Technology, since the invention of the internet, has advanced by leaps and bounds. Forever growing faster and smaller to the chagrin of baby boomers, technology has become almost as important as the air we breathe. Today, you can pay your taxes, order food, even meet your future mate, all from your phone. To borrow a phrase, “It’s a great time to be alive.” However, all those modern conveniences come with a price.
Back in the day, mobile risks were just miscreants stealing people’s letters from their mailbox. Ciphers and codes were the fail safes against such thefts. Amazingly, everything has changed and yet, nothing has changed. In 2019, there are more cyber scoundrels than ever before and they are keenly aware the opportunities that the mobile boom has provided. Read on to learn the top 5 mobile security threats that we all must face.
1. Be Wary of the Unsecured Wifi:
Since the vast majority of us are addicted to our handheld oracles, WiFi acts as our doorway to the unbounded sea of entertainment and information. Unfortunately, like all other doors, the WiFi door can also open both ways. It should be noted that not all wireless access points (WAPs) are created equal.
Wifi doesn’t become inherently dangerous, unless it is not protected by a password, usually of the WPA or WPA 2 variety. Passwords don’t seal Wifi like Egyptian tombs but they are the first line of defense. Without a password, WiFi becomes a perfect home for potential hackers.
Security professionals point to ignorance as the number cause of cyber theft. According to a survey by Symantec, “60% of American consumers believe that their information is safe when using public WiFi.” Furthermore, “Only 50% believe that they bear any personal responsibility for ensuring that their data is secure.”
Most worryingly, 17% of those surveyed believe that individual websites are responsible for making sure that visitor data is secure, while the same percentage think that this duty falls to the WiFi network provider.
Those statistics paint a picture of an American public that clearly doesn’t understand the most basic tenets of cybersecurity. First and foremost, you, not the websites, are responsible for keeping your sensitive data secure. Yes, it’s not your job to create the security environment, but just like walking around dangerous neighborhoods at night, you are responsible for where you visit online.
This may be a newsflash to some but sometimes hackers set up what are called Wifi Honeypots, which are fake free Wifi networks that are designed to steal sensitive information as you attempt to login to them. One very simple way to avoid such scams is to trust your phone. Many times your phone will pop up a warning that you are entering an unsecured network.
According to Alex McGeorge, the head of threat intelligence at cybersecurity company, Immunity, Inc. “Your phone actually has a lot of really good built-in technology to warn you when you are going to make a poor security decision. And what we found through our general penetration testing practice and talking to some of our customers is that people are very conditioned to just click through whatever warnings appear because they want the content.”
Adi Sharabani, the co-founder of mobile security company Skycure, who used to work for Israeli Intelligence, said “92 percent of people click ‘continue’ on this screen,” despite the warning. Staying secure is more complicated than just trusting your technology but all the security in the world is useless if you don’t.
2. Mobile Malware:
As the world turns mobile, so do criminals. Mobile malware, which is software written specifically to infect your mobile device, is growing rapidly and is used in a wide variety of cyber thefts. Prior to the explosion of mobile, cybersecurity teams could build a perimeter around valued information to avoid malware threats.
Now, everyone has access to sensitive information from anywhere. It’s both a great convenience, work from anywhere but also a security threat if not handled properly. Cybersecurity has been forced to audible to endpoint access, based on security risk. In plain English, sensitive information is held within secure databases that have singular entry points that allow access based on the potential for a data breach.
Gartner, the tech giant, estimates “That 80% of worker tasks will take place on a mobile device by 2020.” Evidently, the need for companies and individual users to understand the reality of mobile threats is coming fast.
Premium-rate SMS fraud is one of the most common global mobile malware attacks. Premium-rate SMS are probably texts you have received before. Generally, they offer some sort of inconsequential service for a given monthly payment. Some of them are legitimate attempts by companies to make money. More often, they are scammers and fraudsters signing unsuspecting people up and raking in the money. Regrettably, premium-rate SMS fraud is just the tip of the mobile malware iceberg.
A more insidious mobile risk comes from hackers who have infiltrated a personal phone with the objective of attacking the corporation or enterprise where that person works. The rise of mixing work and business on a single device has made these types of attacks more effective.
Even more chilling is the degree of stealth that is associated with this type of infiltration. Alex McGeorge and Adi Sharabani, two security experts we referenced earlier perform simulated attacks to demonstrate the dangers to companies.
McGeorge speaks on the covert nature of the attacks, “It’s usually very rare that a breach that originated through a mobile device or is just contained to a mobile device is likely to be detected by a corporation’s incident response team.” Sharabani has had similar experiences. In some cases he has yet to hear back from the IT department that the attack demonstration has been identified.
3. Tried and True Social Engineering:
You would think that with all the high profile cases of hacking that people would be on their guard. According to the numbers that isn’t the case. According to a 2018 report by ilFireEye, a security firm, “91 percent of cybercrime starts with email.” Despite the growth and sophistication of cyber attacks, good old fashion trickery is still very pervasive and effective.
