The Rise of Mobile Attacks and What That Means For You

View all blog posts under Articles | View all blog posts under Bachelor's in Cyber Security

Mobile devices keep the world more connected than ever. That said, smartphones and tablets can be incredibly effective delivery systems for the most dangerous malware attacks, data breaches, and cyber thefts. Not long after Apple’s iPhone and the first Android phones entered the market, potential weak points in these devices were being sought out by cyberattackers. The U.S. Department of Homeland Security’s US-CERT cybersecurity division noted that by 2010, the number of exploitable entry points in smartphone operating systems had jumped 42 percent from the previous year.

Consider, then, how much more advanced smartphones, tablets, and other devices have become. In 2011 it was revolutionary for consumers to make debit-card payments in the checkout aisle using their phones. In 2017, smartphones can control a building’s utilities and appliances, and this convenience through connectivity opens a wide door for various “black-hat” hackers – cybercriminals, foreign intelligence operatives, and even terrorists.

If you’re looking to make a career in the cybersecurity field, a significant amount of your work will involve devising and implementing new countermeasures for the mobile arena. As such, understanding major factors behind the rise of mobile-based cyber threats and knowing the latest prevention methods is crucial.

BYOD and corporate mobility proliferation

The enterprise bring-your-own-device trend took off in earnest in 2011. Cisco Systems, in its 2012 IBSG Horizons Study, had 95 percent of its respondents saying employees at their businesses could use personal smartphones and tablets for company purposes. This expansion has only continued: A report by Crowd Research Partners stated that in 2017, about half of organizations all over the world would mandate the use of BYOD, claiming increased mobility and facilitation of productivity as key factors behind this belief.

Businesses haven’t been blind to BYOD’s vulnerabilities. Of the CRP study’s respondents who were hesitant to fully adopt BYOD, 39 percent cited security as the reason why. The report also pointed out that 1 in 5 organizations of those queried were hit with malware attacks and breaches through their mobile devices. But the practice isn’t going anywhere, and since 35 percent of respondents pointed out the need to invest in additional IT resources to deal with mobile security, cybersecurity professionals with such expertise can consider themselves precious commodities on the job market throughout the foreseeable future.

CRP cited mobile device management policies as a cornerstone of mobile security, with 43 percent of those surveyed using them. Through MDM, enterprises can require users to abide by usage policies and opt in to platforms that, if necessary, can deny device access to users that have been compromised. Additionally, 29 percent of respondents employed malware protections and related endpoint security tools, while 23 opted for network access control solutions that have rigorous authentication and encryption capabilities covering all computers and devices accessing an enterprise at any time.

Mitigating the vulnerability of apps

Apps are a major part of modern mobile business – making them a ripe target for black-hat hackers. Homeland Security documented major app-based malware attacks as early as 2010, and stated that Apple and Android did not always properly vet third-party apps sold and downloaded through its app stores.

A 2014 report by Gartner projected that employee misuse of apps, particularly those connected to users’ personal cloud services, would be the culprit behind 75 percent of mobile security breaches by 2017. Additionally, users who “jailbreak” their devices to circumvent various limits of mobile operating systems while storing enterprise data can expose their organizations to crippling attacks.

The research firm stated that MDM policies should extend to app usage and clarify approved apps and providers, avoiding risky third-party providers. It’s well within an organization’s rights to impose penalties for noncompliance, up to and including employees’ devices being barred from network access or even wiped of data.

Keeping track of a changing sector

It’s a common adage among police and federal agents that career criminals try to keep their methods one step ahead of advancements in law enforcement. This is also true in cybersecurity. As tech developments continue at a furious pace, especially in mobile, the onus of keeping organizational data safe will be on all staff members – especially if they use BYOD. Nevertheless, IT and infosec professionals must lead the charge here. Those who want to enter this field must closely follow developments in mobile device design and enterprise cybersecurity solutions – as well as the latest news and research regarding major data breaches, viruses, phishing scams, or distributed-denial-of-service attacks.

Because things change so quickly in the mobile space, doing research on your own may not be enough. Returning to school to seek an advanced degree in cybersecurity may be ideal. In some cases, a master’s degree is required to apply for jobs in the sector, but regardless of that, learning from cybersecurity experts will help you understand the full scope of this matter and put that knowledge into action. After all, the demand for dedicated security professionals is only likely to grow in correlation with continued advancements in mobile devices.
https://nccoe.nist.gov/projects/building_blocks/mobile_device_security

References:
https://nccoe.nist.gov/publication/draft/1800-4a/#t=ExecutiveSummary.htm
https://www.us-cert.gov/sites/default/files/publications/cyber_threats-to_mobile_phones.pdf
https://newsroom.cisco.com/press-release-content?articleId=854754
http://crowdresearchpartners.com/wp-content/uploads/2016/03/BYOD-and-Mobile-Security-Report-2016.pdf
http://www.gartner.com/newsroom/id/2753017