It’s a cliche: protecting against mobile security threats in 2019 is a lot like trying to kill a hydra. Once you cut one head off, two grow back in its place. That’s because instead of fighting a pseudo-dragon who regrows its heads, you are fighting hundreds of thousands of hackers with varying levels of sophistication. For hackers, it’s a job like any other. They read the trends, look for opportunity and make as much hay whenever possible. That’s why organizations of all sizes need some measure of protection against the wide array of 2019 mobile security threats.
Thankfully, in the same way, that there are legions of hackers aiming to break down your information system, there are also many cybersecurity companies working to put them out of business. RSI Security employes the best and brightest to ensure your information system is secure from mobile, internal, external and whatever other threats your company may face. To learn about 2019’s mobile security threats, please read on.
1. The Insidious Threat: Data Leakage
Data leakage may sound like a problem for a Transformer. In reality, it’s a 2019 mobile security threat. Unlike most cybersecurity threats, which emanate from external sources, data leakage typically begins in-house. Also known as “low and slow data theft,” data leakages are unauthorized transmissions from within the organization that ends up in the wrong hands. They can be sent electronically or even physically. Also unlike other types of 2019 mobile security threats, data leakage isn’t always malicious; it can be accidental. In some cases, that makes it more difficult to track where the breach began.
2. Accidental vs. Malicious Threats
An example of accidental data leakage could be sending an email containing sensitive information or downloading an app that unknowingly transfers valuable information. At the end of last year, Apple removed its number one paid utility app because they discovered the app was sending app data and browser history to a server located in China! According to the report by 9to5Mac, Apple learned of the issue but didn’t remove the app from its store for an entire month.
Equally troubling, the app was well vetted, positioned in the app store next to Final Cut Pro and Logic Pro X. To some degree, it would be difficult to blame someone for downloading what appears to be a completely safe and secure app. It is an alarming example of the well-laid traps that hackers utilize. Gone are the silly emails from a Nigerian Prince. In are nefarious apps that even Apple fails to catch. Security scans, encryption keys and not saving passwords to your phone are smart ways to avoid unintentional data leakage.
3. The Disgruntled Employee
Worse, still, is the idea that the previous example wouldn’t fall under a “malicious” data leakage. In 2014, the FBI released a PSA, warning companies of an increase in cybercrime relating to current or former employees. Since then, more and more companies face security breaches or instigate lawsuits against former employees. According to CA technologies report, 90% of organizations consider themselves vulnerable to an insider attack. In the past few years, giant companies like Morgan Stanley, JP Morgan & Chase, and Expedia, among many others, took losses due to disgruntled employees. Naturally, curbing insider hacks is very difficult, as the threat comes from a previously entrusted employee.
Creating endpoint security, minimizing who has access to sensitive information and continual monitoring are the best bets against insider hacks. Regrettably, insider hacks still occur frequently, mostly because companies allow too many employees access or they aren’t strict enough with oversight. Developing an information security system that is effective and efficient is always a battle. The more efficient a system is, the more holes and cracks appear. However, a system with too many checks and balances can make it difficult for employees to get work done. Finding that balance is the role of your security consultant.
4. Tried and True Trickery
You would think that in 2019, hackers would abandon old fashion chicanery for new-fangled means of infiltrating information systems. However, like any other industry, hackers subscribe to the belief, “If it isn’t broken, don’t fix it. Amazingly, in 2018 according to the security firm FireEye, a staggering 91% of cyber crimes start with an email. Despite the growing chorus of voices warning everyone about the dangers of phishing, people still fall for it all the time. Also according to FireEye, Phishing grew by 65% over 2017.
Mobile devices are especially popular targets because of their layout. A phishing email displayed on a computer may look as obvious as a Nigerian Prince scam, but it may not look suspicious at all on mobile. According to an IBM study, “Three times more likely to respond to a phishing attack on a mobile device than a desktop.” Amazingly, a 2018 Verizon data breach investigation stated that only 4% of people actually click on phishing emails. Unfortunately, that especially gullible 4% tends to be repeat offenders. That same report established that “15% of users who are successfully phished will be phished at least one more time within the same year!”
In 2019 people own more devices than ever. As Bring Your Own Device (BYOD) policies become more prevalent, so too, does the potential for data breaches stemming from their use. More devices mean more potential back doors and more opportunities for users to miss the slight differences between a legitimate correspondence and one directed by a malevolent hacker. Companies must educate their employees, establish proper protocols for personal devices and ensure that employees understand the dangers and consequences of negligent behavior. Sadly, all it takes is one careless click or miscalculation that leads to millions of dollars in damages. The 2019 mobile security threats are very real and employees must understand that.
5. Open Sesame Doesn’t Cut It Anymore
We all hate remembering our passwords. Nothing is more frustrating than going through the “I forgot my password” ringer when you really need access to your email. Regrettably, the bane we all have for remembering our passwords leads to very simple passwords or using the same one across platforms. That is a serious no-no. If you don’t think so, think again. In 2017, Verizon found that ”weak or stolen passwords were to blame for more than 80 percent of hacking-related breaches in businesses.”
