The Top 7 Threats to Mobile Device Cybersecurity

It has been a few years since global enterprise reached the point where more business work was done on mobile devices than on desktop computers. Microsoft estimates that mobile devices account for nearly 80% of the overall enterprise workload.

This means that, by a very wide margin, most of the work is being performed on the most vulnerable devices. Nothing scary there, right? As of 2022, mobile malware attacks have impacted 36.5% of all organizations.

Cyber crime is a war that never ends. Let’s say that you are heading into a war zone, and you’re given a choice of two vehicles to drive: A fully armored Humvee or a fully open dune buggy. Which would you choose? In this scenario, mobile devices are the dune buggy.

What is the answer? Should you attempt to go back to the era when all work was performed on office computers? No – that toothpaste is already out of the tube. In every area of our lives, we negotiate through risk management. You can be killed in a second on any one of our freeways, yet they are always packed – it’s a manageable risk.

How do you mitigate mobile security threats?

First, identify them.

The 7 most prevalent mobile Cybersecurity threats and how to mitigate them:

1) Data Leakage

This is the siphoning off of your information – both personal and corporate, and can happen anywhere you go, either online (Google Chrome is infamous for this) or through the use of malicious apps.

The way to avoid leakage is to change your browser settings to the highest security – do not allow any data to be saved. Also, only download apps from official app stores, and ONLY grant the permissions that are necessary to run the app – for example, Lyft or Uber DO NOT need access to your microphone.

2) Network Spoofing

This is where hackers put up fake (spoofed) networks in areas that offer ‘free Wi-Fi’. To access, you may need to create an account using your email and a password. In a world where the #1 most common password is ‘123456’, this represents easy pickings for hackers to roam free through the user’s various accounts and take what they will.

To thwart this threat, never give up personal information, and if you need to create a login, use a truly unique password and store it in a Password Manager like Last Pass.

3) Phishing Attacks

These are pernicious and ever-present threats delivered through email, whether on a desktop or mobile device. They present a ‘convincing’ email that appears to be from a trusted source (such as a clickable ‘FedEx’ tracking link) and entice you to click on a malicious link or attachment.

The answer to this is to educate yourself and stay alert. If something doesn’t look right, don’t click anything – check the URL of links or use your browser to go to the website – NOT the provided link. Be suspicious.

4) Unsecured Wi-Fi

Similar to ‘Network Spoofing’ above, any free Wi-Fi is typically unsecured. Hackers pull their car up next to a Starbucks and look through the users on the Wi-Fi inside to see what’s worth stealing. In the UK, Helsinki-based F-secure performed a test for three well-known politicians who acknowledged using free Wi-Fi. From a fake hotspot F-Secure set up, each of the three was then easily hacked in the ‘white-hat’ attack, commandeering accounts like email, facebook, Pay-Pal, and in one case, they listened to a VoIP phone call one made from his hotel room.

Protect yourself by installing a VPN (Virtual Private Network) if you can’t avoid using public Wi-Fi networks.

5) Broken Cryptography

This is usually the responsibility of app developers who either fail to implement proper encryption or use weak encryption to save time and meet a development deadline.

Because the issue is deeply embedded within the app, there is little recourse but to switch apps if a problem appears, and demand better from app developers.

6) Improper Session Handling

Many  apps use ‘tokens’ to make mobile transactions easier, allowing the same token to be used for multiple transactions. Improper session handling happens when the apps unintentionally leave tokens in vulnerable places, allowing hackers to access them. Secure apps generate a new token for each application.

The best way to avoid this is to close the session when you’re finished – just log out. How many of us stay logged into frequently used sites? Too many.

7) Spyware

Spyware can enter unseen through malware, or even be installed by spouses and employers to keep an eye on where you’re going and what you’re doing – also known as Stalkerware.

Using a comprehensive AntiVirus (AV) and malware detection program will scan for these unwanted Peeping Toms and allow for deletion.

Frequently Asked Questions