The concurrent rise of big data, the Internet of Things (IoT) and mobile device usage has fundamentally changed business strategies in numerous ways, from marketing strategies and work environments to how we communicate. This shifting landscape has also provided new avenues for cyber criminals to exploit vulnerabilities and access sensitive confidential data. To counteract these various types of cyber security threats, cyber security professionals have ramped up their efforts to stay one step ahead of cyber criminals.
Mobile devices attached to the IoT are of particular concern, partially due to the sheer volume of devices in the market. A 2020 report by Juniper Research noted the total number of IoT connections will increase from 35 billion to 83 billion from 2020 and 2024 — an increase of 130%. This provides fertile ground for cyber crime. There were more than 1.5 billion IoT attacks in the first half of 2021, double the number detected in the second half of 2020, according to a report by cyber security company Kaspersky that was shared with Threatpost.
With so many vulnerable IoT devices in use, cyber security has to make a top priority of these mobile device security risks. Best practices must be presented to and continually reinforced among corporate staff and vendors, especially those who are naïve about the security aspects of modern technology. Graduates of cyber security master’s programs will be well armed for the task of corporate security in the age of data.
Mobile Device Security Threats
Hackers are discovering they can’t go about infiltrating secure servers the way they used to, thanks to increases and improvements in corporate cyber security. So they are turning to the adage, “If you can’t get in the front door, try the back door.”
Smartphones, smartwatches, routers, Wi-Fi-connected video cameras, inventory control devices, smart locks, thermostats and other devices connect wirelessly to secure servers and are unfortunately not considered to be vulnerable by users and organizations. However, they offer several potential vulnerabilities that can be taken advantage of by hackers if left unaddressed. These vulnerabilities include but are not limited to the following.
Sensitive data can be leaked through malware programs installed on mobile and IoT devices. Sometimes data can even be leaked via innocuous smartphone apps installed by users who grant app permissions without thinking twice about it. Those apps can then access secure servers undetected.
Mobile hotspots can prevent people from using up bandwidth on their personal data plans. Unfortunately, tapping into these free Wi-Fi networks carries serious risk, as they are often unsecured. Using them could leave a device open to hackers.
As distributed teams become a larger part of the workforce, businesspeople use coffee shops and other public places as their offices. Hackers can use man-in-the-middle attacks to intercept sensitive data, employing tactics like network spoofing that convince coffee shop patrons, for instance, that they are connected to a wireless access point when, in fact, they are connected to the hacker’s computer instead.
Phishing is a popular form of social engineering used to trick business employees or executives into divulging information that can then be used to access secured databases and servers. Phishing activities range from sending an email posing as a system administrator requesting credentials to in-person confidence scams.
Unlike malware, which can take over a system or network, spyware stealthily enters a computer, gathers data and sends the collected information to a third party. This process is done without user consent, and can occur without the user realizing.
Poor Cyber Hygiene
Most people are beginning to learn that simple passwords are no longer practical where secure login credentials are concerned. Passwords like “123456” or “Name96” are easy to crack and therefore put sensitive information at risk. Hackers even have programs that can devise all possible passwords from personal information such as names, important dates, pet’s names, birth names, places of birth and other easily retrievable data.
Improper Session Handling
Many apps use a token system that allows individuals to perform numerous functions without needing to re-confirm their identity. This can lead to users leaving an app “open” by logging into it and closing it without logging out. Hackers can take advantage of this loophole by hacking into the still-open session and penetrating the app, website or data associated with the session.
Building Effective Corporate Security Strategies
The best way to maintain mobile security in the workplace is to encourage employees to keep sensitive and confidential data safe from hackers. In the case of corporate data security, an educated workforce is an effective deterrent to hackers. Password creation protocol, for example, can be easily conveyed to all of a company’s employees, regardless of their technical expertise.
Businesses have several means at their disposal to make the malevolent penetration of secure servers more difficult. For instance, it’s critical to keep mobile systems as current as possible. The longer a device stays active on the market, the more time hackers have to understand its vulnerabilities. Consistently upgrading systems organically resets this learning curve.
Businesses can also deploy mobile device management (MDM) software on their mobile devices. This software allows a company’s IT and cyber security teams to control and enforce specific security policies on mobile devices attached to the company’s network. This can enhance the protection of sensitive data when employees use their own devices to execute work functions.
Additionally, it’s vital for companies to enforce enhanced security options on all mobile devices. While employees should use strong passwords on their devices, some may unfortunately use weak ones that are easily exploitable. Simple enhanced options like two-factor authentication or biometrics can act as a safety net that can thwart hackers who slip past a password.
To build sustained protection, it’s crucial for businesses to be proactive in their mobile security process. Rather than waiting for a threat to arise, cyber security pros should schedule routine uniform device updates, keep abreast of trending cyber crime tactics and review existing security policies to ensure proper preparation against new and emerging threats. These tactics can help prevent a cyber crime before it’s set in motion.
Become a Mobile Device Security Expert
As the IoT continues to expand, the threat of cyber crime will continue to grow in its prevalence and complexity. For individuals in various careers in cyber security, this poses an ever-changing landscape of challenges. Mitigating mobile device security risks is crucial to corporate data security.
The University of North Dakota’s online Master of Science in Cyber Security program and its certificates can help students develop into leaders. Our program is designed to cultivate your passion for network and system security, helping you acquire the tools to identify, minimize and thwart cyber crime.
Learn how UND can help you embark on a rewarding career in cyber security