Think of a ransomware attack and you may picture a hacker targeting employees who use laptops or desktop devices. Yet hackers are both opportunistic and resourceful, using as many avenues as possible to target their victims. One of the key gateways into organisations are mobile devices.
Cyber-attacks targeting smartphones and other mobile devices
Research suggests cyber-attacks targeting smartphones and other mobile devices have risen by 50% in the first half of 2019. It's not just Android devices, either; evidence suggests that attacks on iPhones are hitting a new high with over 1.5 million campaigns targeting iOS and Mac devices.
The number of attacks, including phishing, malware, zero-day and ransomware, is rising, with 67% of SMEs having experienced an incident and 58% suffering a data breach in the last year.
Increase your mobile cyber security
Effective mobile security is forever needing to evolve, with hackers always looking for new ways to attack. Smartphones are a target because security often isn't taken seriously, with network and computer security usually prioritised. This leaves mobile devices as the Achilles’ heel and easiest route into an organisation.
How to protect companies against cyber-attacks
Research suggests that almost half of SMEs (47%) say they have no understanding of how to protect their companies against cyber-attacks, despite the fact that 67% agree or strongly agree that mobile solutions are changing the way they work as we move towards digital transformation and the reduction of paperwork. Smartphones and tablets are increasingly used for mobile banking, at point of sale and many employees also use personal mobile devices for company use.
Cyber-security strategies for personal devices
This reliance against the backdrop of the increasing threat means there is an urgent need for organisations to address the vulnerability by taking a more proactive approach with cyber-security strategies for personal devices. These should include physical security such as firewalls, encryption, antivirus software and automatic updates, internal controls and procedures, such as a robust ‘Bring Your Own Device’ (BYOD) policy, supported by internal awareness and education through training.
Solutions for common cyber threats to businesses
Here’s an in-depth look at the four common threats, the issues they cause and the solutions
|Data leakage||Mobile apps are often the cause of unintentional data leakage. For example, “riskware” apps (typically free apps found in official app stores) pose a real problem for mobile users who grant them broad permissions, but don’t always check security. Data leakage can also happen through hostile enterprise-signed mobile apps.||In addition to performing as advertised, riskware apps can also send personal and company data to a remote server, where it is mined by advertisers, and sometimes, by cyber-criminals. Hostile enterprise-signed apps are where the programs use distribution code native to popular mobile operating systems to move valuable data across corporate networks without raising red flags.||To avoid data leakage problems, only give apps the permissions that they absolutely need in order to properly function and completely avoid any apps that ask for more than necessary.|
|Unsecured wi-fi and network spoofing||Free Wi-Fi networks are usually unsecured and a prime target for hackers. Network spoofing is where they create fake 'trap' networks, often in public locations, with names such as "Free airport wi-fi" enticing people to connect.||These networks allow hackers to easily compromise connected devices, see exactly what you are doing and access data including social media, banking and VoIP conversations. Fake networks often ask users to create an “account”, complete with a password and because many users use the same credentials for multiple services, hackers are then easily able to compromise users’ email, e-commerce and other secure information.||Avoid unsecured wi-fi and never use it to access confidential services, like banking or credit card information. Always create unique passwords when registering for new access points and do not provide any sensitive personal information.|
|Phishing and Smishing attacks||Because mobile devices are almost always powered and with many mobile users opening, reading and replying to emails in real-time, they are an obvious target for phishing attacks. Users are also more susceptible because email apps display less information to accommodate the smaller screen sizes. A Smishing attack is launched through text messages instead of email.||Phishing attacks can install malware (such as ransomware), sabotage systems, perform malicious advertising, conduct surveillance or steal intellectual property, customer information and funds.||Never click on unfamiliar email links and if the matter isn’t urgent, then carry it out on a more secure device and within a more secure IT environment.|
|Spyware||Spyware (also known as stalkerware) is a form of malware and is designed to be loaded on the target’s device without their consent or knowledge.||Spyware gathers information (such as passwords, financial information and customer information) about a person or organisation. With an ability to avoid detection, Spyware can often do this without their knowledge and for a sustained period of time.||A comprehensive antivirus and malware detection suite should use specialised scanning techniques for this type of program.|
Cyber insurance from Towergate
Towergate are actively engaging with insurers and our clients to obtain cyber protection for businesses of all sizes, to protect against the very real and growing threats of the digital age. We can offer cyber insurance for businesses to help protect you should the worst happen.
Get a cyber insurance quote online.
About the author
Mark Brannon Cert CII is a respected industry leader with over 17 years’ industry experience in a variety of roles within the business insurance sector. He works across a wide spectrum of insurance product and policy development, delivery and optimisation for clients, including claims, insurer relationships, marketing and communications, and risk management.
Read more cyber insurance articles
The information contained in this bulletin is based on sources that we believe are reliable and should be understood as general risk management and insurance information only. It is not intended to be taken as advice with respect to any specific or individual situation and cannot be relied upon as such. If you wish to discuss your specific requirements, please do not hesitate to contact your usual Towergate Insurance Brokers adviser.