Top mobile security trends
on 08 Jan, 2019
Mobile devices have changed the way businesses communicate and carry out a number of daily tasks. Smartphones, tablets, and other mobile technologies allow employees the flexibility to stay connected in the office and from any number of remote locations. Although these offer convenience, an ever-changing technological landscape leaves many companies struggling to keep up. Here are some of the most notable mobile security trends to emerge recently as well as strategies for moving forward as we enter the new year.
Data breaches and mobile attacks continue to rise
Advances in mobile devices and cloud technologies have allowed for a greater level of connectivity and access to important information than ever before. Unfortunately, this same convenience opens consumers and business up to a rise in mobile attacks carried out by “black-hat” hackers. In today’s world, smartphones not only hold valuable data, but many consumers and businesses utilise apps that can control and access information from appliances, building utilities, physical security systems, and other sensitive systems.
All of these features are susceptible to hackers and even ransomware that locks businesses and consumers out of their information, demanding users pay a certain price to have it unlocked. In some cases, users might not regain full access to their data, and hackers may even destroy the data they access. One of the most common ways hackers get access to these channels occurs when users download malicious software through an untrustworthy app, an infected email attachment, or a compromised web link.
Today’s attacks are becoming stealthier and more sophisticated by using chain attack tactics:
- The first step in this process is to utilise a dropper, which begins the attack by downloading or unpacking the next link in the chain.
- Next, an exploit pack enables malicious software to take advantage of higher privileges within the device, allowing hackers to access sensitive system files. If the exploit pack is successful, this will initiate the next link in the chain.
- The next step involves the malicious payload, which may vary greatly in its purpose such as encrypting data for ransom, stealing sensitive information, establishing third-party control of a device or system, or other harmful effects.
- Beyond this, a chain attack may also incorporate persistency watchdogs, which prevent the malicious software or services from being removed. If a crucial component of the attack is removed, the watchdogs will trigger its reinstallation.
- Finally, a backdoor may be installed, which will allow a hacker to perform remote code execution. This would give cybercriminals direct control of a victim’s device.
Because the process is drawn out using several links, chain attacks are much more difficult to identify. Often, even if the attack is identified, only part of the chain will be revealed. This allows hackers to tweak individual parts of the process to better ensure their attack is successful.
Data backups have become a necessity
Many of us store valuable information on our phones, and this is a convenient way to keep files, photos, contacts, and other data literally at arm’s reach. However, you also need to keep in mind how quickly a phone can be damaged, potentially trapping your data in a broken device. Even with protective cases and screen protectors, it’s a dangerous world for devices that increasingly feature larger screens and greater memory capacities. Sudden drops, spills, exposure to extreme heat or cold, or leaving your device in the wrong pocket before sitting down can leave you helpless to access important data.
Consumers and businesses can ensure they’ll be able to access their most important data by using the 3-2-1 backup rule. This rule suggests you should backup your data three times, using at least two different technologies. In order to protect against theft, flooding, fire, or some other catastrophic event, one of these should be kept somewhere other than your house or company. In the case of mobile data, connecting your device directly to your computer or an external hard drive is one of the easiest ways to create an initial backup.
Aside from physical backups like hard drives and CDs, a variety of apps exist that can automatically backup your files to the cloud. This can be useful for consumers and businesses alike. However, storing your data in the cloud isn’t without risk. Shared file storage creates many opportunities for human error, such as accidentally misplacing, editing, and deleting files. There’s also the risk that anyone could access sensitive data remotely if hackers managed to gain access to the accounts.
BYOD creates new security risks
Businesses that provide their employees with computers and other technology can control the security of their company’s sensitive information. With in-house technology, IT departments can properly protect all devices with antivirus software and strong passwords, and they can more easily monitor for any signs of a data breach. However, it’s becoming increasingly common for companies to allow employees to use their own personal devices for work-related tasks.
The risks of relying on the cloud for communication, data backups, and other digital work processes are only intensified by this rise of bringing your own device (BYOD) policies. When employees access company materials and accounts on their personal laptops, tablets, and smartphones, companies can’t necessarily ensure that the devices are secure. There’s also an increased risk that an employee may lose their device or have it stolen.
To best protect their data, companies that utilize BYOD policies should also incorporate detailed security requirements. At a minimum, this includes lock screens for all devices and strong passwords for corporate accounts. Companies can also limit the types of devices and operating systems they allow employees to use for work and provide their own antivirus software for these devices. In addition, they might restrict the apps and other programs that can be installed on a device in order to ensure no malicious programs interfere with corporate systems.
Another option is to offer “choose your own device (CYOD)” policies instead. With a CYOD system, businesses can specify a list of devices that support the company’s software and security requirements. Employees will often purchase and maintain ownership of these machines as they would with their own personal devices. However, these devices would be dedicated to work-related tasks, offering the benefits of a personalized device for on-site and remote work, without taking on the risks of a truly personal device. CYOD systems can also streamline the process for repairing hardware and solving other technical issues.
Companies can also encourage better security practices by utilising digital certificates to authenticate users and devices. Requiring e-signatures, while distinct from digital signature encryption, on all devices can ensure that files and accounts are secure, while also tracking both normal and suspicious activity.
With this strategy, only verified devices with properly configured certificates will be able to access email accounts, secure Wi-Fi connections, and other corporate accounts. This allows for much more secure authentication than complex passwords while improving the user experience by speeding up log-in processes for trusted devices. Unlike password banks, which are frequently targeted by hackers, secure digital signatures are much more difficult to take advantage of. If a device is stolen or compromised in some way, a company only needs to revoke the certificate to ensure their systems and information are safe.