| Executives March 10, 2016


March 10, 2016

Mobile devices -- frequently a part of broader cyber attacks

By Aaron Cockerill

For the next four weeks Lookout is diving into a number of key findings straight from the mouths of security and IT professionals you work with every day. This is week one. Check back for more insights from the field.
Security professionals now say a mobile device was likely the root of a data breach in their organization, according to a new survey of security experts conducted by the Ponemon Institute.
Mobility is as much about people as it is about devices. Today, mobile devices are productivity tools we use to plan construction projects on site, record patient data in a consultation, take orders, give presentations, send messages/emails, make phone calls, take photos, navigate in our cars, and so much more. It stands to reason, then, that these devices are becoming more engrained in the everyday working environment.
Since we give mobile devices access to some of our most sensitive information -- work emails, budget documents, HR information, business plans. The number of “things” we consume through mobile is growing rapidly. By virtue of how our working habits have changed, and the comprehensive nature of the data accessible on these devices, IT and security professionals now acknowledge mobile devices are a legitimate vector for attack. In fact, 67 percent said their organization has likely suffered a data breach through mobile. Phishing attacks, spoofed Wi-Fi attacks, malicious applications, and more are the likely culprits.
Screen Shot 2016-02-22 at 5.42.10 PM
Why mobile devices are susceptible to attack
Eighty-three percent of security pros responded that mobile devices are susceptible to attack. The reason is that there are a number of attractive vectors on a mobile device that are more difficult to exploit on PCs. For example, charges incurred for cellular data cause many users to connect to WiFi networks whenever they are available. Using this approach an attackers can pose as a fake Wi-Fi networks and gain access to the device. Another example relies on the fact that mobile devices, even when corporate owned, are typically personal. As a result users often have personal email on their devices and are more willing to connect to links or open attachments that they would not on their corporate PC. Phishing can come through a number of avenues on mobile. One is the classic email, another is through SMS messages, and the last is through apps made to look like well-known brands, but that instead trick people into giving over their information. Here are some further examples of app-based risks:
Screen Shot 2016-02-08 at 4.32.21 PM
It makes sense, then, that 70 percent of these security professionals say the failure to secure data on mobile devices has likely resulted in a breach.
Screen Shot 2016-03-10 at 10.53.44 AM
As mobile devices increasingly become a key element of employee productivity and typical workflows, companies that embrace mobile security will realize those gains, reaping the rewards of enhanced productivity, without the risk.
About the Data: The Ponemon Institute surveyed 588 IT and IT security professionals who are employed in Global 2000 companies and the public sector who are familiar with their organization’s management and security of mobile devices used in the workplace. In addition, they have responsibility for monitoring or enforcing the security of mobile devices used in the workplace, including employee-owned devices, also known as BYOD. Get the full report for a detailed explanation of the survey methodology.

Author

Aaron Cockerill,
Chief Strategy Officer

Leave a comment

Submit


2 comments


Judy Wallace says:

September 16, 2016 at 6:48 am

Please cancel this account and refund my money. Thanks Judy Wallace


Meghan Kelly says:

September 20, 2016 at 11:01 am

Hi Judy, I'm sorry to hear you want to deactivate. Here are a few FAQs on canceling your account: https://faq.lookout.com/topics/q=cancel%20account If you have any trouble, would you please reach out to our support team and include the email address associated with your Lookout account? support [at] lookout [dot] com


Rubén Garrido says:

March 10, 2016 at 2:31 pm

It's a great app! But as a developer I would like to know how is this working since I'm not able to see any api that will allow to do this. Are you using private frameworks? Or how you done it? Just curious!


Meghan Kelly says:

March 22, 2016 at 9:32 am

Hey Rubén, Great question! Our team of developers did not use a private API to build our app, but instead used Bluetooth to determine connection strength between the watch and the iPhone, since Apple Watch is a Bluetooth-based device.