Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile

12/30/2020
10:00 AM
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Mobile Endpoint Security: Still the Crack in the Enterprise's Cyber Armor

A combination of best practices and best-in-class technology will help keep your enterprise from falling victim to ever-growing threats.

There are plenty of security solutions in place that protect sensitive data in motion, and at rest in enterprise storage and the cloud, from firewalls to data loss prevention software. But the mobile endpoint is one of the biggest security weaknesses today. Hackers know this and are exploiting it every day — Verizon's "2020 Mobile Security Report" found that four in 10 companies were breached through a mobile device.

Related Content:

DARPA and Academia Jumpstart 5G IoT Security Efforts

The Changing Face of Threat Intelligence

BECs and EACs: What's the Difference?

Mobile devices have been at the crux of some of the year's most notable and high-profile attacks. Amazon CEO Jeff Bezos' alleged iPhone compromise incident became a key example of how mobile devices can be penetrated without sophisticated brute-force hacking or techniques.

Simple phishing is the most common way mobile devices are compromised, and this threat is on the rise thanks to the increase in mobile device adoption and the surge in remote work during the COVID-19 pandemic. Not surprisingly, there was a 37% increase worldwide in enterprise mobile phishing between fourth quarter of 2019 and the first quarter of 2020, according to Lookout. Malicious Wi-Fi hotspots and malicious applications are other common entry points to mobile device compromise.

What Happens if Mobile Device Security Fails
A lapse in mobile endpoint security can present significant threats, particularly when it comes to enterprise environments.

Mobile ransomware payloads can result in some of these worst outcomes, as these are notoriously difficult to detect and remove from mobile devices. Once a successful malware payload is dropped through a common attack method, such as a text phishing attack or a malicious app download, an attacker can move laterally across the corporate network the device is connected to, locking files across other devices and asking for ransoms.

Spyware payloads provide an attacker with the ability to plug into an enterprise network via the mobile device or even access the devices' microphone, camera, or location services. Information obtained by device snooping can then be sold on the Dark Web to the highest bidder or be used to launch subsequent, sophisticated phishing attacks on other employees.

If an attacker creates a sophisticated phishing attack disguised as a user's bank, it's easy to mistakenly enter sensitive account credentials to a phony login prompt on a mobile device. The same can occur with enterprise apps like Microsoft 365 or Dropbox. Entering this login information can give the attackers everything they need to enter into a corporate account and exfiltrate critically important company data.

Mobility and Enterprise-Grade Security
There is no way to guarantee security in a mobile world. In addition to device security solutions like endpoint protection or application security solutions such as cloud access security brokers, and basic precautions like avoiding public Wi-Fi and utilizing a VPN, there are other best practices for securing the mobile endpoint. A combination of best practices and best-in-class technology solutions will help safeguard your enterprises from falling victim to ever-growing threats:

  • Ensure devices OS and apps are up to date: Make sure any devices connected to a corporate network are updating their operating systems frequently, as many updates include patches for vulnerabilities that can be used by hackers to exploit mobile devices. Turn on "auto update" for applications so that the latest patches for the applications themselves are being pushed to the device once available.

  • Use only sanctioned apps: All devices that touch an enterprise environment should download only their apps from official app stores like Google Play and the Apple App Store. Hacker groups have been known to create duplicate apps available from third-party websites that are laced with malware.

  • Invest in employer training security: Employees are the weakest security link in an enterprise environment. It's critical that they have the knowledge and training to not take the bait and click on malicious links or fall for social engineering attempts. Security technologies are often left with limited options once malware has infiltrated a device.

  • Require encryption: Encryption needs to be a requirement on sensitive corporate documents and communications. Your level of encryption should be congruent with the sensitivity of the business your organization conducts. For example, a top financial services firm should be very strict about its document and communication encryption policies and ensure its employees are only using sanctioned, communications platforms that are end-to-end encrypted and within the bounds of company compliance regulations.  

  • Strong passwords and password management: Implement a stringent company password policy. Require random characters, nothing shorter than 15 characters in length, and ensure employees don't use the same password across enterprise and personal accounts. It's also important to utilize the principle of least privileged access.

The Threat Continues
Mobile device attacks will continue to grow as more devices come online and as business users stay in a remote working environment. By sending, receiving, and storing important corporate data on their personal mobile devices, users are putting their organizations at risk and treating mobile security as an afterthought. It's critical for enterprise employees to stay vigilant, use best security practices, and not underestimate the value and sensitivity of the data being shared across mobile devices. 

Joel Wallenstrom is the CEO and President of Wickr and a world-renowned information security expert. Joel has led top white-hat hacker teams responding to some of the most high-profile incidents in the past 20 years. Under his executive guidance Wickr has since pivoted the ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27486
PUBLISHED: 2021-04-12
The Fatek Automation WinProladder Versions 3.3 and prior are vulnerable to an integer underflow, which may cause an out-of-bounds write and allow an attacker to execute arbitrary code.
CVE-2021-3465
PUBLISHED: 2021-04-12
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2020-15942
PUBLISHED: 2021-04-12
An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
CVE-2021-22190
PUBLISHED: 2021-04-12
A path traversal vulnerability via the GitLab Workhorse in all versions of GitLab could result in the leakage of a JWT token
CVE-2021-24024
PUBLISHED: 2021-04-12
A clear text storage of sensitive information into log file vulnerability in FortiADCManager 5.3.0 and below, 5.2.1 and below and FortiADC 5.3.7 and below may allow a remote authenticated attacker to read other local users' password in log files.