Protecting data privacy is becoming vital in today’s increasingly digitalized world. As online activity and the number of mobile applications keep growing, the owners of such applications are constantly under the radar of governments and regulatory authorities for how they are handling and managing user data.
As a result, user devices have become the point of a potential break-in when it comes to hacking into the critical and sensitive information of both individuals and corporates. Hence, mobile security — the protection of mobile devices against cybersecurity threats — has become a factor that organizations and individuals cannot do without.
Moreover, the threat landscape has grown with the remote working practices that followed as a result of the COVID-19 pandemic. During the period, the increased use of video conferencing and messaging tools, combined with the streaming of entertainment content and gaming, increased the flow of traffic as well as the volume of attacks. However, despite the number of cyberattacks, only 15% of organizations globally have a “mature” enough level of readiness to be resilient against today’s modern cybersecurity risks, according to Cisco’s recent Cybersecurity Readiness Index.
More Sophisticated Attacks
In recent years, the sophistication of the attacks has even stumped the best IT security measures. Experts believe that the attacks have moved from direct targeting to a strategy of steadily increasing the number of attacks until they are eventually successful. In 2022, ransomware attacks affected organizations on a global scale, including breaches such as distributed denial-of-service (DDoS), data infiltration, rare triple extortion threats and so on, as remote workers accessed corporate data and applications using untrusted mobile devices.
Securing the Mobile Domain
When discussing mobile security, many factors come into play: monitoring and risk assessment; contextual and continuous authorization; and dynamic adaptation, involving people, applications, networks and devices. For example, a malicious call could be downloaded into the mobile device, which could later infect the security controls as part of a bigger attack on privacy. Data can be stolen from the device, and it could create a gateway to penetrate corporate networks and plan payment extortion attacks.
Cybercriminals target businesses to gain access to sensitive data and steal identities with fraudulent intent. Mobile devices are easy targets for these cybercriminals, as most users do not practice sufficient safety habits for their protection.
“I find that the weakest link in any organization, whether it is users or customers, is people. My biggest challenge is to make sure that our people have the right skills and are knowledgeable in cybersecurity, and that the process of cybersecurity is embedded in every process,” says Celia Mantshiyane, CISO at MTN South Africa.
Increasing Mobile Security
Importantly, the mobile industry has recognized solutions such as MTD and MDM to protect the mobile landscape.
Mobile Threat Defense (MTD) solutions detect and prevent phishing and malicious app attacks on mobile devices and the network. Alternately, Mobile Device Management (MDM) is a management tool that allows compliant devices to access corporate email, apps via the corporate app store and data, securing data-in-transit between the mobile device and the corporate network.
While MTDs can allow employees to use their mobile devices for work purposes, security personnel can quicken the response times, with MTDs preventing attacks before they intensify. MTDs will also provide better visibility of the risk level of the mobile workforce. It also supports regulatory compliance by ensuring that critical organization data is either on-premise or in the cloud.
As part of the automation solution, MDM has the advantage of saving precious time through automating repetitive tasks, such as manually configuring Wi-Fi settings on employee devices, which would otherwise require installing specific applications.
Many companies adopt the BYOD policy as a means to cut down on the additional costs of purchasing equipment for their employees; however, this practice comes with its own set of issues. BYOD employees also use their devices while working remotely, potentially using patchy and unsecured Wi-Fi networks. Public networks are prime haunts for cyber criminals on the prowl, who can trap users using decoy networks, get access to the users' web browsing activity and steal login credentials. MDM allows IT admins to manage both employee- and enterprise-owned devices from the same console, thus supporting consistent security measures on all devices in the organization. It also helps improve employee productivity and efficiency by controlling non-essential applications from personal devices and preventing employees’ access to those apps.
Most importantly, MDM solutions support compliance regulations like HIPAA, PCI-DSS and GDPR, which require strict data protection measures.
Some Common, Recurring Mobile Threats
Phishing attacks: In 2022, over 50% of personal devices were exposed to a mobile phishing attack every quarter. The threat continues today.
Unsecured IoT Devices: IoT devices with weak in-built security are vulnerable to network attacks such as data thefts, phishing attacks, spoofing and DDoS attacks.
Mobile Malware: Each year, mobile malware gets more and more sophisticated. Malware developers have even managed to sneak their malware into app stores and thus infect consumer devices.
Ensuring Tight Mobile Security:
Enforce password policy: An effective password policy can significantly prevent sensitive data from being stolen or misused.
Avoid public Wi-Fi: It is prudent to resist the temptation to use public Wi-Fi, as these networks can be playgrounds for cybercriminals.
Deploy mobile device encryption: Mobile device encryption for both hardware and software is one of the best ways to secure data on smartphones and tablets. It can be deployed through the device’s settings access by enabling the “encrypt phone or encrypt tablet” option.
Clear mobile security policy: Establish clear rules for how mobile devices are used and secured within the organization.
Ensure endpoint security: From a security standpoint, making sure that such protections are embedded in every process — SecDevOps, ISOs and NIST — is crucial.
Securing email use: A watertight email security posture will protect organizations against malicious threats such as malware, spam and phishing attacks.
VPN and VPN encryption: VPN encryption ensures additional security by encoding the data packets in a manner that can only be read by the authorized entity.
Deploy secure web gateway: Secure web gateways provide an extra layer of network protection by controlling web requests against company policy and ensuring that malicious applications and websites are blocked and inaccessible. An API gateway also plays an essential role as a secure access point, protecting an organization's APIs by blocking cloud-native threats that can lead to the loss of sensitive data.
