Top five mobile threats to your enterprise data

Phil Muncaster

Thursday 20 April 2017

Mobile devices are near-ubiquitous productivity tools for enterprise employees, but they are also vulnerable to malicious third parties. Hackers want to take advantage of the security gaps that don’t exist on desktop PCs – and we reveal how to outsmart them.

By 2020, 60 per cent of the world will access the internet via their mobile devices, according to a GSMA Intelligence report. Thanks to the rise of BYOD, mobile devices have become an essential workplace tool around the world. Nearly three-quarters of enterprises allow some employees to use their personal device in the workplace, and it’s widely believed that doing so increases staff productivity and mobility, and keeps employees happier in their roles.

With so many benefits, why wouldn’t you support mobile working?

Hackers on the prowl

In recent years, mobile devices have been increasingly targeted by hackers who view them as an exploitable weakness in the business world. They want to steal data stored on individual devices or use them as a gateway to sneak into corporate networks undetected. The problems are compounded by the dearth of satisfactory security policies implemented for employee-owned devices – even ones that connect to the network.

The repercussions for organisations could be – and are – severe. Regulatory fines, legal fees and clean-up costs can all stem from data breaches. Not to mention the fallout from reputational damage, which can include lost customers and a fall in share price.

Here are five key threats to watch out for when it comes to spotting potential cybercrime as quickly as possible:

  1. Spear-phishing

Innocuous-looking links and attachments can surreptitiously harbour malware. On mobile devices, the threat comes not only from unsolicited emails but also SMS.

  1. Kernel exploits

Among the most serious threats, kernel exploits let attackers take complete control of targeted devices remotely.

  1. Malicious apps

One of the most common methods of spreading malware, these legitimate-looking apps are often found on third-party app stores, but sometimes they find their way to official platforms like Google Play and the App Store.

  1. Man-in-the-middle attacks

This attack typically occurs when using unsecured public Wi-Fi. It can let hackers monitor everything you’re doing on your mobile and expose corporate logins. This poses even greater risk when you consider that over one-quarter of UK workers admit to using the same password for personal and corporate accounts.

  1. Rogue base station/access point

Relatively rare compared to the threats listed above, if an attacker successfully installs a rogue base station it could reveal corporate credentials without the user even realising it, especially since mobiles automatically connect.

User education can alleviate many of these threats, but it must be combined with a security policy updated for the mobile age. Consider implementing an enterprise mobile management solution, or even blocking devices from connecting to the network if they aren’t on a pre-approved list.

YOU MIGHT ALSO LIKE

Building the next-gen data centre

Where traditional and web-scale apps co-exist