Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

12/30/2020
10:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor

A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.

There are plenty of security solutions in place that protect sensitive data in motion, and at rest in enterprise storage and the cloud, from firewalls to data loss prevention software. But the mobile endpoint is one of the biggest security weaknesses today. Hackers know this and are exploiting it every day — Verizon's "2020 Mobile Security Report" found that four in 10 companies were breached through a mobile device.

Related Content:

DARPA and Academia Jumpstart 5G IoT Security Efforts

The Changing Face of Threat Intelligence

BECs and EACs: What's the Difference?

Mobile devices have been at the crux of some of the year's most notable and high-profile attacks. Amazon CEO Jeff Bezos' alleged iPhone compromise incident became a key example of how mobile devices can be penetrated without sophisticated brute-force hacking or techniques.

Simple phishing is the most common way mobile devices are compromised, and this threat is on the rise thanks to the increase in mobile device adoption and the surge in remote work during the COVID-19 pandemic. Not surprisingly, there was a 37% increase worldwide in enterprise mobile phishing between fourth quarter of 2019 and the first quarter of 2020, according to Lookout. Malicious Wi-Fi hotspots and malicious applications are other common entry points to mobile device compromise.

What Happens if Mobile Device Security Fails
A lapse in mobile endpoint security can present significant threats, particularly when it comes to enterprise environments.

Mobile ransomware payloads can result in some of these worst outcomes, as these are notoriously difficult to detect and remove from mobile devices. Once a successful malware payload is dropped through a common attack method, such as a text phishing attack or a malicious app download, an attacker can move laterally across the corporate network the device is connected to, locking files across other devices and asking for ransoms.

Spyware payloads provide an attacker with the ability to plug into an enterprise network via the mobile device or even access the devices' microphone, camera, or location services. Information obtained by device snooping can then be sold on the Dark Web to the highest bidder or be used to launch subsequent, sophisticated phishing attacks on other employees.

If an attacker creates a sophisticated phishing attack disguised as a user's bank, it's easy to mistakenly enter sensitive account credentials to a phony login prompt on a mobile device. The same can occur with enterprise apps like Microsoft 365 or Dropbox. Entering this login information can give the attackers everything they need to enter into a corporate account and exfiltrate critically important company data.

Mobility and Enterprise-Grade Security
There is no way to guarantee security in a mobile world. In addition to device security solutions like endpoint protection or application security solutions such as cloud access security brokers, and basic precautions like avoiding public Wi-Fi and utilizing a VPN, there are other best practices for securing the mobile endpoint. A combination of best practices and best-in-class technology solutions will help safeguard your enterprises from falling victim to ever-growing threats:

  • Ensure devices OS and apps are up to date: Make sure any devices connected to a corporate network are updating their operating systems frequently, as many updates include patches for vulnerabilities that can be used by hackers to exploit mobile devices. Turn on "auto update" for applications so that the latest patches for the applications themselves are being pushed to the device once available.

  • Use only sanctioned apps: All devices that touch an enterprise environment should download only their apps from official app stores like Google Play and the Apple App Store. Hacker groups have been known to create duplicate apps available from third-party websites that are laced with malware.

  • Invest in employer training security: Employees are the weakest security link in an enterprise environment. It's critical that they have the knowledge and training to not take the bait and click on malicious links or fall for social engineering attempts. Security technologies are often left with limited options once malware has infiltrated a device.

  • Require encryption: Encryption needs to be a requirement on sensitive corporate documents and communications. Your level of encryption should be congruent with the sensitivity of the business your organization conducts. For example, a top financial services firm should be very strict about its document and communication encryption policies and ensure its employees are only using sanctioned, communications platforms that are end-to-end encrypted and within the bounds of company compliance regulations.  

  • Strong passwords and password management: Implement a stringent company password policy. Require random characters, nothing shorter than 15 characters in length, and ensure employees don't use the same password across enterprise and personal accounts. It's also important to utilize the principle of least privileged access.

The Threat Continues
Mobile device attacks will continue to grow as more devices come online and as business users stay in a remote working environment. By sending, receiving, and storing important corporate data on their personal mobile devices, users are putting their organizations at risk and treating mobile security as an afterthought. It's critical for enterprise employees to stay vigilant, use best security practices, and not underestimate the value and sensitivity of the data being shared across mobile devices. 

Joel Wallenstrom is the CEO and President of Wickr and a world-renowned information security expert. Joel has led top white-hat hacker teams responding to some of the most high-profile incidents in the past 20 years. Under his executive guidance Wickr has since pivoted the ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-28488
PUBLISHED: 2021-01-22
This affects all versions of package jquery-ui; all versions of package org.fujion.webjars:jquery-ui. When the "dialog" is injected into an HTML tag more than once, the browser and the application may crash.
CVE-2021-22847
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege.
CVE-2021-22849
PUBLISHED: 2021-01-22
Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack.
CVE-2020-8567
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azure Plugin prior to v0.0.10, and GCP Plugin prior to v0.2.0 allow an attacker who can create specially-crafted SecretProviderClass objects to write to arbitrary file paths on the host filesystem, including /var/lib/kubelet/pods.
CVE-2020-8568
PUBLISHED: 2021-01-21
Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow an attacker who can modify a SecretProviderClassPodStatus/Status resource the ability to write content to the host filesystem and sync file contents to Kubernetes Secrets. This includes paths under var/lib/kubelet/pods that conta...