Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
Connect Directly
E-Mail vvv

Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor

A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.

There are plenty of security solutions in place that protect sensitive data in motion, and at rest in enterprise storage and the cloud, from firewalls to data loss prevention software. But the mobile endpoint is one of the biggest security weaknesses today. Hackers know this and are exploiting it every day — Verizon's "2020 Mobile Security Report" found that four in 10 companies were breached through a mobile device.

Related Content:

DARPA and Academia Jumpstart 5G IoT Security Efforts

The Changing Face of Threat Intelligence

BECs and EACs: What's the Difference?

Mobile devices have been at the crux of some of the year's most notable and high-profile attacks. Amazon CEO Jeff Bezos' alleged iPhone compromise incident became a key example of how mobile devices can be penetrated without sophisticated brute-force hacking or techniques.

Simple phishing is the most common way mobile devices are compromised, and this threat is on the rise thanks to the increase in mobile device adoption and the surge in remote work during the COVID-19 pandemic. Not surprisingly, there was a 37% increase worldwide in enterprise mobile phishing between fourth quarter of 2019 and the first quarter of 2020, according to Lookout. Malicious Wi-Fi hotspots and malicious applications are other common entry points to mobile device compromise.

What Happens if Mobile Device Security Fails
A lapse in mobile endpoint security can present significant threats, particularly when it comes to enterprise environments.

Mobile ransomware payloads can result in some of these worst outcomes, as these are notoriously difficult to detect and remove from mobile devices. Once a successful malware payload is dropped through a common attack method, such as a text phishing attack or a malicious app download, an attacker can move laterally across the corporate network the device is connected to, locking files across other devices and asking for ransoms.

Spyware payloads provide an attacker with the ability to plug into an enterprise network via the mobile device or even access the devices' microphone, camera, or location services. Information obtained by device snooping can then be sold on the Dark Web to the highest bidder or be used to launch subsequent, sophisticated phishing attacks on other employees.

If an attacker creates a sophisticated phishing attack disguised as a user's bank, it's easy to mistakenly enter sensitive account credentials to a phony login prompt on a mobile device. The same can occur with enterprise apps like Microsoft 365 or Dropbox. Entering this login information can give the attackers everything they need to enter into a corporate account and exfiltrate critically important company data.

Mobility and Enterprise-Grade Security
There is no way to guarantee security in a mobile world. In addition to device security solutions like endpoint protection or application security solutions such as cloud access security brokers, and basic precautions like avoiding public Wi-Fi and utilizing a VPN, there are other best practices for securing the mobile endpoint. A combination of best practices and best-in-class technology solutions will help safeguard your enterprises from falling victim to ever-growing threats:

  • Ensure devices OS and apps are up to date: Make sure any devices connected to a corporate network are updating their operating systems frequently, as many updates include patches for vulnerabilities that can be used by hackers to exploit mobile devices. Turn on "auto update" for applications so that the latest patches for the applications themselves are being pushed to the device once available.

  • Use only sanctioned apps: All devices that touch an enterprise environment should download only their apps from official app stores like Google Play and the Apple App Store. Hacker groups have been known to create duplicate apps available from third-party websites that are laced with malware.

  • Invest in employer training security: Employees are the weakest security link in an enterprise environment. It's critical that they have the knowledge and training to not take the bait and click on malicious links or fall for social engineering attempts. Security technologies are often left with limited options once malware has infiltrated a device.

  • Require encryption: Encryption needs to be a requirement on sensitive corporate documents and communications. Your level of encryption should be congruent with the sensitivity of the business your organization conducts. For example, a top financial services firm should be very strict about its document and communication encryption policies and ensure its employees are only using sanctioned, communications platforms that are end-to-end encrypted and within the bounds of company compliance regulations.  

  • Strong passwords and password management: Implement a stringent company password policy. Require random characters, nothing shorter than 15 characters in length, and ensure employees don't use the same password across enterprise and personal accounts. It's also important to utilize the principle of least privileged access.

The Threat Continues
Mobile device attacks will continue to grow as more devices come online and as business users stay in a remote working environment. By sending, receiving, and storing important corporate data on their personal mobile devices, users are putting their organizations at risk and treating mobile security as an afterthought. It's critical for enterprise employees to stay vigilant, use best security practices, and not underestimate the value and sensitivity of the data being shared across mobile devices. 

Joel Wallenstrom is the CEO and President of Wickr and a world-renowned information security expert. Joel has led top white-hat hacker teams responding to some of the most high-profile incidents in the past 20 years. Under his executive guidance Wickr has since pivoted the ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.