In an effort to allow employees to be able to work from anywhere, companies are opening themselves up to a whole new world of attacks. Mobile devices are quickly becoming the largest vulnerability in today's IT infrastructure. In fact, a recent report from Dimensional Research shows that 2 out of every 10 companies have already been breached by a mobile cyberattack. Another 24% of companies aren't even aware of whether or not their company has experienced an attack.
Mobile Devices Under Attack
People who carry out and create cyberattacks seek to infect the highest number of devices. In 2017, writing attacks for laptops or desktops will no longer yield the greatest number of compromised machines. The use of mobile devices to access secure business information will continue to rise, and the attackers know that it's a weak spot for security professionals. The combination of high use, with access, and low security, makes creating malicious attacks for mobile devices extremely enticing.
Over a third of the people surveyed think that there is a greater chance for company data loss through an attack on a mobile device than an attack on a desktop or laptop. Moreover, 17% even say that the risk is equal between computers and mobile devices. This concern could be heightened by the fact that a mobile device is much easier to lose or for someone to steal than a traditional computer.
Types of Mobile Attacks
Plus, there are many types of mobile-centric attacks. The shortlist of threats includes:
- Malware: When employees install an app that has a hidden malware payload or downloads a malicious program from the internet onto their device.
- Phishing: Text messages sent to users that trick them into giving out private information
- Networks Attacks: Packet sniffing from others on a wifi network, or a malicious wifi network. Also Main-in-the-Middle attacks, where information is stolen and then relays or alters the information being sent.
- Interception: Calls or texts being intercepted over a mobile network.
- Key Logging: Obtaining password information by recording letters and numbers entered into specific fields.
Over half of the companies surveyed have already experienced one or more of these types of attacks, and that number will surely continue to rise. Almost 100% expect that the frequency and types of attacks that target mobile devices will increase over the next 12 months.
Security Professionals Feel Unprepared
While these mobile attacks are on the rise, almost two-thirds of the security professionals are not confident in their current ability to prevent these cyberattacks. One reason for this attitude is the constant evolution of the threats. Hackers are learning and adapting at an alarming rate, and continue to tweak their approach for maximum infections.
Another key factor to consider is the fact that many employees utilize their own devices for accessing company information. The lack of control over what will and will not be allowed on a device prevents professionals from properly securing the devices.
It is definitely not for a lack of trying though. Participants in the survey site a lack of resources as one of the main reasons their company has not developed a mobile security solution. The main resources that businesses lack are an adequate budget and experience with mobile device security.
If management continues to control costs by ignoring this imminent threat, they could be on the wrong end of a disastrous attack. Failing to allocate proper resources will be much more costly than taking mobile device security seriously.