Minimizing Threats and Vulnerabilities on Mobile Platforms

Mobile devices have enabled improved benefits of computing which have likely resulted in increased efficiencies for the organization and users. However, with the potential benefits come increased challenges in maintaining a stable and secured environment at work. Mobile devices are one of the most vulnerable vectors in an organization. As its ubiquity continues to expand, organizations continue to be challenged in developing suitable security controls to minimize vulnerabilities. These challenges are generally inherent in the device and use patterns. This dilemma has therefore placed increased challenges on the information security team to defend against mobile threats, maintain security standards and minimize risks.

A 2017 McAfee Threat Report stated that over 16 million malicious mobile applications were reported in the first quarter of 2017 alone . With the same projected growth pattern this means over 60 million threats for all of 2017. Further, the widespread proliferation of mobile platforms has contributed to the exorbitant cost of data breach. This view is supported by the recent Cost of Data Breach Study, which attributes the extensive use of mobile platforms of increasing the cost per compromised record by $9 per compromised record. Given these type of information, it is hardly surprising that many industry experts forecast that mobile threats will rise in 2018.

Security analysts have identified several types of mobile threats and vulnerabilities, which can be classified into three categories: user behavior, device-related and external threats:

• User behavior refers to incidents such as user errors, stolen or lost devices, and remains one of the top challenges in security management. The likelihood of an organization mobile devices being lost or stolen is increased when an employee takes home those devices for example. Similar risk occurs when employees fall victims to phishing attacks.
• Device related vulnerabilities relate to those that are inherent in the mobile device as a result of its hardware configuration or software applications. According to McAfee, mobile applications tend to overuse mobile device telemetry and are more likely to deploy malware onto your device. As a result, the risk of data or information leakage can even be higher in mobile devices.
• External threats relate to the diverse attack methods utilized by threat actors. Few of the common mobile threats include mobile ransomware, financial malware, spyware and remote access tools.

Given the level of vulnerabilities inherent in these devices, defense strategies to help minimize the mobile threats and their impact on the organization must be employed by the security team. Some of these strategies include:

• developing and refining mobile security policies and procedures to ensure safe practices are adopted by members of the organization;
• conducting risk and vulnerability assessments to assist in identifying areas of high risk;
• conducting mobile security awareness and training to help minimize user vulnerabilities;
• implementing wireless intrusion detection systems; and
• implementing comprehensive endpoint solutions.

Mobile devices can hold and have access to a significant portion of the organizational data. Despite this high level of access, these mobile devices are generally managed with minimal security controls and poor physical security practices. As a result, mobile devices continue to be attractive targets for cybercriminals. Organizations therefore need to adopt responsive and adaptive strategies to help in the fight against cybercrime.

Wilson Consulting Group provides a comprehensive set of responsive and adaptive security solutions that help organizations in managing their mobile assets and minimizing their risks and vulnerabilities.

Our experienced and qualified team stands ready to assist your organization by:

• Conducting vulnerability assessment and penetration testing;
• Cybersecurity training and development, which is geared towards the specific needs of your organization;
• Developing cybersecurity policies and procedures that include safe mobile practices for mobile devices that are part of the organization network; and
• Recommending viable endpoint security systems solutions.