Here are four steps that organizations need to take and own to protect expanded corporate perimeters and guard against human error.

With millions of us now adopting a hybrid working model, smartphones have become a primary tool for day-to-day business transactions.

With such huge usage across a fragmented landscape, it is no wonder cybercriminals view mobiles as the ideal launch pad for large-scale attacks. 

Additionally, modern mobile devices are more powerful than ever before, with sophisticated operating systems and a wide range of applications and services. This complexity could create more opportunities for attackers to find vulnerabilities and exploit them. Nevertheless, smartphone manufacturers have made strict security settings available. It is still possible to bypass the security measures and we have seen an increase in malicious applications masquerading as legitimate products on app stores, however many do not make it pass the download phase. 

Moving beyond malware

Cybercriminals have therefore started to move away from traditional attack methods such as malware or ransomware. Over the past two years, video phishing (vishing) and sms phising (smishing) cyberattacks have significantly increased in popularity. Why?

There are several factors: the increased use of mobile devices, the sudden growth of remote-working, and the sophistication of attackers and the technology they are using. Vishing and smishing attacks are increasingly being used for identity theft and financial fraud, a trend that shows no sign of slowing down. But what else can we expect to see in the mobile vector in 2023 and beyond?

Although ransomware attacks are not as prevalent on mobile devices as they are on traditional desktops and laptops due to the inherent nature of file security and backup features. However, if ransomware attacks were to become more prevalent on mobile devices, they could have significant consequences for individuals and organizations alike. As mobile devices are often used to store sensitive personal and corporate data, a successful ransomware attack could significantly damage an organization’s reputation and have severe financial implications. 

Additionally, mobile ransomware attacks could potentially impact critical infrastructure, which from a geopolitical perspective could be an extremely powerful weapon. Once a device has been hacked, bad actors could use it as a platform to steal top-secret information on anything from future government policy to technical specifications for new weapons. Furthermore, such attacks could even be used as an entry point of a much wider attack. 

Four steps to strengthen mobile security

With the world becoming reliant on mobile phones for communication, business, and transactions, ensuring devices are secure should be a priority. Here are four broad steps organizations can take to strengthen their mobile security procedures:

    • Educate employees: Conduct regular awareness training and refresher courses about cybersecurity and mobile usage risks. This could include the safe usage of mobile devices, as well as regular reminders about the importance of remote-working security hygiene.
    • Implement mobile security policies: Establish clear policies surrounding the use of mobile devices. This should include guidance on installing applications and accessing sensitive data. Policies should be regularly reviewed and updated to reflect changing threats and technologies.
    • Monitor and update mobile devices: Monitor mobile devices for suspicious activity such as unusual network traffic or unexpected application behavior. Devices should also be regularly updated with the latest security patches and software updates as well as prevention-first security software, instead of just detection software.
    • Conduct regular security assessments: This can help identify vulnerabilities and areas for improvement in an organization’s mobile security posture. Assessments can include penetration testing, vulnerability scans, and social engineering risk evaluations.

It has never been more important for individuals and organizations to be aware of the cyber risks they face, and to take steps to protect themselves against burgeoning new-age threats.