Phishing, so well known there is a TV show about it, grew by 65% in 2017! Mobile users appear to be especially at risk because mobile phishing scams more effectively mimic real email and messages. The repeat nature of these statistics are the most startling part of mobile attacks.
A Verizon 2018 investigative report found that the same people tended to fall for similar phishing attacks time and time again. According to the report, 15 percent of users who are successfully phished will be phished at least one more time within the same year! Sadly, there is no security protocol for an employee bent on stumbling into cyber traps.
Unfortunately, the proliferation of the ‘bring your own device’ work environments can leave the corporation open to attacks. It doesn’t take much for the hacker to jump from that employee’s personal device into the company’s mainframe and begin mining all sorts of valuable information. The only real defense against these types of trickery is cyber security education. Employees must be made painfully clear the potential consequences of a lax cybersecurity attitude.
4. Keeping Up To Date:
As we mentioned in our opening, everything has changed and yet nothing has changed. The same issues that plagued technology at the turn of the century are back and wreaking havoc in new and painful ways. People have heard the spiel about keeping their computer and patch management up-to-date so much so they roll their eyes every time their computer pings them requesting an update.
It may seem like the most monotonous cycle of constant updating but those patches and updates are vital in keeping out cyber attacks. The EquiFax breach, one of the biggest on record, was primarily caused because of a failure to update. In 2019, hackers have taken advantage of out-of-date smart mobile devices in the same way. This is especially true for Android devices, which are comically susceptible to hacking. All devices, smartphones, tablets etc. fall under the umbrella of the Internet of Things (IoT).
The IoT, with all these out-of-date devices, acts as an open door for hackers to enter a corporation’s technical ecosystem. The more out-of-date devices are, the more extensive the damage from a cyber attack. Raytheon, the cybersecurity firm, sponsored a 2018 study on Global Megatrends in Cybersecurity. The findings were troubling:
- “82% of respondents predict unsecured IoT devices will likely cause a data breach in their organization. 80% say such a breach could be catastrophic.”
- “67% believe cyber extortion, such as ransomware, will increase in frequency and payout.”
- “60% predicted attacks by nation-state actors against government and commercial companies will worsen and could lead to a cyber war. 51% of respondents say cyber warfare will be a high risk in the next three years, compared to 22% who feel that way today. Similarly, 71% say the risk of security breaches involving high-value information will be very high, compared to 43% who believe that risk is high today.”
- “Less than half of IT security practitioners surveyed believe they can protect their organizations from cyber threats. That’s down from 59% three years ago.”
- “Only 36% of respondents say their senior leadership sees cybersecurity as a strategic priority, meaning less investment in technology and personnel.”
- “68% of respondents say their boards of directors are not being briefed on what their organizations are doing to prevent or mitigate the consequences of a cyber attack.”
To recap, the vast majority of tech experts are worried about a catastrophic attack from unsecured personal devices. More than two-thirds of experts think cyber attacks will worsen and a majority don’t think their leadership understands the problem or is sufficiently addressing it. That is one horrible confluence of factors. Does your company fall in those concerning statistics?
5. Unintended Consequences:
The previous four mobile risks are all concerns that are propagated by hackers. Data leakage is the unintended or unauthorized transmission of sensitive information. Data leaks are manna from heaven for hackers as they simply pick up the keys and begin reaping the rewards. They are especially damaging to companies due to the fact that leaks are often unreported or not discovered until after millions of dollars in damage has already been done.
Research by Ponemon and Wandera, two research and security management companies, revealed that the average cost of a data leak is $7 million. Out of 500 companies, more than 200 were found to have unknowingly been exposing customer and corporation information for over a year!
Typically, these data leaks occur when employees use work phones for personal use and vice versa. Employees were found to be using work phones for news, sports, even shopping. Part of the problem is that these devices are designed to encourage the use of apps for non-business use. The lines are further obscured by the growth in the Bring Your Own Device (BYOD) culture that permeates many companies. It creates a security nightmare of thousands of unsupervised devices, many with login information that can be utilized to infiltrate the entire system.
Creating individual passwords, continually educating employees and routinely checking and rechecking data flows are the foundation of a strong network security. As technology grows in sophistication, so too, does the threats of cyber attacks. Understanding the dangers and taking the right steps to protect your company is RSI Security’s mission.
The world has increasingly moved toward a mobile network. That creates opportunity and convenience, however, not only for the good guys. As we speed toward a 5G network mobile security risks and vulnerabilities are only likely to increase. Be sure to have managed security services implemented as a precautionary security solution before the network takes off. It takes a forward thinking and highly versatile security team to understand how the security environment will shift dramatically over the next couple of years and predict future security measures. At RSI Security, we are at the cutting edge of cybersecurity solutions and are able to protect you and your company’s best interests. Contact us for more information.