March 13, 2017 By Douglas Bonderud 2 min read

Mobile devices are everywhere. Pew Research Center stated in 2016 that 72 percent of U.S adults reported owing a smartphone, and many of these adults now leverage their personal technology at work. For enterprises, developers and security firms, this demands an increased focus on security to meet emerging threats — but this isn’t a static environment.

As IT professionals and white hats push back, malicious actors are developing new ways to infiltrate, infect and compromise devices. Here’s a look at the current state of mobile security.

The Changing Mobile Security Landscape

The only constant in security? Change. CSO Online noted the rapid uptake of smartphones and tablets has significantly increased total attack surface: According to Scott Simkin, senior threat intelligence manager of Palo Alto Networks, “it has now been multiplied by a factor of 100 or 1,000 by the sheer number of vulnerable applications and devices that the attacker is able to leverage.”

Speaking of applications, cybercriminals are also changing their tactics to target app developers rather than end users. Why? Because the result is even better for the bad guys. If fraudsters can infect code under development and pass their malware unnoticed until apps go live, they get access to a huge pool of potential victims.

What’s more, increasingly tech-smart employees are finding new ways to evade IT controls and either jailbreak devices or side-load applications they want but which don’t pass corporate security checks. Bottom line? Changing attack surface size, threat vectors and internal actions have conspired to alter the mobile landscape.

Challenging the Status Quo

Corporate-enabled mobile devices offer significant gains, with 26 percent of companies able to link mobile initiatives with revenue increases and one quarter identifying cost savings thanks to mobile deployments. But long-term success demands recognition of new challenges that impact the design and efficacy of mobile security.

For example, organizations must identify how sensitive data is stored, transmitted and used — for example, are employees accessing corporate networks through insecure Wi-Fi connections or using devices that haven’t been properly updated? They also have to design policies that address these concerns.

Another challenge is the rise of the Internet of Things (IoT). While not all IoT devices are mobile, all mobile devices are part of the larger IoT ecosystem. If infected and placed under attacker control, even seemingly benign smartphones or tablets could become part of a botnet or used as jumping-off points for distributed denial-of-service (DDoS) attacks.

The Consumer Mindset

Perhaps the biggest shift in mobile comes from the consumer mindset. TechTarget noted one of the biggest problems companies face is the inability to recognize that they don’t own mobile — not in the same way they own server hardware, software or other network-connected devices. Mobile is first and foremost a consumer environment, and corporate users carry this mindset with them no matter how, when or why they’re accessing data.

While organizations are embracing the need for better employee education, this isn’t enough, even when combined with solid mobile device management (MDM). Despite common wisdom, the biggest threats to corporate networks come from employees, and rigorous and repeated training is required to effectively mitigate this threat.

Managing the consumer mindset also requires companies to start treating mobile devices like any other corporate asset. This means performing regular risk assessments and implementing access, identity and authentication controls to limit the change of accidental data leakage or network infection.

So what’s the state of mobile security? Constantly changing, always challenging and now informed by the consumer mindset. To stay safe companies must adopt new strategies, adapt current defenses and address internal risk.

More from

Apple Intelligence raises stakes in privacy and security

3 min read - Apple’s latest innovation, Apple Intelligence, is redefining what’s possible in consumer technology. Integrated into iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, this milestone puts advanced artificial intelligence (AI) tools directly in the hands of millions. Beyond being a breakthrough for personal convenience, it represents an enormous economic opportunity. But the bold step into accessible AI comes with critical questions about security, privacy and the risks of real-time decision-making in users’ most private digital spaces.AI in every pocketHaving sophisticated AI…

Government cybersecurity in 2025: Former Principal Deputy National Cyber Director weighs in

4 min read - As 2024 comes to an end, it’s time to look ahead to the state of public cybersecurity in 2025.The good news is this: Cybersecurity will be an ongoing concern for the government regardless of the party in power, as many current cybersecurity initiatives are bipartisan. But what will government cybersecurity look like in 2025?Will the country be better off than they are today? What are the positive signs that could signal a good year for national cybersecurity? And what threats should…

FYSA – Adobe Cold Fusion Path Traversal Vulnerability

2 min read - Summary Adobe has released a security bulletin (APSB24-107) addressing an arbitrary file system read vulnerability in ColdFusion, a web application server. The vulnerability, identified as CVE-2024-53961, can be exploited to read arbitrary files on the system, potentially leading to unauthorized access and data exposure. Threat Topography Threat Type: Arbitrary File System Read Industries Impacted: Technology, Software, and Web Development Geolocation: Global Environment Impact: Web servers running ColdFusion 2021 and 2023 are vulnerable Overview X-Force Incident Command is monitoring the disclosure…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today