Mobile Threats: Is Your Mobile Device a new 'Trojan Horse' in Disguise?

Sanjay Rohatgi, Senior Vice President, Asia Pacific, Symantec

Sanjay Rohatgi, Senior Vice President, Asia Pacific, Symantec

Working in a digital era, there is really no escaping from the Bring Your Own Device (BYOD) trend as more and more organizations are building out a mobile and agile workforce. As business leaders empower their workforce to stay nimble and react quickly, it is also important to pause and check that they are not putting themselves at risk or in a vulnerable position.

Threats in the mobile space are continuing to evolve, mature and grow year-on-year. Symantec’s Internet Security Threat Report Volume 23 reported a 54 percent increase in new mobile malware variants in 2017, with an average of 23,795 malicious mobile applications blocked on mobile devices each day. For organizations, what this means is that their IT teams have to aggressively defend against more varied threats on top of the growing volume.

With consumerization of IT and BYOD blurring the lines between corporate and personal, the adoption of mobile devices in the workplace is becoming more pervasive than ever, and potentially, the new ‘trojan horse’ we are embedding in our environment. Obtaining leaked sensitive information aside, cyber criminals have also come up with innovative ways to profit and generate revenue from these mobile devices. Ransomware on mobile phones for example, locks devices or encrypts data, forcing victims and organizations to pay a ransom in return for access.

Back to basics with cyber awareness and good security hygiene

Education is the first step for all organizations looking to strengthen their cyber security posture.

By keeping abreast of security risks and trends, employees will know what they should watch out for and organizations can take proactive steps to ensure that their security response is effective.

Every organization’s needs are different whether it is protecting email and network access, cloud access control or even customer business apps. However, they all share a common goal in protecting and controlling access to sensitive business data, while continuing to give employees the flexibility required to be productive. There is no silver bullet to cyber security but mobile security technology can help predict, detect, and protect against physical, malware, network, and vulnerability exploits.

Diving deeper into mobile security, there is no avoiding user behavior as one of the major factors in securing corporate data. With employees in the front lines of information security, and often the most vulnerable to attacks, good cyber hygiene has to be nurtured in the workplace.

Encouraging employees to think proactively about their cyber security behaviors will fortify an organization’s cyber security front. This will also significantly reduce human errors – a weakness that cyber criminals are known to exploit.

Here are some cyber hygiene tips that employees can easily adopt:

• Changing your passwords: Passwords are the simplest form of protection and often the first defense against intrusion. Use strong and unique passwords for mobile, computers, other IoT devices and Wi-Fi networks. Do not use common or easily guessable passwords such as “123456” or “password”.

• Make sure you have the latest mobile OS version, and all software is up-to-date: Software updates will frequently include patches for newly discovered security vulnerabilities that could be exploited by attackers.

•Be extra careful with links from unknown sources: Malicious pop-ups and websites can be increasingly authentic-looking as cyber attackers become more sophisticated. To avoid falling for such traps, do not click on anything that you do not trust.

• Avoid granting excessive permissions: Read the permissions required before installing an app and ask yourself if they are simply there to acquire data about you. If it is impossible to determine where your data will go and what they will use it for, it might be best to avoid installing the app.

Check out: Top Web Security Solution Companies