| Executives March 10, 2016


March 10, 2016

Mobile devices -- frequently a part of broader cyber attacks

By Aaron Cockerill

For the next four weeks Lookout is diving into a number of key findings straight from the mouths of security and IT professionals you work with every day. This is week one. Check back for more insights from the field.
Security professionals now say a mobile device was likely the root of a data breach in their organization, according to a new survey of security experts conducted by the Ponemon Institute.
Mobility is as much about people as it is about devices. Today, mobile devices are productivity tools we use to plan construction projects on site, record patient data in a consultation, take orders, give presentations, send messages/emails, make phone calls, take photos, navigate in our cars, and so much more. It stands to reason, then, that these devices are becoming more engrained in the everyday working environment.
Since we give mobile devices access to some of our most sensitive information -- work emails, budget documents, HR information, business plans. The number of “things” we consume through mobile is growing rapidly. By virtue of how our working habits have changed, and the comprehensive nature of the data accessible on these devices, IT and security professionals now acknowledge mobile devices are a legitimate vector for attack. In fact, 67 percent said their organization has likely suffered a data breach through mobile. Phishing attacks, spoofed Wi-Fi attacks, malicious applications, and more are the likely culprits.
Screen Shot 2016-02-22 at 5.42.10 PM
Why mobile devices are susceptible to attack
Eighty-three percent of security pros responded that mobile devices are susceptible to attack. The reason is that there are a number of attractive vectors on a mobile device that are more difficult to exploit on PCs. For example, charges incurred for cellular data cause many users to connect to WiFi networks whenever they are available. Using this approach an attackers can pose as a fake Wi-Fi networks and gain access to the device. Another example relies on the fact that mobile devices, even when corporate owned, are typically personal. As a result users often have personal email on their devices and are more willing to connect to links or open attachments that they would not on their corporate PC. Phishing can come through a number of avenues on mobile. One is the classic email, another is through SMS messages, and the last is through apps made to look like well-known brands, but that instead trick people into giving over their information. Here are some further examples of app-based risks:
Screen Shot 2016-02-08 at 4.32.21 PM
It makes sense, then, that 70 percent of these security professionals say the failure to secure data on mobile devices has likely resulted in a breach.
Screen Shot 2016-03-10 at 10.53.44 AM
As mobile devices increasingly become a key element of employee productivity and typical workflows, companies that embrace mobile security will realize those gains, reaping the rewards of enhanced productivity, without the risk.
About the Data: The Ponemon Institute surveyed 588 IT and IT security professionals who are employed in Global 2000 companies and the public sector who are familiar with their organization’s management and security of mobile devices used in the workplace. In addition, they have responsibility for monitoring or enforcing the security of mobile devices used in the workplace, including employee-owned devices, also known as BYOD. Get the full report for a detailed explanation of the survey methodology.

Author

Aaron Cockerill,
Chief Strategy Officer