Bring-your-own-device (BYOD) has been a revolutionary concept for years now, even before it was recognized by enterprise policy. However, now that business executives and IT leaders have realized the benefits this type of strategy for their organizations, BYOD is becoming an increasingly powerful way to support efficient access and productivity.
At the same time, however, a worker who uses his or her device to connect with sensitive, enterprise applications and data could very easily put the business at risk. Without the right secure workflow processes and associated security protections, a single employee’s smartphone could be all that hackers need to breach the entire organization.
In the current environment, though, there’s no turning back when it comes to BYOD. Prohibiting use of personal devices in the interest of data security can quickly lead to shadow IT, which can expose the organization, its systems and assets to an even wider array of threats.
For these reasons, it’s imperative that executives, IT leaders and individual staff members alike are aware of the risks that BYOD can pose, and are trained on the best ways to leverage this strategy with secure operations.
The state of BYOD: Too widespread to repeal
The very nature of mobile device use within today’s society would make it nearly impossible to prevent their use within the business world. Even mobile devices provided by enterprises can lead to security risks. This approach is also typically cost-prohibitive and a main reason why many businesses have embraced BYOD.
Despite attempts at rules to the contrary, even when businesses don’t provide adequate resources for employees to leverage their mobile devices in meaningful ways, workers will seek out apps and other tools on their own. This can create dangerous shadow IT processes that heighten the enterprise’s risk of attack, infection and data breach.
The most optimal way forward in the current enterprise landscape is for leaders to fully accept and support BYOD within the business, and provide the necessary platforms, solutions, awareness and training to enable this strategy.
Trend Micro blocked millions of mobile threats from affecting businesses and consumers alike in 2017.
The current mobile threat landscape
First and foremost, it’s imperative that business and IT leaders understand what they’re up against when it comes to the current mobile threat environment. Awareness and identification of current threats will help decision-makers and IT teams craft protection deployments and usage policies that can thwart these issues specifically and better protect the organization’s systems and assets.
According to Trend Micro’s recent research included in its 2017 Mobile Threat Landscape report, there are a few specific threats – including historically dangerous issues yet to be addressed by many enterprises, and emerging strategies growing in usage with cyber hackers – that business and IT leaders should be aware of.
By now, most companies and users are aware of ransomware – robust attacks that involve encryption to lock users out of their operating systems, applications and data. These instances also include a ransom request which notes that users will be provided the decryption key and returned access to their data and systems upon payment. In many instances, organizations have paid attackers only to be met with a second ransom request or without ever being re-granted access to their system.
When it first emerged, ransomware traditionally impacted desktops and spread throughout the network from there. Now, however, attackers have made the jump to mobile devices. In 2017 alone, mobile ransomware increased a whopping 415 percent compared to the previous year. Overall Trend Micro researchers identified more than 468,000 unique mobile ransomware samples last year.
Security vulnerabilities and exploits
Hackers are also leveraging identified security weaknesses in order to breach devices and provide a springboard for larger attacks.
“While operating systems are designed with security mechanisms in place, no platform is impervious – and mobile devices are no different,” Trend Micro researchers explained in the 2017 Mobile Threat Landscape report. “Added mobile device features expose them to bigger security gaps with potentially greater impact.”
Last year also saw an increase in the number of these vulnerabilities and exploits, including the likes of BlueBorne, Key Reinstallation Attack (KRACK), Toast Overlay and Janus. BlueBorne alone – a combination of security flaws affecting Bluetooth systems – impacted 5.3 billion devices.
Cyber attackers are also in the business of pinpointing and infecting or attacking a certain mobile device or group of devices specifically in order to further the goal of the hacking campaign they are a part of. For instance, Trend Micro’s report noted that these activities can center around politicians or other government officials, members of the military, journalists, celebrities and other high-profile individuals. This can also include targeting the mobile devices of company leaders, which can then provide an opening for attacking the business itself.
“These campaigns focus on stealing messages, contact lists, photos, audio and video files, as well as spying on calls, camera, and their target’s social media,” Trend Micro’s report stated.
Attacks of this nature increased considerably last year, particularly due to political tensions. Any type of targeted attack – including specifically those carried out through mobile platforms – pose a considerable danger to today’s enterprises.
Security in the age of BYOD
While there is surely no turning back the page on BYOD, there are certain steps and strategies enterprises can use to bolster security surrounding the use of mobile devices for corporate purposes:
Trend Micro successfully blocked more than 58 million mobile threats in 2017 alone. Connect with us today to find out how we can help you safeguard your business’s BYOD activity.
Read More HERE