EXECUTIVE SUMMARY:

We know that cyberattacks come from many different directions. But for many, mobile is not typically the top-of-mind concern. Recent news from both private and public sectors indicate that when it comes to mobile devices, security is taken for granted. The reality, however, is that these devices can be magnets for a host of cyber issues.

Read the full story below….

A few years ago, CISOs were wrestling with how to address the trend of employees’ devices entering the workplace. As more organizations have adopted BYOD policies or issued mobile phones to their employees, the question of security has begun to loom larger. Not just because of malware infections, but also because of phishing that can come in the form of email, texts, and even phone calls. Any one of these approaches can lead to a serious data breach that reaches beyond the mobile device to the corporate network.

Adding to the ease–or complexity, depending on how you look at it–of a potential mobile hack, downloads from app stores can also be vectors. For instance, in July, Google Play Marketplace had to delete several apps from its app store because of issues with spyware. And, in Motherboard today, Lorenzo Franceschi-Bicchierai warns about the danger of deceptive popups that are designed to look like the window you see at Apple’s app store, which asks for your Apple ID password. Turns out, creating imposter popups is relatively easy.

When mobile devices are compromised, especially those used for work, there’s a lot at risk. Hackers have an open door to steal personal information, passwords, business and personal email, corporate documents and intellectual property. And, they’re able to infiltrate company networks and applications. When you work for the government, that becomes a much larger concern.

Late last month, Politico reported on the risk associated with White House staff using personal devices for official purposes, saying, “NSA briefers told the Trump aides that using their personal devices for work, including passing files and emails from one system to the other, could give cyberspies access to their work computers and email, too.” Now fast-forward to last week’s report about White House Chief of Staff John Kelly, hanging onto a compromised phone for months. As Lily Hay Newman wrote in Wired, “Any attacker with awareness about their target—and deep pockets—could have used more sophisticated exploits to burrow deep into the device and start reconnaissance and data-gathering, even potentially masquerading as Kelly on his accounts, or taking them over to mislead his associates.”

“In many respects, hacking a smartphone is the easiest way to break into an organization’s network,” said Brian Gleeson, head of product marketing for Check Point’s mobile security products. “The problem is that unsecured devices are the norm.” In fact, only 38 percent of companies deploy a mobile threat defense solution. The key, according to Gleeson, is to be able to implement security measures that are just as effective as on desktops, and to be able to dynamically change access privileges to reflect risk levels.