December 5, 2017

Mobile devices are getting bigger (again); How do you handle mobile security?

Markus Melin

Head of Tieto Security Services, Tieto

Increasing mobility is a megatrend that shows no signs of weakening. Consumers as well as employees want to stay connected wherever one may roam. But are we carrying a ticking cyber security bomb in our pocket? The answer is a resounding 'yes'.

For us road warriors, mobile phones and tablets are the most important tools. To be able to do our job well, our bosses have to give us access to business critical digital assets.

Now, if I told you that every mobile device of every single company is under attack, would you think I’m exaggerating? Unfortunately, I’m not. According to a recent study of 850 organisations around the globe, this is exactly what is happening.

Mobile devices are, in one sense, getting bigger; not physically, but because they have a potentially wide attack surface both in hardware and software. First, there's a number of radios: 2G/3G/4G mobile radios, and WLAN, Bluetooth and NFC. Second, there’s the USB port and possibly a micro-SD card. Third, there's the operating system, the browser, email client, and all the mobile apps. Not to mention your wallet included into them nowadays. Even SMS's are used in cyberattacks. No wonder, therefore, that almost every day new vulnerabilities show up.

Mobile cybersecurity is everyone’s cause. As the study shows, also users of iOS devices need to be alert. No device or operating system is immune to breaches.

However, the attacking methods seem to be somewhat different from those used against desktop systems. According to the study, attackers are not primarily trying to inject malware on their targets. Instead, they try to get access to transmitted data – even directly by grabbing the traffic over the air.

It is pivotal to understand that mobile attacks are made for profit, not for fun. There is usually a clear intention to get access to the company’s data. And you don't want to lose your company's most important assets by skimping on mobile security.

Raise awareness and increase visibility

Moving forward, we need to make sure that we do the following things.

We need to educate every employee to first think about security when connecting to a foreign WLAN or Bluetooth device. We are getting the upper hand with phishing emails: the same must happen in mobile security, too.

For cyber security, visibility is crucial. This applies both to company-controlled and BYOD mobile devices. All mobile hardware must be included in comprehensive end device management solutions alongside laptops and desktops. The organization must know what devices are connected to its networks and assets – all the time identifying each connected device and even the applications that access the data.

Remember, visibility is not only a technical issue. It's even more a matter of cooperation and transparency – and awareness from C-level to the IT managers.

Do you want to know more about visible cyber security? Check out Tieto Security's white paper

Stay up-to-date

Get all the latest blogs sent you now!