According to the security software specialists at CheckPoint, mobile security has become a huge problem over the past year. They’ve just released their Mobile Security Report 2021, and the results were pretty clear: The bad guys see mobile as a fertile and profitable attack surface. Since mobile work is clearly here to stay, it is more important than ever that organizations figure out ways to mitigate these kinds of attacks.
The report revealed these staggering statistics:
- 97% of organizations faced mobile threats in 2020
- 46% had at least one employee download a malicious mobile application that threatened networks and data
- 75% of one company’s mobile devices were compromised via corporate-owned mobile device management (MDM) software.
Yes, nearly ALL organizations faced a mobile threat last year. Which makes sense: The risks you assume with your staff members’ mobile devices are at an entirely different level than anything else in your network. After all, in most cases, organizations do not own those personal devices, so there is far less oversight into how they are being used. Mobile devices have less customization than Windows OS. Furthermore, they run completely remotely 24/7. There are also existing vulnerabilities on the apps staff use on their mobiles, like Facebook, Instagram, WhatsApp, Google Play and so on. And that’s not to mention OS vulnerabilities in both Android and iOS. All in all, the threat landscape is a bit overwhelming!
What you can do
With several major APT (advanced persistent threat) groups specifically targeting mobile devices, it’s time to do as much as possible to improve the security of mobile devices. This means:
- Educate, educate, educate! It is essential to provide security awareness training to workers. They need to be familiar with the myriad of mobile threats, particularly phishing. Users should be trained to recognize their characteristics as well as what to do — or what NOT to do — if they come across anything suspicious. (After all, the end user is often the ultimate firewall in these cases.)
- Make sure that both the operating systems as well as all applications are kept up-to-date on your users’ devices. These requirements should be built into IT policies geared specifically toward your staff’s use of mobile devices.
- Patch your organization’s MDM (mobile device management) solutions regularly. And if you don’t even have a good MDM solution set up yet, you need to get on that ASAP. Our Dan Callahan gave some great advice on managing personal device access last fall. Check it out here.
Keep your eye on the ball
These types of mobile threats aren’t going away anytime soon, if ever. In fact, we should all expect they will get much, much worse. Yet if we remain diligent and apply the tactics we know to work, we might just stand a fighting chance.