It’s been a long time since mobile phones were just phones. With more processing power than some desktops and laptops, today’s smartphones have become the computing platform of choice for many users. According to one survey, more than 90 percent of corporate employees use a smartphone for work every day.
Given the growing business value of these devices, it is unsurprising that they have become prime targets for all manner of cyberattacks.
According to Verizon’s 2022 Mobile Security Index, there’s been a double-digit increase in attacks targeting mobile devices over the past year. The survey found that 45 percent of organizations experienced a security incident involving a mobile device that led to downtime, data loss or another negative outcome — a 22 percent increase from 2021.
Mobile security has been a hot-button issue for IT teams since the pandemic forced many of us into remote-work situations and increased dependence on mobile devices. Security analysts say hackers have stepped up their use of mobile malware, Trojans and phishing messages to target mobile devices over the past two years. Proofpoint researchers say they identified a 500 percent increase in mobile malware attacks during the first few months of 2022.
Poor user security practices are a contributing factor. According to Verizon, two-thirds of mobile users have no security functionality of any kind on their devices. Particularly worrisome is the fact that nearly half say they regularly use these unsecured devices to access corporate data.
Consistent employee education can help reduce risk. Employees should be regularly reminded to use strong passwords, keep their devices updated, only download apps from trusted stores and use screen-locking features.
Given the heightened risk, however, organizations can no longer depend entirely on individual users to secure their devices. Instead, organizations should consider a variety of mobile security tools that can help protect company assets accessed on personal devices.
Key mobile security solutions include:
- Mobile device management. MDM enables centralized management of smartphones, tablets and other mobile devices across the organization. Administrators can monitor any device that connects to the network in the context of the user’s role and location, the security posture of the device, and the network resources being accessed. Additionally, IT staff can use MDM to deliver application updates and security patches, as well as ensure that devices comply with security protocols.
- Mobile identity management. With MIM, administrators can verify a mobile user’s identity and then implement policies regarding data and application access. They can block users from accessing corporate data from devices and apps that don't comply with security policies. They can also restrict access from specific locations or networks.
- Mobile application management. MAM software allows IT to apply and enforce policies that control which applications can be installed on user devices. MAM solutions also provide application-level encryption and security policies independent of device security.
- Enterprise mobility management. EMM combines a variety of mobile management tools, including MDM, MAM and MIM. Additionally, EMM solutions implement encryption, authentication and other security measures for the mobile ecosystem. EMM tools can also interface with a number of third-party threat intelligence feeds to gain information about emerging and ongoing threats.
We have come to depend on mobile phones for a wide range of personal and professional purposes, but these devices also create significant security challenges. With mobile malware growing at an alarming rate, organizations should be prepared to implement a variety of defenses to protect their sensitive data. Call us to learn more.