A Verizon research team found that most businesses overlook their mobile cybersecurity practices, as we previously reported here. Almost a third of organizations surveyed were discovered to have sacrificed their security for expediency when using mobile devices, and nearly half of those had experienced system downtime or a serious data loss at some point. 89 percent of those examined employed nothing beyond the very basics of mobile cybersecurity measures, yet 93 percent claimed that these devices presented a growing threat to their business’s network security.
Since the Verizon report was released, there have been similar warnings sounded by individuals and organizations coming from all sections of infosec, yet the outlook of mobile cybersecurity does not seem to have improved in any significant way. In fact, there are signs that it is likely getting worse for smartphone owners as hackers intensify their efforts to penetrate mobile networks and users continue to ignore best practices for protecting their devices.
Cybercriminals have found an avenue which allows them to easily bypass publisher safeguards for mobile applications and infect users with malware. This is made possible by “droppers,” or applications which multiple-stage infection processes to sneak into a device’s hard drive. Droppers hide within legitimate programs and further mask themselves by presenting the first stage as an easily removable threat.
IBM’s X-Force research found that even after Google made efforts to eliminate this threat from its mobile Play Store, nearly two dozen of the same type of malware vectors remained. This particular malware, BankBot, tricks users into revealing their banking and credit card information. The seriousness of this specific program indicates an escalation building upon the ability of relatively more benign adware apps to infiltrate legitimate application stores.
Even while hackers improve their capacity to exploit gaps in mobile cybersecurity software, user practices exacerbate the problem. The Verizon report and other studies highlight that the human factor continues to create data protection openings, and even among federal employees and military personnel there is a gross lack of compliance with best practices among significant percentages. A survey of government employees found that 94 percent of Department of Defense personnel questioned had not had their personal devices approved by the agency.
Mobile cybersecurity is just as important, if not more so, as desktop security in safeguarding networked devices and critical data. Smartphone ownership is so widespread in the US that it is near-ubiquitous for every American household. Hackers realize this, and many are tailoring their efforts towards mobile platforms with nowhere near the amount of protection or oversight that desktop machines have warranted.
Check out our Phishing Defender solution to learn more about how you can train your personnel to recognize potential threats and help ensure best practices in your network operations.