Mobile devices cause ongoing concern for IT teams responsible for information security. Sensitive corporate information is easily transported outside of managed environments, while the Bring Your Own Device (BYOD) movement has dramatically increased the number of expensive security incidents. In recent months, we have seen several highly visible, high-impact corporate hacks. These highly publicized breaches have significant financial impact as well as risk to the company’s reputation. Mobile security is of utmost concern as the number of personal devices connecting to corporate networks continues to grow. Few Key findings by different surveys define mobile security with respect to organizations in three points:
- Number of personal devices connecting to corporate networks continues to grow
- Mobile incidents are on the rise, and so is the cost of fixing them
- Employee behavior plays a significant role in Information Security
Lack of Awareness on Mobile security
Among the top risks facing individuals and businesses today is Internet Security. With the robust growth of internet-enabled mobile devices across the globe, Internet security has become the number one target for cyber attacks. Few increasing threats of Mobile security have been classified as below:
- DATA LEAKAGE: 44.59% Private or secure data is stolen and released to parties who should not have access to it.
- PHISHING ATTACKS: 25.68% an attacker falsifies an identity to trick a user into opening an email or visiting a website to obtain sensitive data.
- INSECURE APPLICATIONS: 9.46% Applications that lack state-of-the-art security, and are vulnerable to hacks.
- SPYWARE: 9.46% Software that is secretly installed on an operating system with the goal of getting private data.
- NETWORK SPOOFING: 5.41% a malicious third party forges an identity with the purpose of launching network attacks and stealing information.
- RANSOMWARE: 5.41% a form of malware in which computer or data access is blocked until the user pays a ransom to the hacker.
Considering the above data, Data leakage is a very serious IT health issue. Mobile phones are actively connected to the Internet of Things (IoT) over the corporate office network. The phones also have access to emails containing critical or sensitive company data that, if exposed or hacked, may result in the loss of a million-pound contract. Despite these security concerns, 66 percent of enterprises allow their mobile workforce to operate a corporate-owned device without a VPN. Enterprises use VPNs to ensure a secure connection for remote workers. By not requiring a VPN with corporate-owned devices, enterprises are more vulnerable to security risks.
IoT threats to Organizations
Industries that face the highest risks pertaining to security are those where IoT devices are not just used as tools to help productivity but are being integrated into the very core of the business’s operation. For example, the use of IoT devices in manufacturing may provide huge benefits to efficiency, but when production processes become completely reliant on smart technology, a single attack has the potential to render a factory non-operational. As researched, “49% of organizations are now using IoT devices – to enhance productivity, physical security, products and services, and measure the wellness of people – and most adopters consider them critical or very important to the smooth running of their organization.”
Certain Risks to a business network lacking proper IoT security are:
- Access to sensitive data: One of the main IoT challenges is that the devices often record, have access to, and stream sensitive data. Security systems such as cameras and doorbells are increasingly a part of small business networks, and can quickly create major issues if hacked by a cybercriminal. Office equipment, such as printers, is also potential access points – a compromised printer could easily mean that the attacker can view everything that is printed or scanned in an office.
- Sabotage: A hacked IoT device will allow the attacker to access its functions. While a coffee-maker might not allow an attacker to do anything more dangerous than brewing a latte, a hacked heating system or machinery can create far more disruption to a business. A bad actor could potentially hold a vehicle and its occupant’s hostage or demand payment to stop the sabotage of an assembly line.
- Botnets: Cybercriminals can bring together huge numbers of infected devices into networks called botnets. These botnets can be used for a variety of things, and are also best known for their use in DDoS DDoS (Distributed Denial of Service) attacks send out a targeted stream of network requests from infected devices to the server, computer, or network that the bad actor wishes to bring down. As there are too many network requests for the target to handle, it crashes and becomes unavailable for real users. In 2016, a botnet brought down some of the biggest sites, including Twitter and Netflix, using a DDoS attack.
The good news regarding IoT is that new regulations have been planned and are coming into action to help protect businesses, consumers and citizens from IoT-related attacks. These regulations are expected to push manufacturers into implementing more security in their products. “Even though IoT-specific regulations are yet to come into force in most jurisdictions, we’re already seeing a shift in the mindset of organizations. Seventy-four percent of IoT respondents said they have reassessed the risk associated with IoT devices in light of regulatory changes,” Verizon pointed out.
Contacting LIFARS is Your Next (First?) Step for Handling Cyber Incidents?