Guest post from Brian Gleeson, Head of Mobile Security Product Marketing at Check Point Software Technologies Ltd.
Every enterprise experiences mobile cyberattacks, even though they don’t always know it. This means you need effective protection and must reject common mobile security myths such as these:
“Mobile isn’t a big security problem”
There’s so much discussion about ransomware, but our data shows mobile malware to be 35 times more common. Mobile security incidents are impacting multiple industries. We found that 29 percent of financial services firms and 26 percent of government agencies have experienced mobile attack. We believe every enterprise has suffered at least one mobile malware attack attempt (the average being 54 attacks). As the data stored on mobile devices becomes more extensive, the financial motivation to launch attacks is also growing, and attack frequency is increasing. Attacks are taking place across all regions, and attempts are made on all platforms. Mobile is a growing security problem that enterprises must face.
“MDM is enough”
Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) solutions are effective against conventional threats, but cannot necessarily detect recently-created malware or zero-day attacks, or recognize when an attack is in progress. While it is true that MDM and EMM systems can spot the signs of compromised devices, criminals can use easily available exploits to disable this protection and disguise the rooted status of the device. When cybercriminals gain root access to an Android device, they can begin to use that device to attack other devices and undermine enterprise security protections. Unlike cloud-based, third-party mobile threat detection systems, MDM is not designed to monitor what devices do and how data is being used to identify when attacks are taking place.
“Secure containers are safe”
Secure containers separate corporate from personal data. They help preserve data integrity as well as defend against malware and use of subverted mobile apps, but they don’t provide complete security protection. Why? Because many enterprise apps exist outside the clearly guarded security perimeter, leaving them open to spoofing or man-in-the-middle attacks (many enterprise employees save critical documents to public cloud services when they travel, for example). Criminals also try to trick users into accessing infected websites to gather data, passwords and more. We also see exploits in which attackers create genuine-seeming spoof public Wi-Fi networks, on which they intercept communications to steal passwords and other information. This happened to me recently in Paris when I thought I was using public Wi-Fi, and my Sandblast Mobile-protected phone warned me I was on a malicious network.
“iOS is immune”
There is a dangerous perception that iOS is immune to mobile threats. While the number of malware exploits is indeed low in comparison to other platforms, the sophisticated nature of those attempts that have been made is a big argument against complacency. The 2015 Xcode Ghost attack saw fake developer tools inject malware into 39 App Store approved apps before Apple identified the problem. We’ve seen hackers use vulnerabilities in iOS protection to stage man-in-the-middle attacks to hijack communications between managed iOS devices and MDM solutions. Solutions that monitor devices for behaviors that suggest when attempts to undermine security take place may help identify when attacks occur. There is no reason to expect a reduction in attempts to undermine iOS security. These devices are widely used across some of the most profitable enterprises, giving criminals a clear profit motive.
“Mobile antivirus is all I need”
Viruses are just one of many forms of mobile attack. Think about SMS messages containing malware that appear to be from a trusted source; consider BlueBorne, which used Bluetooth weaknesses to root devices, steal data and spread malware. We already see exploits in which the same command and control server manages different sorts of attacks against different platforms to create a complex network of compromised devices. Criminals also disguise viruses by obfuscating malicious code, but virus checkers cannot recognize an exploit until it has already been recognized. Once you consider how swiftly new virus definitions are propagated when new exploits are found, it is an easy next step to think about how quickly definitions for other forms of malware can be shared by security systems. The best protection against complex attacks is to monitor device activity to identify suspicious behavior in real time.
What can you do?
Educating employees to follow simple security procedures (avoid clicking links, use strong passcodes, understand the risk of public Wi-Fi and non-approved app stores) makes a difference. It’s also important to recognize activity that may suggest an attack. Can your existing systems surface such threat intelligence data?
Editor in Chief, International, at Orange Business Services. I'm in charge of our International website and the English language blogs at Orange Business Services. In my spare time I'm literally captain of my own ship, spending my time on the wonderful rivers and canals of England.