disciplines, such as national security, intelligence, criminal justice and emergency management.

 

Carnegie Mellon University_Cybersecurity Masters Degree Programs

Carnegie Mellon University (Pittsburgh)—In 16 or 20 months, the Master of Science in Information Security enhances a technical education in computer systems and security with research/development opportunities and the option to take additional courses in areas complementary to security. Graduates may pursue doctoral degrees or positions as security experts equipped to manage the growing complexities associated with securing data, networks and systems. This graduate degree program meets the criteria for the NSF-funded CyberCorps Scholarship for Service Program (SFS). U.S. citizens who are accepted may be eligible for a full scholarship and stipend from the federal government.

 

Fordham University_Cybersecurity Masters Degree Program

Fordham University’s School of Professional and Continuing Studies (Bronx, N.Y.)—Fordham’s Master of Science in Cybersecurity program is a combination of weekend, online and hybrid courses is designed for completion in 12 months over three semesters. Students learn how to identify solutions to global cyber threats while mastering legal, ethical and policy issues using methods in computing and informational science, engineering and social science. Program highlights include small classes taught by academia and industry experts, intensive lab experience in a dedicated cybersecurity research lab, and networking opportunities and career support.

 

George Washington University_Cybersecurity Masters Degree Programs

George Washington University (Washington, D.C.)—The Master of Science in Cybersecurity in Computer Science program was created to respond to the large and fast-growing need for technical cybersecurity experts nationally and internationally. Students acquire up-to-date knowledge and skills in cybersecurity and get a firm grounding in requisite core knowledge in computer science, as well as the ability to take courses in related disciplines. GWU also offers the Master of Engineering in Cybersecurity Policy and Compliance (online).

 

Indiana University_Cybersecurity Masters Degree Programs

Indiana University (Bloomington, Ind.)—The Master of Science in Secure Computing offers an interdisciplinary focus that combines coursework in mathematics, protocol analysis, and system and network security, with business and economics, social engineering, human-computer interaction, and other disciplines. The Master of Science in Cybersecurity Risk Management program will bring together cybersecurity courses from law, business and computer science. The degree offers integrated coursework from the School of Informatics and Computing, the IU Maurer School of Law, and the IU Kelley School of Business.

 

Northeastern University_Cybersecurity Masters Degree Programs

Northeastern University (Boston)—The Master of Science in Information Assurance and Cybersecurity program enables students to gain the broad knowledge needed to make strategic decisions to combat information security threats, including identity theft, computer malware, electronic fraud and cyber attacks. The program explores key issues in information security and how technology can help resolve them. It combines an understanding of IT with relevant knowledge from law, the social sciences, criminology and management.

 

University of Southern California_Cybersecurity Masters Degree Programs

The University of Southern California (Los Angeles)—USC Viterbi’s Master of Science in Cyber Security Engineering program focuses on the fundamentals of developing, engineering and operating secure information systems. Curriculum fosters understanding in developing a security policy and how policy drives technology decisions. Students solve challenges and problems of secure operating systems, secure applications, secure networking, use of cryptography and key management. This program is also available online to professional engineers through the Distance Education Network.

 

University of South Florida_Cybersecurity Masters Degree Programs

The University of South Florida (Tampa, Fla.)—The Master of Science in Cybersecurity interdisciplinary program has four concentrations. The Cyber Intelligence concentration prepares graduates for entry-level or advanced positions as cyber intelligence or threat intelligence analysts. The Digital Forensics concentration helps students gain the skills needed to investigate computer, cyber and electronic crimes; analyze networks that have been attacked or used for illicit purposes; and properly identify, collect, secure and present digital evidence. The Information Assurance concentration provides a core foundation of knowledge and applied expertise in information security controls, the regulatory environment, and information risk management and incident response. The Computer Security Fundamentals concentration provides a core foundation of technical knowledge necessary to design and build secure computing systems, detect unauthorized use, and protect systems, resources and data that they store or access. All courses are fully online.

 

University of Washington_Cybersecurity Masters Degree Programs

The University of Washington (Bothell, Wash.)—The Master of Science in Cyber Security Engineering prepares students to protect cyber systems with the necessary technical and leadership skills. Students gain expertise and confidence in making difficult security trade-offs and carrying out essential changes to keep and maintain secure systems. They gain hands-on experience in a myriad of research areas, such as penetration testing, emerging technologies, vulnerability analysis, network security, human-computer interaction, wireless security and cryptography. The degree is designed to meet the needs of working professionals. Enrollment is either part-time or full-time, with courses meeting in the evening two or three times a week. Most students complete the program in just over two years.

 


Twitter: @Docuserve

Facebook: @Docuserve