Mobile Malware: An introduction

We discuss security all the time, but what businesses may not be aware of, is the rise in mobile malware and the vulnerability mobile devices expose a business to. In Q4 of 2015, McAfee reports that there was a 72% increase in mobile malware reports. They attribute this to Google announcing that they would release monthly updates to their Android mobile operating system. This forces mobile malware authors to develop new malware more rapidly in response to the increased security features each month. Android systems are not the only ones susceptible to attacks. The rise of iOS attacks is similarly on the rise.

The biggest threat to mobile security is losing enterprise data or unauthorized access to company and client data. Especially since the greatest mobile malware is ransomware, where hackers can obtain unlimited rights to the device, not just on computers but mobile devices as well. Second to ransomware, mobile banking trojans are common on mobile devices to steal money from user’s bank accounts. If your employee’s access company data from their mobile devices and they happen to get infected with ransomware or trojans, your company data is therefore at risk.

Mobile devices have become the dominant form of device in the workplace, followed by laptops and tablets. Email, contact management, and calendar are the most widely used applications on mobile devices, followed by document sharing and file access: all leaving your company’s data vulnerable.

Mobile devices are even more at risk if the user has attempted to “jailbreak” their device to download free or unofficial apps. Malicious apps are even finding their way into official stores, like the Google Play Store or Apple’s App Store. If a user does not keep their device up to date on all software and hardware updates, they leave their device open for attacks.

When it comes to mobile security, it is not just you and your employees that you need to be aware of. A large percentage of companies use contract employees. You must be aware of the mobile devices they are using as well as they are also connecting to your network. Where employees used to connect physically to the network, now everyone is connected to the network wirelessly. Anyone that connects to your network in one way or another is leaving your company’s data in a vulnerable state for attacks.

We are just scratching the surface of mobile device usage and the threats that come hand-in-hand. Next week, we will talk about how your company can take the necessary steps to protect your data, and finally, we will discuss BYOD policies and best practices.