According to a survey by Google and Harris Poll, roughly half of Americans use the same password across platforms or fail to use other means of protecting themselves. Clearly, there is a disconnect between our threshold of inconvenience when logging in and our understanding of the importance of security. Apparently, a great many Americans don’t use two-factor authentication or don’t even know what it is. Education is at the root of many of our problems in the world and cybersecurity is no exception.
6. Where’s Your Wi-Fi Coming From?
Yes, there are many 2019 mobile security threats that you must address directly on your phone. Password security, phishing emails, and nefarious apps are all threats you can mitigate from responsible phone use. Unfortunately, you also must be wary of the Wi-Fi connections as well. Similar to how apps can steal sensitive information from your phone, so too, can unsecured Wi-Fi networks. There are even criminals that create fake Wi-Fi networks that attempt to infiltrate your phone the second you connect to them!
Wi-Fi spoofing and “Man-in-the-middle attacks” are the two most common ways for hackers to use unsecured Wi-Fi as a means of wreaking havoc. Such methods are especially dangerous to travelers. Often, travelers use whatever Wi-Fi is on hand, not thinking that hungry hackers are waiting on the other end, eager to take whatever they can.
VPNs or Virtual Private Networks are apps designed to protect you from such duplicity. Lamentably, not all VPNs are created equal. Some are even traps set by hackers that we warned you of earlier. Choosing a VPN that is cost effective, doesn’t drain your battery and sufficiently provides protection can be a challenge. Do your research and choose carefully. Not using a VPN is certainly a worse option for travelers.
7. Lack Of End-to-End Encryption
Apps are quickly becoming the way of the world. It makes sense since our handheld oracles known as smartphones utilize apps to satisfy our need to have the world at our fingertips. Naturally, there is a catch. Despite the pressing need for new and improved apps, only 5.5% of app development budgets go toward security. That lack of attention to safeguards invites potential criminal activity.
Your phone is continuously communicating with various servers to utilize the bevy of apps you enjoy. The problem arises if the app you are using does not have end-to-end encryption. Without it, hackers can peer into the communication between your phone and those servers. If sensitive information is at all included, hackers can happily pluck it out of the air and exploit the information to devastating effect. All it takes is the right or wrong, depending on your perspective, piece of information to be stolen for chaos to ensue.
Understand the types of apps you are using and the information that is sent through that device. Ensuring that all your applications have proper encryption methods goes a long way in keeping your information safe.
8. IoT: Internet of Things
IoT may sound like the new horror movie where the internet comes alive and attempts to murder people in their sleep. Scarily, that is not too far from the truth. OK, the internet is not going to try to kill you, but IoT is a serious 2019 mobile security threat that all companies must face. For those who don’t know, IoT or the Internet of Things is the billions of connected devices that exchange information and data to make your life easier. Examples of such devices include smartwatches, smart home systems, apps on your phone, and many other examples.
These devices are designed to make our lives easier. They do that by taking in data and programming themselves based on the information received. Unfortunately, hyper-connectivity that is supposed to make them more helpful also creates a security risk. For these devices to “learn” they must be open to receive data, which also leaves them vulnerable to hackers.
IoT attacks can range from stolen personal data to denial-of-service(DDoS) attacks that can shut down entire organizations. So if there are flaws in these devices, why don’t manufacturers try to close them? Even as experts call for industry-wide standards, manufacturers drag their feet because of the massive expense and reluctance to cooperate with the competition. Therefore, the security of individual devices falls to the user.
Protecting yourself and your organization from IoT is time consuming but a requirement if you don’t want to run the risk of massive data breaches. Here are a few tips to keep your information safe:
- Install reputable security software on your computer, tablets, and phone. These are not foolproof but it is a strong first step toward solid digital security.
- We have already gone over this but use strong passwords. Too many people never even change their default password, which is like a giant “Come hack me” sign.
- Understand what data your devices are sharing. Turn off any sharing that may compromise your security.
- Check for updates. Out of date security might as well be that open door.
We wish digital security was at a level that could completely and utterly protect your phone, regardless of reckless behavior. Sadly, the sophistication of hackers makes that an impossibility. In today’s digital environment, you need quality mobile security solutions AND to understand the risks and threats around you. Without one or the other, you become a target for opportunistic hackers, looking to make a meal out of your unprotected data. RSI security understands the complex world of security better than anyone. From individual security to corporate surveillance, we can keep you safe from the many security threats facing everyone in 2019.
Work From Home Cybersecurity Checklist
Review the best practices to keep your remote workforce safe and secure. Rest easy and give your clients the assurance they need that their information will be safe by implementing cybersecurity best practices as your employees work from home. Upon filling out this brief form you will receive the checklist via email.