FORBES | By Domingo Guerra – Cyber thieves are increasingly targeting mobile phones. News came to light in September that the FBI is investigating attempts to hack phones used by Democratic Party officials—hacks that the FBI believes were orchestrated by the Russian government. This is a noteworthy development in the war on cybercrime because it’s the first high-profile instance of an attack in the US on mobile phones.
Still, it was only a matter of time before a phone hack grabbed headlines. The reality is that all organizations face new security challenges as their workers increasingly go mobile and use a rapidly expanding number of mobile apps. With employees accessing more corporate information on mobile devices and storing more sensitive data on them, hackers see the devices as a target of opportunity. And they see apps as an easy way in.
That’s because the traditional software-approval model doesn’t apply to the modern mobile enterprise. In the past, IT was the all-powerful gatekeeper. You needed IT’s approval to install any piece of software on your computer. You would ask and IT would check its whitelist of approved software for employees. In our modern-day mobile workplace, that whitelist is gathering cobwebs somewhere. It’s simply not feasible to create a software whitelist when there are millions of apps in the world and new ones coming out all the time.
To make matters worse, most employers don’t provide their workers with any education about what apps are safe to install on their work-related devices and what apps aren’t. It’s not that employees are downloading malicious or risky apps on purpose. They’re downloading apps they think they need—but many of those apps have risks that the app stores have not vetted to meet enterprise security standards.
This is why corporate data leaking via apps is a growing enterprise concern. For instance, if your company lets you sync your corporate calendar, contacts, and email to your mobile device (lots of companies do) this opens up all sorts of risks. Suddenly, your phone contains the contact information of everyone in your organization. And any mobile app that requests access to your contacts or calendar also has access to the names and titles of all your coworkers, as well as the dial-in codes for all your private conference calls. This information can then be put to effective use in attacks by a malicious app or hacker. It should not be surprising that there has been a huge increase in targeted spear phishing attacks as mobile devices have become commonplace in the workplace.
Worse, many apps share your data with third parties and it’s impossible to see where your data ends up and whether it’s handled in a secure fashion when it gets there. That means a malicious actor doesn’t have to access your phone to attack your company, he can hack a third-party data broker that has information from millions of users and go from there.
A recent study from Allot Communications found that mobile business users have the highest chance of incurring malware. The study analyzed the data records of half a million mobile users over the course of seven days and found that 79% of businessmen and 67% of businesswomen use risky apps every day that made them and their organizations vulnerable to malware and other mobile risks.
Photo credit: In this picture taken on March 5, 2015, a map of the United States displayed on a computer screen shows cyber attacks in real time at the headquarters of Bitdefender, a leading Romanian cyber security company, in Bucharest, Romania. (AP Photo/Octav Ganea, Mediafax)
Read the full article here.