​Mobile devices posing a growing security risk for enterprises

by David De Laine, ANZ Regional Managing Director, Check Point Software Technologies.

Mobile devices have become indispensable tools in the world of business, however mobile devices are also a growing threat to enterprise security.

While smartphones, tablets and notebooks have boosted productivity and changed work patterns, at the same time they've become backdoors for malicious attacks. What's most alarming is that many organisations are unaware of the dangers they face.

Perhaps the biggest security risk created by mobile devices stems from the fact many are used as access points into corporate data and applications. Staff use them for everything from placing client orders to running financial reports and database queries.

Increasingly the devices are also being used to access resources stored on cloud-based platforms. Anything from a hosted CRM system such as Salesforce.com to data held on AWS or Azure can be easily reached via a mobile device from almost any location.

The rising malware problem

While few organisations would ever issue staff with PCs lacking anti-malware tools, many are happy to do so when it comes to phones and tablets. The result is a fleet of devices that risk being compromised by a rising tide of threats.

In our latest Threat Index published in May, Check Point reported that 2000 unique malware families had been identified during April - a 50 per cent increase from the previous month. Interestingly, attacks targeting iOS-powered devices (Apple iPhones and iPads) have moved into the top three of the most common malware types found for the first time.

One example is malware called XcodeGhost which is a compromised version of the iOS developer platform Xcode. This remains a threat to business mobile devices despite the fact it was removed from Apple's App Store back in September 2015.

Android users are also very much in the firing line. Malware named HummingBad is in the top-ten threat list despite the fact it was only discovered by Check Point in February. This threat establishes a rootkit on infected devices, installs unauthorised applications, steals credentials and can bypass encrypted email containers used by many businesses.

Other malware threats identified in the research were the Conficker worm (responsible for 17 per cent of attacks), Sality (12 per cent) and Zeroaccess (6 per cent).

System vulnerabilities

The challenge created by mobile device use in the workplace is exacerbated by the vulnerabilities that exist within their operating systems. The release of new OS generations means there are always multiple variants in use, making standard management difficult.

The problem is compounded by delays in the release of security patches. This can happen weeks or even months after vulnerabilities are discovered, giving attackers plenty of time to exploit the opportunity.

Check Point has found Android to be particularly sluggish when it comes to patching security flaws. During the past six months, patches have been released between two and five months after vulnerabilities were disclosed. Further delays are often caused by device manufacturers. Even when a security patch has been issued, they can delay its distribution to users.

For many years Apple's iOS platform was seen as a security safe haven, however this has now changed. The number of iOS attacks doubled from 2014 to 2015 and the trend is showing no sign of slowing. Also jailbreaks, which circumvent Apple’s entire security strategy, are usually released shortly after any new version appears.

The user factor

As is the case with any security challenge, one of the biggest factors is the user. Malware creators can use techniques such as social engineering and disguise to trick users into installing compromised software.

In an increasing number of cases, attackers are repackaging well-known and popular apps. The fake copy of an app will appear almost identical but contain malicious code. This code may do anything from steal personal details to attempt to gain access to secure corporate systems.

Businesses must educate their users on the potential for rogue apps and techniques for avoiding them. This, together with the use of sophisticated security tools, can help reduce the chance of attack.

A different approach to security

Across all mobile devices, cyber criminals are constantly looking for new vulnerabilities that they can use to gain access to corporate data and resources. Fresh attacks can appear very quickly so it is vital for businesses to have in place a comprehensive security solution that can protect them from such activity.

The old strategies of securing core applications and data behind a firewall in an on-premise data centre are no longer sufficient. Instead, businesses must adopt the approach of advanced threat prevention, not just on their networks, but also on all endpoints and mobile devices.

A thorough mobile device security approach involves:

  • Continuously monitoring devices to uncover vulnerabilities and suspicious behaviour
  • Dealing with threats automatically by mitigating risk until they can be eliminated
  • Providing visibility into mobile vulnerabilities to reduce the overall mobile attack surface

By adopting this approach, organisations can take advantage of the benefits delivered by mobile device usage while at the same time avoiding the potential security problems that such devices can create.

Join the CSO newsletter!

Error: Please check your email address.

Tags CRM systemUser awarenessSalesforce.comenterprise securitymobile securityMalware and Vulnerabilitiessecurity risksmobile devicesuser security

More about AppleAWSCheck PointSalesforce.com

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David De Laine

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place