A new study from mobile giant Verizon has shown that the phone in your pocket is a magnet to hackers and scammers, with an increase in the number of business users experiencing attacks on mobile devices.
The study, which surveyed companies and gained insight into the online threats they experienced, found that in most workplaces, 69%, had found that the threat to mobile devices had increased in the last year. However, while some businesses are tackling the issue head on, other industries aren't quite so quick to adapt.
While many companies felt that the threat was high, most claimed they were managing well with mobile security. Nonetheless, the Verizon survey results point to weak spots, and details ways that business security could significantly improve.
Verizon's Business Security Study
Verizon's latest study focused on the threat of mobile security issues within companies, and how well they are prepared for attacks. The results showed that while many were highly concerned about attacks on their businesses via mobile, not all were prepared for it.
41% of companies stated that mobile devices represented their biggest cybersecurity concern. While many claimed to be confident about their policies, 33% of those surveyed had experienced a compromise to security involving a mobile, that's up from 27% last year. Of these, 41% claimed that the incident was serious and had lasting repercussions.
While respondents were quick to state that they felt confident they could quickly spot security issues as they arose, 63% of companies found out about security breaches from a third party. In some cases, that was either a customer or law enforcement.
What Does the Study Tell Us About Workplace Mobile Security?
The study covered a wide range of industries, and revealed those that were most susceptible to being caught out by mobile threats. Topping the list for rising mobile security issues is the financial industry, which arguably stands to lose the most, too. The finance sector cited a perceived 93% increase in the rise of mobile security issues. Following closely behind were professional services (88%) and education (86%).
Similarly, it was the financial services industry again that felt less confident with the state of security on mobile compared to other platforms.
Across all industries, concern over the implications of mobile security can be felt. Five-in-six respondents to the survey felt that their organization was at risk, while 29% stated that this risk was significant.
Despite this, pressures to meet deadlines are shown to have a serious affect on security. When asked the question, “Has your organization ever sacrificed mobile device security to get the job done”, almost half (48%) agreed that it had. In addition, only 12% of respondents stated that their organization had all four basic protections in place, which are:
- Encrypt all sensitive data
- Regularly test security systems
- Restrict access on “need to know basis”
- Change all default passwords
What are the Main Threats on Mobile?
One of the biggest threats on mobile was identified as malware, with some of the key issues identified by the Verizon report centered around the differences in the way users interact with mobiles, compared to desktop screens.
These differences include the fact that there is no mouse-over functionality on mobile to check a URL before clicking, that smaller screens make it hard to evaluate the legitimacy of a website. Furthermore, on mobile, as the user scrolls, the address bar is hidden to make way for more content.
While those on laptops and desktop computers may be quicker to spot suspicious content, the report argues that mobile as as platform can obfuscate these red flags.
The second largest threat was perceived as being ransomware. This is software that holds the user's device hostage until a sum of money is paid, usually in untraceable currencies like bitcoins. There's a good reason for companies to be concerned. Ransomware is affective. 40% of all successful malware based attacks involve ransomware.
On mobile, it was the Android platform that was most susceptible. But, there has also been at least one iOS ransomware attack identified.
Scammers are also evolving the scheme, with new variants including deleteware, which erases important files, and doxware, which publishes important private data publicly.
The study revealed that many companies are not vetting the apps that their employees are downloading. Just over half (54%) let staff download from official app stores without checks in place.
Over a seven day period, research from IBM detected 7,000 new Android apps and 11,000 new iOS apps, with numbers of this size making it almost impossible to be sure that all new apps are safe. In fact, they often aren't.
Issues aren't just restricted to third party apps either. More than half (53%) of the companies stated that they were concerned about the dangers of insecure coding on their own in-house apps.
How Can Businesses Stay Safe?
If you want to ensure that you or your staff don't get hit with mobile malware, there are some important steps you can take to stay safe:
Update your OS – According to the survey, 57% of Android phones are running an operating system at least two full versions behind the current one. Not keeping your devices up to date makes them more vulnerable to software attacks. As hackers find new vulnerabilities, the platform holders issue patches to fix these exploits. It's a constant game of cat and mouse, which is why it's so important to keep your phone updated
Avoid dodgy apps – With the ease of creating and publishing apps, they are a target for scammers to collect your details or access your device without permission. Don't be tempted to download apps from unknown sources. Instead, stick with the official app stores, check reviews before downloading, and check with your company IT department, too.
Antivirus apps – An antivirus app can be a good way to protect your phone. Android users are far more likely to be hit with malware than users of the closed iPhone OS, and you'll find plenty of choices on the Google Play store. Make sure to go with a name your recognise, with plenty of good reviews. If you're running a business, it's smart to ensure all your staff run a security app on their business phones, managed by a central account for your company.
Avoid public networks – Public Wi-Fi is a great service when you need to hop online, but it can be a back-door for scammers. This is especially true if you're connecting to an open (ie password-free) public Wi-Fi account you know nothing about. It's best to avoid unsecured WiFi if possible, or, use a VPN to disguise your identity and protect yourself from data-snoopers.
Be smart with passwords – No one likes coming up with dozens of unique passwords, let alone remembering them all. But, re-using the same old password over and over is a major security risk. Make sure your staff regularly change passwords, or – better yet – use a password manager.
Password managers can generate unique, secure passwords for you, and log you into accounts automatically. They're a smart way of avoiding one of the biggest security risks a business can face.