People have started using mobile devices more often these days. This includes work-related mobile devices. As such, companies need to implement a cybersecurity plan related to mobile devices. In Verizon’s Mobile Security Index 2019, it was found that cybersecurity related to mobile devices have been lacking despite the growing reliance on mobile devices.
In Verizon’s survey, the responses showed that there was an 6% increase from 2017 to 2018 in firms who admitted to a cybersecurity breach related to a mobile device. The responses also showed the lack of cybersecurity strategy around mobile devices. Therefore, organizations must recognize the importance of incorporating mobile devices into their cybersecurity incident response plan.
Threats to Mobile Devices
Cybersecurity breaches leave lasting repercussions on the network. Remediating these breaches are also “difficult and expensive.” Therefore, to prevent and/or mitigate a cyber attack, implementing a response plan is crucial. This includes a response plan for a mobile device breach. This is because cyber attackers have developed expanded their threat tactics to be more effective against mobile devices.
According to Verizon’s survey, 51% of identified threat actors were targeting mobile devices and desktop computers. As such, incident response strategies must expand to mobile devices. This is especially because employees often use their mobile devices to access the majority of the data that they use. This data is often used on fixed desktop computers. As a result, a breach on a mobile device has the same risk as a breach on a fixed computer network.
67% of the organizations surveyed admitted that mobile devices were their weak spot in both their cybersecurity defense and incident response plan. However, only 45% of the organizations surveyed have implemented a mobile endpoint security. With so many organizations at risk from a mobile cyber breach, a mobile security response plan should be made to address and minimize the risk.
These mobile breaches are often caused by a customer, partner, or law enforcement. These breaches mean that the organization’s mobile cybersecurity measures were inadequate. As a result, organizations must determine which part of their mobile cybersecurity they must address first. According to the survey, the threat on mobile security that organizations are most concern about are employees and staffs. This is because staff members may either intentionally or unintentionally expose the organization a cyber risk from their mobile devices.
Employees and other users of the organization may expose their organization to cybersecurity risks. This might be due to careless human error such as losing their device or leaving their device unlocked. This also includes connecting their mobile work device to an insecure, public Wi-Fi. These actions impact the security of an organization, which is why it is important for employees to understand and follow the cybersecurity rules – both on mobile and desktop.
From 2016 to 2020, the FBI’s Internet Crime Complaint Center reported a total loss of $13.3 billion caused by cybercrime. In 2020 alone, there was a loss of $4.2 billion. Of the loss, $1.8 billion was caused by a business email compromise (BEC). This is the result of people/users falling victim to phishing and spoofing scams. According to Verizon, users who are on mobile are three times more likely to click on these phishing links. Therefore, it is critical for organizations to educate employees on identifying, avoiding, and reporting phishing emails.
Sketchy and unverified applications are also a source of threat to an organization. These applications include apps from official sources such as Google Play or the Apple Store. While the apps are from an official location, the application may have poor coding practices which might result in compromising your device.
Poor coding practices also leaves the application vulnerable to hacking attempts. Compromised apps may lead to ransomware, malware, or other types of cyber-criminal activities being installed onto your mobile device. As a result, cyber hackers will have the ability to access your network and thus retrieve vital data and information stored on your device and/or network.
Human risk factors also partly influence threats from the device. For example, carelessly losing or misplacing your mobile device will lead to potential threats to your organization. This is because the device may fall into the wrong hands – someone capable of opening your mobile device and accessing confidential information belonging to your organization.
To address device threats, use common security tips such as creating strong passwords for your devices and/or accounts or use remote wiping capabilities on your device. Remote wiping data from a device should be a proactive step in your organization’s mobile cybersecurity incident response plan.
Implementing these steps is crucial because mobile devices often lack the storage or processing capacity needed for traditional cybersecurity methods. Furthermore, people often use mobile devices in remote locations. As a result, they are susceptible to physical tampering and are thus harder to patch. This is another reason for why organizations should implement a mobile cybersecurity incident response plan.
Many people use their mobile devices for their job. With more and more people becoming reliant on mobile devices, these devices are also becoming a vulnerability in an organization’s cybersecurity. As such, organizations should create a cybersecurity incident response plan specifically regarding the use and compromise of mobile devices. This will help reduce threats and mitigate damage that a breach on a mobile device will cause.
If you found this blog useful, please share with others: