In a world hypersensitive to hacking attacks on enterprise storage servers and networks, it's easy to overlook the fact a cyberattack could take place in your pocket at a moment's notice.
Behind the numbers
Mobile phones are often forgotten as an endpoint for cyberthreats. We use them every day, and malware doesn't necessarily show itself immediately in many cases. But a Mobile Threat Report 2016 study by Symantec reported that it's entirely likely the prevalence of these sorts of hacking attempts continues to trend upward moving forward.
Symantec found there was a 73 percent increase in unique malware identified in the third quarter of the 2015 fiscal year—a rather alarming figure, considering that malware is generally rewritten and repurposed once security patches are released.
"Unique malware is entering the mobile arena at a high clip."
The United States ranks just behind India as having the most unique infections discovered, with just over 80,000. In contrast, just over 20,000 were found in China, and roughly 30,000 in Russia—both of which garner a lion's share of hacking activity.
While many enterprises focus the bulk of their efforts on protecting internal data by beefing up security on personal computers and the network, cybersecurity departments are forgetting that mobile phones are a reliable access point as well—even if they aren't company property.
Symantec found that a couple of strategies are popping up that bear resemblance to common attacks that target computers; SMiShing and app store malware. The former, a deviation of phishing, lures users into clicking links sent by text. These are often purportedly won contests or something to a similar effect that would entice a user to forget for a moment that a link they click on their phone could begin the file transfer of a virus.
App stores have become a safe haven for some forms of malware. Symantec reported that out of the 150 million apps tested over a three month period in 2015, 37 million counts of malware were found, with 9 million unique strands identified. This resulted in 3 million affected devices.
.jpg?width=839&height=560&name=unnamed%20(5).jpg)
Smartphones are becoming the targets of hackers now.
Shore up your defenses
Smartphones are an easy access point for hackers to get at client and employee information stored on the mobile device, and could lead to some hefty compliance fines if a large enough data breach takes place.
Symantec provided readers a simple list of defense mechanisms employees can use to avoid potential malware attacks:
- Don't download apps from unofficial stores and verify their reputation.
- Consistently update apps and the operating system.
- Incorporate cybersecurity software on your phone.
With the last tip in mind, it's no surprise that many companies are taking matters into their own hands by integrating a mobile cybersecurity solution for their entire workforce. Intelligent technologies like MaaS360 offer IT departments the ability to remotely configure devices for remote access and monitor network usage, as well as access, to ensure data is secure.
Instead of fighting the problem blind, many organizations are leveraging mobile cybersecurity technology as a means of gaining an upperhand against attackers. Previously it was difficult to monitor smartphone network access, but with intuitive technologies that support it now on the market, companies that don't integrate a system like MaaS360 are leaving their financial stability up to chance.
Furthermore, one of the most valuable components of mobile cybersecurity systems is the ability to contain a malware breach to a single phone. Leveraging a constantly updated list, MaaS360 is able to cross-check what's downloaded onto employee phones with available information that lets IT know if an app is suspected to contain a virus. From there, automated actions, like a text message to the user, to immediately wiping information from that person's phone, can be taken.
It's no surprise that hackers are getting modern in their approach, targeting what are usually unprotected endpoints—don't let your company be vulnerable to these attacks in 2017.
Comments