Enterprises have been facing security threats since computers and networks were first connected. Over the years, they have managed those threats quite well, especially considering the time and effort that malicious actors spend trying to compromise them.
But the threat landscape has changed along with the way we communicate. Enterprises now face the challenge of protecting themselves and battling security threats in a mobile environment, with a workforce that is increasingly relying on mobile devices to get their work done.
There is no doubt that the risks continue to multiply along with the number of mobile devices. Here’s why:
- With BYOD, more work is being done on all those devices as people continue to rely less on traditional laptops and desktops to do their jobs.
- Users tend to have a false sense of security about their devices, and assume that their risk of being attacked and compromised by cybercriminals is lower than it is.
- Attacks on mobile devices are growing ever more sophisticated and are easier to carry out, as cybercriminals have easy access to malware and other tools they need for their misdeeds.
Mobile security threats typically fall into three general categories: devices, networks, and applications.
Device threats and risks
These threats are focused on a device or its operating system, including taking advantage of unpatched vulnerabilities. In one survey, almost four out of 10 devices were shown to be at great risk for attacks by cybercriminals1.
Their weaknesses include disabled code signing, which could allow apps from unknown sources or malicious profiles on the devices; malicious operating system configuration profiles associated with the installation of trojans; and the presence of apps that are inappropriately surveilling internal networks.
These are delivered to the device by way of Wi-Fi networks or in some cases even the cellular network.
A frequent mode of attack is for a cybercriminal to intercept the device’s network traffic via a man-in-the-middle ruse or a rogue access point. It opens the door for the hacker to read and capture network credentials, emails, personal information, contacts, and all kinds of other sensitive data. Often this is a prelude to a more serious attack.
Unless devices are equipped with virtual private network (VPN) applications or other defensive mobile apps that can detect an attack in real time, a cybercriminal can reroute the connection to a proxy where data can be compromised, then leveraged for an all-out attack on the enterprise.
With mobile users connecting to Wi-Fi networks far more than to cellular networks, this is a serious threat to mobile security.
These typically involve some form of mobile malware, spyware, adware, or other questionable and dangerous apps. Sometimes they are the product of intentional hacking, but just as often they are the result of users making poor decisions about which apps are able to access and transfer their information.
There is an elevated risk for app-based threats when it comes to mobile devices, since mobile operating systems tend to evolve – in order to add useful features – very rapidly. That means millions of lines of code added every year, creating the potential for vulnerabilities.
Harden your defenses
To combat these mobile security risks, your company needs a mobile security threat detection and threat management system – specifically a mobile threat defense (MTD) solution – to detect, prevent, and remediate attacks.
These solutions, such as Sprint Secure Mobile AI, accomplish this by collecting and analyzing threat data and device behavior for indications of possible compromise, and then moving to counter those threats.
Addressing all the threat areas – device, network, and application – an MTD solution builds on the existing protections and security that is already provided by an enterprise’s mobile device management tools.
In the case of Sprint Secure Mobile AI, when it encounters a threat, a defensive action can be taken either automatically, by the user, or through a separate but integrated third-party device management solution.
Follow these steps to ensure protection for your mobile device users:
- Define a comprehensive mobile security policy
- Analyze and thoroughly understand how many devices – and what types, who owns them, etc. – are connecting to your network
- Identify the types and volume of data that might be at risk through those mobile devices.
- Implement a threat detection and threat management – MTD – solution for all your users, but especially for those who are using their own devices.
Today, employees are carrying more valuable corporate data and personal information on their phones than they – or their companies – often realize. One estimate put the value of that data on an average device at about $14,0001.
Yet that’s only the beginning when it comes to the cost of a breach. Compromising a device paves the way for a cybercriminal to do all kinds of harm to a target company. The damage can run into the millions of dollars, not to mention the negative effects on the company’s public image once a major breach is made public.
There is every reason to do all you can to protect your people’s mobile devices as comprehensively as you possibly can. Artificial intelligence can assist in identifying potential threats to resolve issues before serious damage is done.