Mobile devices are everywhere. Pew Research Center stated in 2016 that 72 percent of U.S adults reported owing a smartphone, and many of these adults now leverage their personal technology at work. For enterprises, developers and security firms, this demands an increased focus on security to meet emerging threats — but this isn’t a static environment.

As IT professionals and white hats push back, malicious actors are developing new ways to infiltrate, infect and compromise devices. Here’s a look at the current state of mobile security.

The Changing Mobile Security Landscape

The only constant in security? Change. CSO Online noted the rapid uptake of smartphones and tablets has significantly increased total attack surface: According to Scott Simkin, senior threat intelligence manager of Palo Alto Networks, “it has now been multiplied by a factor of 100 or 1,000 by the sheer number of vulnerable applications and devices that the attacker is able to leverage.”

Speaking of applications, cybercriminals are also changing their tactics to target app developers rather than end users. Why? Because the result is even better for the bad guys. If fraudsters can infect code under development and pass their malware unnoticed until apps go live, they get access to a huge pool of potential victims.

What’s more, increasingly tech-smart employees are finding new ways to evade IT controls and either jailbreak devices or side-load applications they want but which don’t pass corporate security checks. Bottom line? Changing attack surface size, threat vectors and internal actions have conspired to alter the mobile landscape.

Challenging the Status Quo

Corporate-enabled mobile devices offer significant gains, with 26 percent of companies able to link mobile initiatives with revenue increases and one quarter identifying cost savings thanks to mobile deployments. But long-term success demands recognition of new challenges that impact the design and efficacy of mobile security.

For example, organizations must identify how sensitive data is stored, transmitted and used — for example, are employees accessing corporate networks through insecure Wi-Fi connections or using devices that haven’t been properly updated? They also have to design policies that address these concerns.

Another challenge is the rise of the Internet of Things (IoT). While not all IoT devices are mobile, all mobile devices are part of the larger IoT ecosystem. If infected and placed under attacker control, even seemingly benign smartphones or tablets could become part of a botnet or used as jumping-off points for distributed denial-of-service (DDoS) attacks.

The Consumer Mindset

Perhaps the biggest shift in mobile comes from the consumer mindset. TechTarget noted one of the biggest problems companies face is the inability to recognize that they don’t own mobile — not in the same way they own server hardware, software or other network-connected devices. Mobile is first and foremost a consumer environment, and corporate users carry this mindset with them no matter how, when or why they’re accessing data.

While organizations are embracing the need for better employee education, this isn’t enough, even when combined with solid mobile device management (MDM). Despite common wisdom, the biggest threats to corporate networks come from employees, and rigorous and repeated training is required to effectively mitigate this threat.

Managing the consumer mindset also requires companies to start treating mobile devices like any other corporate asset. This means performing regular risk assessments and implementing access, identity and authentication controls to limit the change of accidental data leakage or network infection.

So what’s the state of mobile security? Constantly changing, always challenging and now informed by the consumer mindset. To stay safe companies must adopt new strategies, adapt current defenses and address internal risk.

More from

Will the 2.5M Records Breach Impact Student Loan Relief?

Over 2.5 million student loan accounts were breached in the summer of 2022, according to a recent Maine Attorney General data breach notification. The target of the breach was Nelnet Servicing, a servicing system and web portal provider for the Oklahoma Student Loan Authority (OSLA) and EdFinancial. An investigation determined that intruders accessed student loan account registration information between June and July 2022. The stolen data includes names, addresses, emails, phone numbers and social security numbers for 2,501,324 student loan…

Containers, Security, and Risks within Containerized Environments

Applications have historically been deployed and created in a manner reminiscent of classic shopping malls. First, a developer builds the mall, then creates the various stores inside. The stores conform to the dimensions of the mall and operate within its floor plan. In older approaches to application development, a developer would have a targeted system or set of systems for which they intend to create an application. This targeted system would be the mall. Then, when building the application, they would…

Inside the Second White House Ransomware Summit

Ransomware is a growing, international threat. It's also an insidious one. The state of the art in ransomware is simple but effective. Well-organized criminal gangs hiding in safe-haven countries breach an organization, find, steal and encrypt important files. Then they present victims with the double incentive that, should they refuse to pay, their encrypted files will be both deleted and made public. In addition to hundreds of major attacks around the world, two critical ransomware incidents — the Colonial Pipeline…

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers. According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately…