Technology

What are mobile device security and cybersecurity?

Mobile device security refers to the absence of dangers or risks associated with the loss of assets and data using laptops and communication hardware

Why is the cybersecurity of mobile devices important?

The future of computers and communications lies in Mobile Device Security, such as laptops, tablets, and smartphones with desktop computer capabilities. The size, operating systems, applications, and processing power of such devices make them ideal for use from anywhere with an internet connection. And with the spread of ruggedized devices, IoT (Internet of Things), and operating systems, such as Chrome OS, macOS, and Windows 10, every piece of hardware enhanced with this software and functionality transforms into a mobile computing device.

As mobile devices have become cheaper and easier to transport, organizations and users have preferred to buy and use them at the expense of desktop computers. And with wireless Internet access always available, all kinds of mobile devices are becoming more vulnerable to attacks and data breaches.

Protection from Cybersecurity Threats

Mobile authentication and authorization are convenient but increase risk by removing the constraints of a secure business perimeter. For example, the functionality of a smartphone is enhanced by multi-touch screens, gyroscopes, accelerometers, GPS, microphones, cameras with many megapixels, and ports that allow the connection of multiple devices. These new features change the way users are authenticated and how authorization is provided locally to the device, applications, and services on a network. As a result, the new features also increase the number of endpoints that need to be protected from cybersecurity threats.

Currently, cybercriminals can hack cars, security cameras, baby monitoring cameras, and implanted medical devices. And by 2025, more than 75 billion “devices” could be connected to the Internet, including cameras, thermostats, locks, smart TVs, health monitors, lighting systems, and many other devices.

Mobile Device Security Policy

While it is undoubtedly essential to establish and enforce an enterprise-wide security policy, one policy alone is not enough to counter the number and multiplicity of today’s threats to mobile devices. In 2019, Verizon conducted a study (PDF, 77 KB, link external to ibm.com) with leading mobile device security companies, including IBM, Lookout, and Wander, collecting interviews from 670 security professionals. The study revealed that 1 in 3 respondents reported a compromise of a mobile device. 47% said the repair was “difficult and expensive” and 64% said they experienced periods of inactivity.

And companies that adopt BYOD (Bring Your Own Device) policies are exposed to greater security risks. These policies allow potentially unprotected devices to access sensitive corporate servers and databases, exposing them to attack. Cybercriminals and scammers can exploit these vulnerabilities and cause harm to users and organizations. These bad guys are looking for trade secrets, inside information, and unauthorized access to a secure network to locate any information that could generate a profit.

Phishing

Phishing, the number one threat to mobile device security, is a scam attempt to steal user credentials or sensitive data, such as credit card numbers. Scammers send users emails or SMS messages (commonly known as text messages) that appear to come from a legitimate source using fake hyperlinks.

Malware and Ransomware

Mobile malware is hidden software, such as spyware or a malicious app, created to harm, block, or gain illegitimate access to a client, computer, server, or computer network. Ransomware, a type of malware, threatens to destroy or retain a victim’s data or files unless a ransom is paid to decrypt the files and restore access.

Crypt Jacking

Crypt jacking, a type of malware, harnesses the computing power of an organization’s or user’s computer without its knowledge to mine cryptocurrencies such as Bitcoin or Ethereum, stealing processing capabilities and effectiveness from a device.

Unsecured Wi-Fi

Unsecured Wi-Fi hotspots without a virtual private network (VPN) make mobile devices more vulnerable to cyber-attacks. Additionally, cybercriminals can trick users into connecting to unauthorized hotspots, facilitating the extraction of business or personal data.

Outdated Operating Systems

Generally, outdated operating systems include vulnerabilities that have been exploited by cybercriminals, and devices with such operating systems remain vulnerable to attack. Often, updates provided by the manufacturer include important security patches to address vulnerabilities that can be actively exploited.

A large number of App Permissions

Mobile apps have the power to compromise data privacy through a large number of app permissions. Permissions determine the functionality of an app and access to a user’s device, such as the microphone and camera. Some apps are riskier than others. Some can be compromised and sensitive data can be passed on to unreliable third parties.

How to Secure Mobile Devices

The main security requirements remain the same for both mobile devices as well as desktop computers. In principle, the requirements preserve and protect confidentiality, integrity, identity, and non-repudiation.

However, nowadays mobile device security trends create new challenges and opportunities that require a redefinition of security for personal computing devices. For example, capabilities and expectations vary based on the size and form factor of the device, advances in security technologies, rapidly evolving threat strategies, and interaction with the device, such as touch, audio, and video.

Security teams and IT organizations need to reconsider how they meet security requirements in light of device capabilities, the mobile threat landscape, and changing user expectations. In other words, these professionals need to protect multiple vulnerabilities within the fast-growing and dynamic mobile device environment. A secure mobile environment provides security in six main areas: Enterprise Mobility Management (EMM), email security, endpoint protection, VPN, secure gateways, and cloud access brokers.

Business Mobility Management

EMM is a set of technologies and tools used to maintain and manage the way mobile and handheld devices are used within an organization to carry out repetitive business operations.

Email Security

To protect data from email-based cyber threats, such as malware, identity theft, and phishing scams, organizations need to proactively monitor email traffic. Adequate e-mail protection includes antivirus, antispam, image, and content checking services.

Endpoint Protection

With technologies like mobile, IoT, and the cloud, organizations connect new and different endpoints to their business environment. Termination security comprises antivirus defense, data loss deterrence, termination encoding, and termination security organization.

VPN

A Virtual Private Network (VPN) allows a company to securely extend its private intranet over an existing framework of a public network, such as the Internet. With a VPN, a company can control network traffic by providing essential security features such as authentication and data privacy.