March 13, 2017 By Douglas Bonderud 2 min read

Mobile devices are everywhere. Pew Research Center stated in 2016 that 72 percent of U.S adults reported owing a smartphone, and many of these adults now leverage their personal technology at work. For enterprises, developers and security firms, this demands an increased focus on security to meet emerging threats — but this isn’t a static environment.

As IT professionals and white hats push back, malicious actors are developing new ways to infiltrate, infect and compromise devices. Here’s a look at the current state of mobile security.

The Changing Mobile Security Landscape

The only constant in security? Change. CSO Online noted the rapid uptake of smartphones and tablets has significantly increased total attack surface: According to Scott Simkin, senior threat intelligence manager of Palo Alto Networks, “it has now been multiplied by a factor of 100 or 1,000 by the sheer number of vulnerable applications and devices that the attacker is able to leverage.”

Speaking of applications, cybercriminals are also changing their tactics to target app developers rather than end users. Why? Because the result is even better for the bad guys. If fraudsters can infect code under development and pass their malware unnoticed until apps go live, they get access to a huge pool of potential victims.

What’s more, increasingly tech-smart employees are finding new ways to evade IT controls and either jailbreak devices or side-load applications they want but which don’t pass corporate security checks. Bottom line? Changing attack surface size, threat vectors and internal actions have conspired to alter the mobile landscape.

Challenging the Status Quo

Corporate-enabled mobile devices offer significant gains, with 26 percent of companies able to link mobile initiatives with revenue increases and one quarter identifying cost savings thanks to mobile deployments. But long-term success demands recognition of new challenges that impact the design and efficacy of mobile security.

For example, organizations must identify how sensitive data is stored, transmitted and used — for example, are employees accessing corporate networks through insecure Wi-Fi connections or using devices that haven’t been properly updated? They also have to design policies that address these concerns.

Another challenge is the rise of the Internet of Things (IoT). While not all IoT devices are mobile, all mobile devices are part of the larger IoT ecosystem. If infected and placed under attacker control, even seemingly benign smartphones or tablets could become part of a botnet or used as jumping-off points for distributed denial-of-service (DDoS) attacks.

The Consumer Mindset

Perhaps the biggest shift in mobile comes from the consumer mindset. TechTarget noted one of the biggest problems companies face is the inability to recognize that they don’t own mobile — not in the same way they own server hardware, software or other network-connected devices. Mobile is first and foremost a consumer environment, and corporate users carry this mindset with them no matter how, when or why they’re accessing data.

While organizations are embracing the need for better employee education, this isn’t enough, even when combined with solid mobile device management (MDM). Despite common wisdom, the biggest threats to corporate networks come from employees, and rigorous and repeated training is required to effectively mitigate this threat.

Managing the consumer mindset also requires companies to start treating mobile devices like any other corporate asset. This means performing regular risk assessments and implementing access, identity and authentication controls to limit the change of accidental data leakage or network infection.

So what’s the state of mobile security? Constantly changing, always challenging and now informed by the consumer mindset. To stay safe companies must adopt new strategies, adapt current defenses and address internal risk.

More from

Cyberattack on American Water: A warning to critical infrastructure

3 min read - American Water, the largest publicly traded United States water and wastewater utility, recently experienced a cybersecurity incident that forced the company to disconnect key systems, including its customer billing platform. As the company’s investigation continues, there are growing concerns about the vulnerabilities that persist in the water sector, which has increasingly become a target for cyberattacks. The breach is a stark reminder of the critical infrastructure risks that have long plagued the industry. While the water utility has confirmed that…

What’s behind unchecked CVE proliferation, and what to do about it

4 min read - The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations' cyber defenses. According to SecurityScorecard, there were 29,000 vulnerabilities recorded in 2023, and by mid-2024, nearly 27,500 had already been identified.Meanwhile, Coalition's 2024 Cyber Threat Index forecasts that the total number of CVEs for 2024 will hit 34,888—a 25% increase compared to the previous year. This upward trend presents a significant challenge for organizations trying to manage vulnerabilities and mitigate potential exploits.What’s behind…

Quishing: A growing threat hiding in plain sight

4 min read - Our mobile devices go everywhere we go, and we can use them for almost anything. For businesses, the accessibility of mobile devices has also made it easier to create more interactive ways to introduce new products and services while improving user experiences across different industries. Quick-response (QR) codes are a good example of this in action and help mobile devices quickly navigate to web pages or install new software by simply scanning an image.However, legitimate organizations aren’t the only ones…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today