How mobile threats impact today’s BYOD landscape

Bring-your-own-device (BYOD) has been a revolutionary concept for years now, even before it was recognized by enterprise policy. However, now that business executives and IT leaders have realized the benefits this type of strategy for their organizations, BYOD is becoming an increasingly powerful way to support efficient access and productivity.

At the same time, however, a worker who uses his or her device to connect with sensitive, enterprise applications and data could very easily put the business at risk. Without the right secure workflow processes and associated security protections, a single employee’s smartphone could be all that hackers need to breach the entire organization.

In the current environment, though, there’s no turning back when it comes to BYOD. Prohibiting use of personal devices in the interest of data security can quickly lead to shadow IT, which can expose the organization, its systems and assets to an even wider array of threats.

For these reasons, it’s imperative that executives, IT leaders and individual staff members alike are aware of the risks that BYOD can pose, and are trained on the best ways to leverage this strategy with secure operations.

The state of BYOD: Too widespread to repeal

The very nature of mobile device use within today’s society would make it nearly impossible to prevent their use within the business world. Even mobile devices provided by enterprises can lead to security risks. This approach is also typically cost-prohibitive and a main reason why many businesses have embraced BYOD.

  • Pew Research found that 95 percent of all Americans own a mobile phone, 77 percent of which are smartphones.
  • Mobile devices now represent the primary way users access the internet, even surpassing desktop access, Dynamic Signal reported.
  • Sixty percent of all employees use apps to complete work pursuits, and 90 percent of these users note that this activity has created a change in their professional behavior, according to Dynamics Signal.
  • Seventy-one percent of employees spend two hours a week or more accessing enterprise information and assets via their mobile device, Dynamics Signal noted.

Despite attempts at rules to the contrary, even when businesses don’t provide adequate resources for employees to leverage their mobile devices in meaningful ways, workers will seek out apps and other tools on their own. This can create dangerous shadow IT processes that heighten the enterprise’s risk of attack, infection and data breach.

The most optimal way forward in the current enterprise landscape is for leaders to fully accept and support BYOD within the business, and provide the necessary platforms, solutions, awareness and training to enable this strategy.

Trend Micro blocked millions of mobile threats from affecting businesses and consumers alike in 2017.

The current mobile threat landscape

First and foremost, it’s imperative that business and IT leaders understand what they’re up against when it comes to the current mobile threat environment. Awareness and identification of current threats will help decision-makers and IT teams craft protection deployments and usage policies that can thwart these issues specifically and better protect the organization’s systems and assets.

According to Trend Micro’s recent research included in its 2017 Mobile Threat Landscape report, there are a few specific threats – including historically dangerous issues yet to be addressed by many enterprises, and emerging strategies growing in usage with cyber hackers – that business and IT leaders should be aware of.

Mobile ransomware

By now, most companies and users are aware of ransomware – robust attacks that involve encryption to lock users out of their operating systems, applications and data. These instances also include a ransom request which notes that users will be provided the decryption key and returned access to their data and systems upon payment. In many instances, organizations have paid attackers only to be met with a second ransom request or without ever being re-granted access to their system.

When it first emerged, ransomware traditionally impacted desktops and spread throughout the network from there. Now, however, attackers have made the jump to mobile devices. In 2017 alone, mobile ransomware increased a whopping 415 percent compared to the previous year. Overall Trend Micro researchers identified more than 468,000 unique mobile ransomware samples last year.

Security vulnerabilities and exploits

Hackers are also leveraging identified security weaknesses in order to breach devices and provide a springboard for larger attacks.

“While operating systems are designed with security mechanisms in place, no platform is impervious – and mobile devices are no different,” Trend Micro researchers explained in the 2017 Mobile Threat Landscape report. “Added mobile device features expose them to bigger security gaps with potentially greater impact.”

Last year also saw an increase in the number of these vulnerabilities and exploits, including the likes of BlueBorne, Key Reinstallation Attack (KRACK), Toast Overlay and Janus. BlueBorne alone – a combination of security flaws affecting Bluetooth systems – impacted 5.3 billion devices.

Targeted attacks

Cyber attackers are also in the business of pinpointing and infecting or attacking a certain mobile device or group of devices specifically in order to further the goal of the hacking campaign they are a part of. For instance, Trend Micro’s report noted that these activities can center around politicians or other government officials, members of the military, journalists, celebrities and other high-profile individuals. This can also include targeting the mobile devices of company leaders, which can then provide an opening for attacking the business itself.

“These campaigns focus on stealing messages, contact lists, photos, audio and video files, as well as spying on calls, camera, and their target’s social media,” Trend Micro’s report stated.

Attacks of this nature increased considerably last year, particularly due to political tensions. Any type of targeted attack – including specifically those carried out through mobile platforms – pose a considerable danger to today’s enterprises.

Security in the age of BYOD

While there is surely no turning back the page on BYOD, there are certain steps and strategies enterprises can use to bolster security surrounding the use of mobile devices for corporate purposes:

  • Embrace it with a robust BYOD policy: Organizational and IT leaders should craft a strong BYOD policy that explains users’ responsibilities, the protections that must be in place and the standards they must observe in order to ensure security. Companies that are more visible and supportive when it comes to BYOD can better reduce the chances of shadow IT, which can cause more threats and damage.
  • Understand the threat environment: As Trend Micro’s report shows, hackers are taking advantage of identified and unpatched security vulnerabilities within mobile devices to support their attacks. When business and IT leaders are aware of these potential weaknesses, they can work to specifically guard against their malicious use within their own infrastructures.
  • Leverage strong security solutions: This includes both at the network- and device-level.

Trend Micro successfully blocked more than 58 million mobile threats in 2017 alone. Connect with us today to find out how we can help you safeguard your business’s BYOD activity.

Read More HERE