As the business world increasingly relies on data analytics, cloud platforms and as-a-service technologies, cyber security professionals are ramping up their efforts to conceal massive amounts of sensitive, confidential data. But hackers are persistent and are turning toward mobile and Internet of Things (IoT) devices in their endless search for chinks in the armor of corporate security.
Knowing that computer networks and servers are well secured these days, a group of hackers figured out a way to leverage security weaknesses in IoT devices to perpetrate what would become known as the Mirai Botnet hack in 2016, according to Josh Fruhlinger’s CSO Online article, “The Mirai Botnet Explained: How Teen Scammers and CCTV Cameras Almost Brought Down the Internet.”
“By 2017, there were 8.4 billion [IoT devices] out there on the internet, ripe for the plucking,” writes Fruhlinger. “Mirai took advantage of these insecure IoT devices in a simple but clever way. Rather than attempting to use complex wizardry to track down IoT gadgets, it scanned big blocks of the internet for open Telnet ports, then attempted to log in using 61 username/password combos that are frequently used as the default for these devices and never changed. In this way, it was able to amass an army of compromised closed-circuit TV cameras and routers, ready to do its bidding.”
With so many vulnerable IoT devices in use, cyber security has to stay on top of mobile device security. Best practices must be presented to and continually reinforced among corporate staff and vendors, especially those who are naïve about the security aspects of modern technology. Graduates of online cyber security master’s programs will be well armed for the task of corporate security in the age of data.
Threats to Corporate Mobile Security
Hackers are discovering that they can’t go about infiltrating secure servers the way they used to, thanks to increases and improvements in corporate cyber security. So they are turning to the adage, “If you can’t get in the front door, try the back door.” Smartphones, smartwatches, routers, Wi-Fi-connected video cameras, inventory control devices, smart locks, thermostats and other devices connect wirelessly to secure servers and are unfortunately not considered a threat.
Tech journalist JR Raphael lists areas of concern regarding mobile security in “7 Mobile Security Threats You Should Take Seriously in 2019,” also on CSO Online. Mobile device cyber security threats include:
- Data Leakage: Sensitive data can be leaked through malware programs installed on mobile and IoT devices. Sometimes data can even be leaked via innocuous smartphone apps installed by users who grant app permissions without thinking twice about it. Those apps can then access secure servers undetected.
- Social Engineering: Phishing is a popular form of social engineering used to trick business employees or executives into divulging information that can then be used to access secured databases and servers. Phishing activities range from sending an email posing as a system administrator requesting credentials to in-person confidence scams.
- Wi-Fi Interference: As distributed teams become a larger part of the workforce, businesspeople use coffee shops and other public places as their office. Hackers can use man-in-the-middle attacks to intercept sensitive data, convincing coffee shop patrons that they are connected to a wireless access point when, in fact, they are connected to the hacker’s computer instead.
- Out-of-Date Devices: Security patches and software updates are more crucial to security than most people realize. Major brands push updates regularly, but not all manufacturers distribute them in a timely fashion. Also, many IoT devices will reach the end of their usefulness without ever having received a firmware update.
- Cryptojacking Attacks: Some hackers have turned to using a company’s computing resources passively to mine cryptocurrency. Without getting too technical, cryptocurrency is “mined” (and thus put into circulation) by solving massive mathematical equations that require enormous computing power to accomplish. Hackers figured out that they could tap into other people’s computers (costing them money) rather than spend large sums of money building their own rigs.
- Poor Password Hygiene: Most people are beginning to learn that simple passwords no longer cut it where secure login credentials are concerned. Passwords like “123456,” “Name96,” “LukeSkywalker1” and so on are easy to crack and therefore put sensitive information at risk. Hackers even have programs that can devise all possible passwords from personal information such as names, important dates, pet’s names, birth names, places of birth and other easily retrievable data.
Countering Mobile Security Threats
The best way to maintain mobile security in the workplace is to encourage employees to keep sensitive and confidential data safe from hackers. In the case of cyber security, an educated workforce is an effective hacking deterrent. Password creation protocol, for example, can be easily relayed to all of a company’s employees, regardless of their technical expertise.
Businesses have several means at their disposal that can make hacking secure servers more difficult, according to IT veteran Ed Tittel’s CIO.com article, “7 Enterprise Mobile Security Best Practices.”
Tittel highlights the importance of ensuring that all connected mobile devices have effective anti-malware software installed and up to date. As cyber security experts discover new exploits, anti-malware software can be updated to pinpoint and counter or delete them.
Third-party software installations also need to be carefully monitored and controlled. Depending on the company and the data being protected, some executives may want to consider secure mobile devices for their employees rather than allowing them to use personal devices.
Other avenues of mobile security protection include securing mobile communications through encryption software, creating separate mobile gateways that route mobile traffic through customized firewalls, and conducting regular mobile security audits to find and fix holes.
University of North Dakota’s Master of Science in Cyber Security Program
To learn about mobile security threats and defenses, choosing the right online cyber security master’s program is an important decision. The best programs offer a cyber security curriculum that keeps current with today’s issues and concerns and include concentrations that will be attractive to employers.
UND’s online cyber security master’s degree program is accredited by the Higher Learning Commission and is ranked in U.S. News & World Report’s Top 25 Most Innovative Schools (2018), alongside such prestigious institutions as Stanford, Harvard and MIT.
UND prepares students for careers in cyber security and offers concentrations in Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security, and General Cyber Security. For more information on UND’s MSCS online program, visit the program’s website.
The Mirai Botnet Explained – CSOonline.com
7 Mobile Security Threats – CSOonline.com
7 Enterprise Mobile Security Best Practices – CIO.com