As the number of mobile devices increases around the world, keeping the digital content safe and secure is becoming a challenge. With cybercrimes on the rise, data breaches these days are becoming a norm rather than an exception. Mobile security, therefore, is a serious concern, and it is important to know the security threats that can affect your mobile devices. Just as viruses and spyware can infect your computers, mobile devices are also susceptible. Mobile threats can be categorized as follows: application-based threats, web-based threats, network-based threats and physical threats.
What is an application-based threat?
Downloading an app can bring in several types of security threats. It is not easy to detect a malicious app because they look fine on a download site, but these apps are specifically designed to carry out malicious activity. Application-based threats can be categorized as follows:
Malware – Once downloaded and installed on your phone, malware can send unwanted messages to your contacts, make changes to your phone bill or hand over control of your device to the hacker – all without your knowledge.
Spyware – This is software used to gather information about a person or organization, which can later be used for activities like financial fraud or identity theft. Phone call history, user location, contact list, text messages, browser history, private photos and emails are common data targeted by spyware.
Privacy threats – These are applications that might not be malicious, but collect or use sensitive information like contact lists, location and other personally identifiable information that can be used for fraudulent purposes.
Vulnerable applications – These are apps that contain errors that can be used for malicious purposes. Vulnerabilities like these allow the attacker to take control of your device by accessing sensitive information, stopping a particular service from proper functioning, carrying out undesirable actions or downloading apps on your device – again, without your knowledge.
What are web-based threats?
Since mobile devices are always connected to the internet and often used to access web-based services, web-based threats pose a serious threat to mobile devices. Some of these are:
Phishing scams – Phishing links are sent through email, text messages, Twitter, and Facebook, connecting you to websites that are designed to extract information (like passwords or account numbers) by tricking you. It is not easy to ascertain whether these messages and sites are fraudulent, as they very closely resemble the legitimate websites.
Drive-by downloads – It is a program that automatically gets downloaded to your device when you visit a web page. And, in some cases, the application starts automatically even without your knowledge.
Browser exploits – This is a form of malicious code that takes advantage of a flaw in your mobile web browser or software. It is typically launched by Flash player, image viewer or PDF reader. Sometimes when you visit a web page that is unsafe, you can put in motion a browser exploit that installs malware or performs other unwanted actions on your device.
What are network-based threats?
Mobile devices support both cellular networks as well as local wireless networks, such as Wi-Fi and Bluetooth. These networks can host the following threats:
Network exploits – It takes advantage of the vulnerabilities of the mobile operating system or other software that operates on cellular or local networks. Once connected to your device, can malware can be installed on your phone without your knowledge.
Wi-Fi sniffing – When proper security measures are not taken by websites and applications, they send unencrypted data across the network, which can be intercepted by cyber criminals as it travels.
What are physical threats?
Simply stated, the main physical threat is the possibility of your mobile device being stolen. Most of our important personal information is there – as well as sensitive corporate information, for those who conduct business on their mobile device. In this case, theft of a mobile device leaves your company’s sensitive proprietary information vulnerable, as well as the account and/or personal information of clients and vendors – not to mention the resulting PR nightmare once the resulting data breach is made public.
The current state of mobile security
Kyle Johnson – site editor for BrianMadden – provides insight on the overall severity of mobile security threats. He focused on findings in Google’s “Android Security 2017 Year In Review” and statistics from mobile security vendor Lookout. While the Google report can be accessed via the link provided in the previous sentence for those who are interested, Johnson’s take-home summary states that the frequency in which Android users encounter a potentially harmful app (PHA) are as follows:
- “In 2016, the annual probability that a user downloaded a PHA from Google Play was 0.04% and we reduced that by 50% in 2017 for an annual average of 0.02%.”
- “In 2017, on average 0.09% of devices that exclusively used Google Play had one or more PHAs installed. The first three quarters in 2018 averaged a lower PHA rate of 0.08%.”
Regarding Lookout, Johnson reported it offered a wide range of data for both Android and iOS mobile operating systems. According to Lookout, 56% of their users (both consumer and enterprise) between January to September 2018 clicked on a phishing link through their mobile devices. There has been a steady growth of 85% every year since 2011 in which users fell for mobile phishing links.
As far as app-based threats are concerned, it is 4.7% for enterprise Android devices and 0.1% for IOS devices. While 20% of the app-based threats are Trojans, the other 80% are adware and other app-based threats.
However, concludes Johnson, “One thing that remains top of mind while examining the data is that we want to know how many data breach incidents can be directly attributed to mobile devices. Unfortunately, this is apparently difficult to determine.”
Mobile security projections for 2019
The Global Security Threat Outlook 2019 was recently released by the Information Security Forum which details the security risks and encumbrances to mitigate the risks.
Ransomware and cybercrime are expected to become more sophisticated – Though the ransomware attack frequency has decreased in 2018, the attacks have become more potent and targeted. Instead of indiscriminately attacking any computer, crypto jacking malware is being used to target enterprise networks. According to the report, it is not easy to calculate damages from ransomware, but still, it claims that globally more than $5 billion were lost from ransomware in 2017. The report also cautions that ransomware on mobile devices is set to increase in the future.
The weak link in security is smart devices – As smart devices such as personal assistants on smartphones and internet-connected devices become even smarter, the security threat is set to increase. According to the report, these devices are security black boxes, and it is difficult for organizations to keep track of the information that is leaving the network or what is secretly being captured and transmitted by these smart devices. When breaches occur, organizations will be held responsible by regulators and customers for inadequate data protection.
It is difficult for legislation to keep up with the security realities – Unfortunately, our elected lawmakers possess little – if any – knowledge about today’s technologies. Therefore, security best practices legislation either comes in too late or not at all. At times, sweeping changes are made without providing prior information to corporations, which makes it difficult for them to implement the compliance norms. According to the report, it becomes difficult for the organizations to keep abreast of such developments that could also impact their business model. It will particularly impact cloud implementations, as understanding the location of cloud data is a difficult task.
Supply chain security is a hopeless case – According to the report, organizations in 2019 will find that ensuring the security of their supply chain is a hopeless case. Irrespective of the supply chain provider, organizations should focus on managing their key data and knowing where and how the data has been shared across various channels and boundaries. In 2019, it will be important to compartmentalize access to data and fingerprinting data shared with third parties to detect leaks.
If businesses and individuals don’t adopt ways and means to secure their proprietary content, confidential company secrets, or personal data, their data can be compromised by hackers pretty easily. Whether it is cryptography to secure your data in the cloud, video encryption to protect your corporate training materials, or content encryption solution to protect your mobile devices, companies (and individuals) these days have various options to keep their information safe and secure from prying eyes.
What you need to do is make a smart move and select a reliable data protection company like DocuServe to ensure that all your data remains safe and secure. From securing your data in the cloud and protecting your corporate secrets to keeping your mobile devices safe, DocuServe is a one-stop shop. Contact us to learn more about our industry-leading solutions.