by Ian Heritage
A new government report out this week has warned that, while FTSE 350 boards are coming to appreciate the importance of cybersecurity, few comprehensively understand business critical data and systems, and the impact that attacks could have. This is important because, partly as a result of these awareness gaps, less than half of the UK’s biggest businesses (46%) have a dedicated budget for cybersecurity.
This makes it more important than ever for IT leaders to direct spending to the parts of the business most in need. According to the findings of a new Trend Micro report also out this week, that should include mobile security.
Eighty-six million problems
Threats to smartphones, tablets and other mobile devices are on the rise. Trend Micro alone blocked over 86 million in 2018, up over 48% from the previous year, according to the 2018 Mobile Threat Landscape Report. Ransomware detections declined (by 76%) while crypto-mining increased (by 450%), mimicking the general trend we’re seeing across the desktop environment. Mobile banking trojans also jumped, by 98% year-on-year.
But while these threats in general have more impact on the end-user than the enterprise as a whole, the same can’t be said of cyber-espionage attempts. As the report warns, employee mobile devices are now a key target in multi-staged attacks designed to spy on and steal sensitive corporate data. Phishing and social engineering, watering hole techniques, abuse of social media, malicious apps and more are combined in ways designed to harvest data from devices and corporate cloud account log-ins.
Threats such as Confucius use romance scams and adult content to steal sensitive data, while Skygofree and ZooPark spy on Android device users and lift selected data. Stealth Mango and Tangelo campaigns used phishing to steal sensitive data on Android and iOS devices. In fact, phishing is given a new dimension on mobile devices, with users lured not only by malicious links in emails but also SMS or WhatsApp messages. It has been reported that nearly half of all phishing attacks take place on mobile devices. Often users are more likely to click on links or open attachments whilst on-the-go, either because they’re distracted or perhaps in a hurry. If their device lacks adequate security protection it could be a major threat to corporate security.
This year and beyond
Now that many personal devices are also de facto enterprise endpoints, IT security bosses must be sure to lock down risk through rigorously enforced security policies. If budget is not forthcoming to roll-out mobile security and device management (MDM) tools, CISOs should try harder to articulate to boards the impact of such risks on the bottom line and corporate reputation. Attention must also be paid to enterprise app stores and MDM software as, in the iOS sphere, these will increasingly be seen as easier attack vectors via which to compromise Apple devices.
Fortunately, Trend Micro offers a range of solutions to help mitigate mobile risk, including Trend Micro™ Mobile Security for Android™ and Trend Micro™ Mobile Security for Apple devices. Trend Micro™ Mobile Security for Enterprise provides device, compliance and application management, as well as data protection and configuration provisioning. It also protects devices from vulnerability exploits, prevents unauthorised access to apps and detects and blocks malware and fraudulent websites.
Trend Micro’s Mobile App Reputation Service (MARS) mitigates malware, zero-day and known exploits, privacy leaks and app vulnerabilities on Android and iOS using sandbox and machine learning technologies.