The mobile security incident survival guide

Security threats to Android and iPhone devices are increasing significantly both in volume and complexity. Gartner estimates that mobile malware will account for one-third of total malware by 2019, while the Ponemon Institute claims over two-thirds of Global 2000 organizations already experienced a data breach because of employees using mobile devices, adding that an astonishing three percent of enterprise devices are affected by malware at any particular time.

Compromised devices can result in very sensitive company data being leaked: if this data is intellectual property that falls into the wrong hands, one single breach could lead to millions of dollars of losses.

The Ponemon Institute estimates the economic risk of mobile data breaches (operational costs, as well as potential maximum loss from non-compliance and reputational damage) could be as high as $26.4 million for an impacted enterprise. That’s a lot of cash to lose when threats are becoming cheap, accessible and easy to use – you can purchase viable security exploits for anything from $25 online.

The old ways are changing

Criminals have also moved beyond conventional attack models to develop new breeds of network, system level or app injection attacks. This creates a complex tapestry of problems that existing security solutions do not easily recognize. It’s common sense to recognize that if you don’t know when you are being attacked then it is difficult to defend yourself.

The first line of defense against attack is an educated workforce. Employees must understand the basic needs of mobile security: strong passwords, not to click links in unsecured emails, to avoid using public Wi-Fi for enterprise data services and assets, not to download apps from non-compliant app stores. Such advice certainly helps, but recent research suggests every business is already under some form of attack – but don’t know they are being attacked.

That’s a problem.

There are three main families of attack: device-based, application and network level attacks. Enterprise Mobile Management tools are good at identifying some of these, but not all of them. For example, the Xcode Ghost attack saw malware sewn inside apps vetted and sold as legitimate through Apple’s App Store, while BlueBorne undermined Bluetooth security to inject malware into devices without users knowing anything happened.

Think about rootkit attacks; these dangerous exploits are more or less the strongest attacks you will encounter on mobile phones, because once an attacker penetrates the device at root level they have the keys to the realm. It’s very difficult to remove the threat, but you can at least detect patterns corresponding to an attack, because you know how hackers try to gain root access. Once you are on the mobile phone, you can do phishing attacks from that device to penetrate more deeply into the enterprise’s systems.

Making the invisible visible

To help protect against such less visible attacks, mobile threat defense (MTD) tools use machine learning, threat intelligence and behavioral anomaly detection to identify behaviors that might suggest an attack is taking place.

MTD systems not only identify threats, they also work to prevent, mitigate and remedy those attacks that do take place. The tools can scan your device(s), will analyze your installed apps for the signs of malware, and will also monitor network activity for signs that something inappropriate may be taking place. The idea is that by monitoring so many of the salient signs of activity on your device, the system can identify when an attack takes place and engage in the most appropriate defense.

The best MTP systems operate on the device but are hosted in the cloud. That’s important: not only does using the cloud mean the protection has no major impact on battery life or device performance, but it also allows the protection to be updated, in real-time, by security researchers and up-to-the-minute event reporting. Even when it comes to a zero day attack, systems like these can rapidly implement protection across all your devices once an incident is identified.

A hacker collecting credit card details by creating a fake public Wi-Fi hotspot in a coffee shop may not be detected using established security systems, but an MTD system will warn you of suspicious behavior so you can choose to prevent that attack. In real time. Such protection adds another layer of defense to existing protections, making threats easier to spot and so reducing response time.

The myth of mobile security is that it in some way impacts device performance. The truth is, it doesn’t have to be this way, thanks to cloud-based security protection. That move to the cloud isn’t just about keeping devices working at their best, it’s also about supporting multiple platforms and OS generations. Today’s modern enterprise has multiple platforms and devices in use. When it comes to mobile, BYOD employees may use both iOS and Android devices. Ensuring support for all these different families of devices is challenging, but a cloud-based MTD system can provide such support with little consequential impact on device performance and battery life.

Unlock crowd power with the cloud

There is another reason MTD systems can help you survive an attempted attack. Hackers are sophisticated, and they will use successful exploits against lots of different companies.

Traditional security models demanded that each company maintain its own database of threats. That’s still good practice, but it means an enterprise may not yet have gathered enough information about any emerging vulnerability to recognize if an attack begins. A cloud-based, third-party MTD system will be working with information gathered from across multiple client enterprises and in collaboration with global security protection companies. This means that when you use these services you not only get protection that is based on what you and your company already know, but you’ll also benefit from what other enterprises and a global bank of others also learn.

The effect? Even with the deep and dangerous attempts that are emerging at this stage of the mobile-driven digital transformation, once a single person identifies, prevents or experiences the first case of any kind of attack, every other MTD protection user will quickly be made secure against that exploit. Orange Business is providing such protection to customers, with the added advantage that as a network operator, we can deliver end-to-end incident analysis of any new network threat.

Want to learn more about mobile cyberattacks and how you can protect yourself? Join this free webinar from Orange and Check Point on 7 March.

Cyril Alcover

Cyril is a security product manager at Orange Cyberdefense. He is responsible for digital identity, data protection and mobile security solutions, both in France and internationally. Previously Cyril was a security consultant with Solucom and software engineer at Cisco.