The Insecurity of Things

The world of computing and communication has shifted from desktops to mobile devices like smartphones, tablets, and laptops in the past decade. The most remarkable rise has been that of mobile phones with the number of users expected to pass the five-billion mark by 2019. With the increased opportunities for data theft and loss, it becomes crucial for individuals to secure their devices from both personal as well as enterprise perspectives.

Hackers are devoting their effort to trespass unsecured devices as sensitive information is being exchanged more than ever through the realms of online shopping, banking, and browsing. In addition, hackers have begun accessing microphones, cameras, and the GPS to stir a security nightmare for other mobile users. According to Android Security 2017 Review report, India had the third highest rate of bad-app installation, that is, potentially harmful applications behind Philippines and Thailand. [1]Mobile security thus becomes a massive concern considering India’s 300 million smartphone users is expected to rise to 500 million by 2022. [2] It is the overlooked areas in mobile security that are increasingly being breached. The year ahead may further endure dangers in the following areas.

Data leakage

Data leakage is perhaps the most worrisome threat to enterprise security today. According to Ponemon, companies have nearly 28% chance of experiencing at least one security related incident in the next two years. [3] In the case of data leakages, sensitive information is often ‘accidently disclosed’ via transferring files on the public cloud, pasting confidential information in the wrong place, or forwarding emails to unintended recipients. Hence, these instances are not nefarious, but rather due to inadvertent instances of carelessness. Data loss prevention tools may represent the most effective shield of protection. Such software is explicitly designed to prevent the exposure of any sensitive information.

Social engineering

Social engineering is essentially the means to gain access to buildings, systems, or data by a manner of psychological exploitation rather than technical hacking techniques. The methodology was earlier coined in terms of gaining physical access to facilities.However, the trickery is as troublesome on the digital front as well. This is because mobile users fall prey to untrustworthy mails. According to an IBM study, users are three times more likely to respond to a phishing attack on a mobile device than a desktop.[4]

It must be understood that a mobile device is only as secure as the network through which it transmits or receives data. Our information is not as secure as we may assume considering we’re often connected to public Wi-Fi networks. Network spoofing has thus increased substantially in recent times, and yet innumerable people don’t bother securing their connection while travelling; they rather rely on public networks.

The selection of the right enterprise-class VPN becomes crucial, a lack of which can be detrimental. This is because a hacker can maliciously intercept communication between two parties over insecure Wi-Fi networks.

Cryptojacking attacks.

Cryptojacking is a relatively new mobile threat wherein someone uses a device to mine for cryptocurrency without the owner’s knowledge. Affected phones act as a medium in the crypto mining process which in turn experience poor batter life and suffer from damage due to overheating components. In other words, hackers essentially hijack another user’s processing power in order to mine cryptocurrency (digital currency) on the hacker’s behalf. According to Skybox Security analysis, this unwanted problem made up a third of all attacks in the first half of 2018.[5]

Physical device breaches

One of the most common threats however remains in losing a device or leaving it unattended. This especially becomes a major concern when the device doesn’t have a strong VPN or password along with full data encryption.

In conclusion

The threat to mobile security evidently comes from various sources. It then becomes critical to ensure the safety of our mobile devices to protect both personal as well as enterprise information. It must be considered mandatory to install an antivirus or antimalware software in our mobile devices, especially in this age of digital exploitation.

By Sanjit Chatterjee.
CEO – REVE Antivirus.

[

amardeep kaushal

Blogger, Marketer & Data Analyst.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.