As 2018 kicks off, I’ve been asked to provide my thoughts on what the big trends in cyber and mobile security will be for the year. One thing I know for sure is that enterprise data via mobile is the next frontier for cyber criminals.
Hackers will progress from small footprint ‘front door’ malware and Man-in-the-Middle attacks to attacks that access all of an app’s or a company’s data via the ‘backdoor’ – app vulnerabilities.
The next big breach won’t happen because hackers take over a single phone—it will happen because they gain access to massive amounts of sensitive corporate data collected by the apps. Indeed, the next massive Equifax-style breach could be a mobile breach.
The problem is that mobile apps collect a large amount of valuable data, data that may not even be necessary for the app’s use, such as specifics about the user’s physical location, all the contacts, or access to their cloud storage accounts. This data may be stored on the device, offloaded for processing to the cloud, shared with third parties, and even leaked through poor encryption and developer practices.
So, while last year’s headlines focused on breaches to corporate systems via compromised user credentials or web apps, 2018 will be the year that the corporations realize what hackers already know, enterprise data is available for the taking, in massive amounts, via leaky mobile apps.
In fact, it just happened to Uber, where hackers stole the data of almost 60 million users and drivers because they found the Uber developer’s username and password to access Uber data stored in an Amazon server. Don’t be the next Equifax or Uber. Make 2018 the year you start treating mobile like the risk vector it is and properly secure your organization’s data and privacy with an MTD solution.