Are you ready to pay a ransom for your own personal data? You better have your digital weapons prepared, because cyber attacks of this kind against mobile device security are rapidly growing. The 2016 Internet Security Threat Report, developed by Symantec, stands that ransomware has increased 35% in the last year, and now it isn’t only attacking PCs but also smartphones, Mac and Linux systems..
Even more, this document also says that over 1 million web attacks were registered in 2015, and “75% of all legitimate websites have unpatched vulnerabilities, putting us all at risk.”.
What could be worse than losing all your data? It’s like your whole life ending up in someone else’s power. Even worse, what if your company’s data is stolen and goes directly into the wrong hands?? Things could get real ugly, real quick..
So, let’s get prepared. Consultants and experts are constantly updating the main digital threats that are lurking the market from the darkness, waiting to stick their fangs in your precious data. Grab your zombie killing set and join us in this deadly mission..
Device vulnerabilities
Ok, all of us are aware that Android is the most vulnerable operating system, but macOS and iOS are also being targeted by hackers. Computer Business Review recently said that, according to the National Vulnerability Database, in 2015 there were 375 iOS vulnerabilities..
Basically, today’s risks are due to patching not being up-to-date, “as updates aren’t always scheduled by enterprises for mobile devices as they are for desktop PCs. Other vulnerabilities lie in the jailbreaking of devices and the use of custom ROMs on phones instead of the factory-supplied operating systems,” Computer Business Review adds..
Legit mobile apps that mine corporate information
According to eSecurity Planet, "enterprises face a far greater threat from the millions of generally available apps on their employees' devices than from mobile malware.".
How is that? Well, when employees install and use mobile apps without permission, they are risking not only personal but also corporate data that’s stored in their devices. This is only going up. This source also says that “through 2017, 75 percent of all mobile security breaches will be through apps, not through deep technical attacks on the OS.”.
So, the computer security strategy should be based on this big idea: Do not trust apps, not even legit ones. Build the right defense against this threat and, even more importantly, always keep it updated. Device management and mobile security is essentially a matter of time. Kill the zombies before they kill you. .
Unauthorized applications on the cloud
Similar to the problems with apps, the cloud could hide potential breaches if the IT resistance isn’t prepared for it. Let’s suppose that your company works with big cloud services like… (don’t worry, marketing guys, we’re not going to give names), and employees want to improve these services by installing apps, even unapproved apps. The alarms should jump at that very instant when an employee clicks on the “Install” button..
“The challenge is that the behaviour of these applications is unknown – in some cases apps accessing a cloud platform can potentially synchronise thousands of records to a mobile device without IT’s approval. Without the proper compensating controls, corporate data provided to these mobile apps can be at significant risk to accidental loss or explicit theft.” Computer Business Review explains..
Non-malicious but clueless insiders
Until today, in many companies across the globe employees are not really aware of the big damage that a corporate laptop could mean if it ends in the wrong hands. "Companies who do not have proper systems in place to educate employees about security risks leave themselves open to having sensitive data compromised by an employee leaving a mobile device at a restaurant and not reporting it lost or accessing files on their mobile on an unsecured coffee shop WiFi," eSecurity Planet says..
Authentication attacks
Do you remember that sci-fi movie where the bad guy pulls an executive’s eye out, and puts it in front of an eye-scanner to access a restricted area? While you’re digging into your memories for the name of that movie, be aware that external attacks are also aiming to break authentication technology..
Computer Business Review explains that "mobile devices will increasingly be targeted for broader credential stealing or authentication attacks to be used at a later date (...) To get a more complete understanding of the problem, we really have to think of mobile devices as conduits to the cloud. As the cloud gains more data, organizations facilitate the access of this data through various kinds of devices, whether desktop, tablet or mobile. Because of this, we will see criminals going after the mobile device – not to simply crack a phone code and steal data from the device itself – but as a vector into the growing data resources that the devices can freely access in the cloud.".
These are just a few groups of fundamental issues that are currently alarming to the IT professionals, and it’s a constantly evolving problem, so IT experts must be ready and sharp to eliminate any zombies on the horizon.