March 13, 2017 By Douglas Bonderud 2 min read

Mobile devices are everywhere. Pew Research Center stated in 2016 that 72 percent of U.S adults reported owing a smartphone, and many of these adults now leverage their personal technology at work. For enterprises, developers and security firms, this demands an increased focus on security to meet emerging threats — but this isn’t a static environment.

As IT professionals and white hats push back, malicious actors are developing new ways to infiltrate, infect and compromise devices. Here’s a look at the current state of mobile security.

The Changing Mobile Security Landscape

The only constant in security? Change. CSO Online noted the rapid uptake of smartphones and tablets has significantly increased total attack surface: According to Scott Simkin, senior threat intelligence manager of Palo Alto Networks, “it has now been multiplied by a factor of 100 or 1,000 by the sheer number of vulnerable applications and devices that the attacker is able to leverage.”

Speaking of applications, cybercriminals are also changing their tactics to target app developers rather than end users. Why? Because the result is even better for the bad guys. If fraudsters can infect code under development and pass their malware unnoticed until apps go live, they get access to a huge pool of potential victims.

What’s more, increasingly tech-smart employees are finding new ways to evade IT controls and either jailbreak devices or side-load applications they want but which don’t pass corporate security checks. Bottom line? Changing attack surface size, threat vectors and internal actions have conspired to alter the mobile landscape.

Challenging the Status Quo

Corporate-enabled mobile devices offer significant gains, with 26 percent of companies able to link mobile initiatives with revenue increases and one quarter identifying cost savings thanks to mobile deployments. But long-term success demands recognition of new challenges that impact the design and efficacy of mobile security.

For example, organizations must identify how sensitive data is stored, transmitted and used — for example, are employees accessing corporate networks through insecure Wi-Fi connections or using devices that haven’t been properly updated? They also have to design policies that address these concerns.

Another challenge is the rise of the Internet of Things (IoT). While not all IoT devices are mobile, all mobile devices are part of the larger IoT ecosystem. If infected and placed under attacker control, even seemingly benign smartphones or tablets could become part of a botnet or used as jumping-off points for distributed denial-of-service (DDoS) attacks.

The Consumer Mindset

Perhaps the biggest shift in mobile comes from the consumer mindset. TechTarget noted one of the biggest problems companies face is the inability to recognize that they don’t own mobile — not in the same way they own server hardware, software or other network-connected devices. Mobile is first and foremost a consumer environment, and corporate users carry this mindset with them no matter how, when or why they’re accessing data.

While organizations are embracing the need for better employee education, this isn’t enough, even when combined with solid mobile device management (MDM). Despite common wisdom, the biggest threats to corporate networks come from employees, and rigorous and repeated training is required to effectively mitigate this threat.

Managing the consumer mindset also requires companies to start treating mobile devices like any other corporate asset. This means performing regular risk assessments and implementing access, identity and authentication controls to limit the change of accidental data leakage or network infection.

So what’s the state of mobile security? Constantly changing, always challenging and now informed by the consumer mindset. To stay safe companies must adopt new strategies, adapt current defenses and address internal risk.

More from

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

ICS CERT predictions for 2024: What you need to know

4 min read - As we work through the first quarter of 2024, various sectors are continuously adapting to increasingly complex cybersecurity threats. Sectors like healthcare, finance, energy and transportation are all regularly widening their digital infrastructure, resulting in larger attack surfaces and greater risk exposure.Kaspersky just released their ICS CERT Predictions for this year, outlining the key cybersecurity challenges industrial enterprises will face in the year ahead. The forecasts emphasize the persistent nature of ransomware threats, the increasing prevalence of cosmopolitical hacktivism, insights…

Can memory-safe programming languages kill 70% of security bugs?

3 min read - The Office of the National Cyber Director (ONCD) recently released a new report, “Back to the Building Blocks: A Path Toward Secure and Measurable Software." The report is one of the first major announcements from new ONCD director Harry Coker and makes a strong case for adopting memory-safe programming languages. This new focus stems from the goal of rebalancing the responsibility of cybersecurity and realigning incentives in favor of long-term cybersecurity investments. Memory-safe programming languages were also included as a…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today