Credit: Smartphone texting image via Shutterstock
Even if you've gone out of your way to make sure your company's computers are safe from cyberattacks, your employees' phones could prove to be the weak link in your data security plan. Employee mobile devices are quickly becoming the prime target of cybercriminals, new research shows.
A study by security software provider Symantec revealed cyberthreats targeting smartphones, tablets and other mobile devices increased 58 percent last year. Overall, more than 30 percent of all the mobile threats discovered attempted to steal information from the user, such as email addresses and phone numbers.
Android devices, with their open platform and multiple methods available to distribute malicious apps, make it the go-to operating system for attackers, the research noted. While researchers found far more vulnerabilities on Apple's iOS platform, Android dominated the malware landscape with 97 percent of last year's new threats.
The study found a significant rise in several types of mobile phone attacks, including privacy leaks, which disclose personal information and can release surveillance software that covertly transmits the owner’s location, as well as premium number fraud, which uses malicious apps to send out expensive text messages. Premium-text-message scams are less common in the U.S. than in other countries, but are still on the rise, along with other mobile cybercrimes.
In addition, just as spammers have linked networks of PCs into botnets to send out unwanted email, cybercriminals have begun using Android botnets the same way. Researchers believe this suggests that attackers are adapting techniques used on PCs to work on smartphones.
"This year’s (study) shows that cybercriminals aren't slowing down, and they continue to devise new ways to steal information from organizations of all sizes," said Stephen Trilling, chief technology officer for Symantec. "The sophistication of attacks coupled with today’s IT complexities, such as virtualization, mobility and cloud, require organizations to remain proactive and use 'defense in depth' security measures to stay ahead of attacks."
Knowing that criminals are shifting their attention to mobile devices, Symantec has beefed up its cybersecurity offerings to include these new elements:
- Secure email: New to the suite is a secure email client for both iOS and Android platforms, providing safeguards to users' email, calendar, address book and to-do lists. The new free secure email client is easily configured and controlled through the Mobile Management Suite console.
- Single sign-on: With the suite's new single sign-on capability, end users are now only required to login once for access across multiple wrapped apps. The benefit of single sign-on is twofold – it improves the end user experience by simplifying the authentication process and it improves security by enabling broader usage of authentication controls.
- SSL policing and URL whitelisting: By adding SSL policing to the app-level policies and enforcing URL whitelist rules, data in motion will be encrypted and guaranteed to only be delivered to the server or service preconfigured by the business.