• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»How zero-trust can improve mobile security
Security

How zero-trust can improve mobile security

September 19, 2022No Comments9 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
How zero-trust can improve mobile security
Share
Facebook Twitter LinkedIn Pinterest Email

Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.


Employees’ privacy, personal identities and privileged access credentials are at risk because enterprises are sacrificing security to get more work done. While 85% of enterprises have a dedicated budget for mobile security, just over half, 52%, have sacrificed the security of mobile and IoT devices to “get the job done” and meet tight deadlines or achieve productivity targets. Verizon’s Mobile Security Index (MSI) for 2022 discovered a 22% increase in cyberattacks involving mobile and IoT devices in the last year. Verizon interviewed 632 security and risk professionals based in Australia, the U.K. and the U.S. 

Mobile attacks are becoming more lethal 

Mobile attack severity levels are at levels that Verizon’s research team claims not to have seen since they began the security index years ago. Enterprises that report mobile security attacks have a long-lasting impact jumped from 28% last year to 42% this year, a 33% jump in twelve months. While nearly a quarter of enterprises experienced a mobile security compromise last year, the majority, 74%, say the impact was significant.  

Mobile attacks are growing more lethal, with each intrusion compromising an enterprise's ability to operate. Mobile attacks that cause lasting repercussions jumped 33% in the last twelve months. Source: Verizon's Mobile Security Index (MSI) for 2022
Mobile attacks are growing more lethal, with each intrusion compromising an enterprise’s ability to operate. Mobile attacks that cause lasting repercussions jumped 33% in the last twelve months. Source: Verizon’s Mobile Security Index (MSI) for 2022

Sacrificing security for productivity 

“During the last two years specifically, many organizations sacrificed security controls to support productivity and ensure business continuity,” Shridhar Mittal, CEO, of Zimperium, in the company’s 2022 Global Mobile Threat Report. As a result, Verizon’s security team of experts said it “wasn’t surprised to hear that over half of respondents said they’d sacrificed mobile device security.” 

While 66% of 632 security professionals Verizon interviewed globally said they’d come under pressure to sacrifice mobile device security “to get the job done,” 79% of them succumbed to the pressure. That equates to over half, or 52%, of all security professionals choosing to sacrifice security for speed.

Event

MetaBeat 2022

MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.

Register Here

Trading off security for speed and productivity underscores why cybersecurity budgets are a business decision that affects every area of a company’s operations -and employees’ identities. 

“For businesses — regardless of industry, size, or location on a map — downtime is money lost. Compromised data is trust lost, and those moments are tough to rebound from, although not impossible,” said Sampath Sowmyanarayan, CEO at Verizon Business. “As a result, companies need to dedicate time and budget to their security architecture, especially on off-premise devices. Otherwise, they are leaving themselves vulnerable to cyberthreat actors.” 

See also  How To Improve Your Content Creation Process For 2023

Common mobile device attack patterns 

Hacking an employee’s mobile device that’s also used for accessing corporate networks is a goldmine for cyberattackers. Additionally, identity theft, stealing credit card and banking data and gaining privileged access credentials to corporate networks are used by cyberattackers to create fraudulent credit card, home loan and small business loan applications. 

The Small Business Administration’s (SBA) pandemic loans are one significant place where cyberattackers have stolen identity data from phones. The U.S. Secret Service has been able to retrieve $286 million in funds obtained by cyberattackers using stolen identities. Since this began, the SBA has provided guidance on what steps people can take to protect themselves from scams and fraud. 

Cyberattackers are after employees’ private data, identities and privileged access credentials

Mobile cyberattacks are lethal because they strike at the intersection of a person’s identity, privacy and professional life. Therefore, continuous employee cybersecurity training is crucial today. In addition, cyberattackers use many strategies to access the phone’s most valuable data, such as the following.

Supply chain attacks on Android and iOS apps

Proofpoint’s researchers found a 500% jump in malware delivery attempts in Europe earlier this year. Cyberattackers and gangs collaborate to get mobile malware inserted into apps, so thousands of users download them daily. In addition, tens of thousands of employees working for enterprises may have malware on their phones that could compromise an enterprise network. 

Of the two platforms, Android is far more popular for this attack strategy because the platform supports many app stores and it’s open enough to allow side-loading apps from any site on the Web. Unfortunately, that convenience turns into a fast lane for cyberattacks, which can compromise an Android phone in just a few steps. For enterprises and their senior management teams, that’s something to monitor and evaluate phones for. 

Conversely, Apple doesn’t allow side-loading apps and has tighter quality controls. However, iPhone still gets hacked and for enterprises, cyberattackers can get on the network and start moving laterally in as little as one hour and 24 minutes. Potential data compromises on Amazon’s Ring Android app, Slack’s Android app, Klarna and others are a case in point. 

SMS texts that contain links to install malware

This is another common strategy cyberattackers use to get malware onto mobile devices. It’s been used for years to target the senior management teams of large corporations, hoping to gain privileged credentials to corporate networks. Cyberattackers mine the Dark Web for senior management members’ cell phone numbers and regularly rely on this technique to implant malware on their phones. Therefore, the Federal Trade Commission’s advice on recognizing and reporting spam text messages is worth reading and sharing across senior management teams, who most likely have already seen this attack strategy in their IM apps.

See also  For the metaverse to grow, mobile digital identities are necessary

Phishing continues to be a growing threat vector

Verizon’s Data Breach Investigations Report (DBIR) have covered phishing for 15 years in their research, with Verizon’s latest MSI finding that, “83% of enterprises have experienced a successful email-based phishing attack in which a user was tricked into risky activities, such as clicking a bad link, downloading malware, providing credentials or executing a wire transfer. That’s a huge increase from 2020, when the number was just 46%,” according to Verizon’s 2022 report.

Additionally, Zimperium’s 2022 Global Mobile Threat Report found that 75% of phishing sites targeted mobile devices in the last year.

Mobile security needs to redefine itself with zero trust

Treating every identity as a new security perimeter is essential. Gartner’s 2022 Market Guide for Zero Trust Network Access provides insights into security teams’ need to design a zero-trust framework. Company leaders should consider how best to get started with a zero-trust approach to securing their mobile devices, starting with the following recommendations.

Zero trust and microsegmentation will define long-term mobility security’s effectiveness

How well mobile devices are included in microsegmentation plans is partly attributable to how well an enterprise understands application mapping. Using the latest series of tools to understand communication paths is essential. Microsegmentation is one of the most challenging aspects of implementing zero trust. To get it right, start small and take an iterative approach.  

Enable multifactor authentication (MFA) across every corporate and BYOD device

Leading unified endpoint management UEM platforms, including those from VMware and Ivanti, have MFA designed into the core code of their architectures. As MFA is one of the main components of zero trust, it’s often a quick win for CISOs who have often battled for a budget. In defining an MFA implementation plan, be sure to add in a what-you-are (biometric), what-you-do (behavioral biometric), or what-you-have (token) factor to what-you-know (password or PIN code) authentication routines by mobile device. 

Define secure OS and hardware requirements for approved BYOD devices

Enterprises get into problems by allowing too many variations of devices and OS levels across their fleet of third-party devices on corporate networks. Standardizing on a standard OS is best, especially on tablets, where many enterprises are finding that Windows 10 makes managing fleets of devices more efficient on UEM platforms.

See also  Report: 55% of apps available on Google Play share user data

Down-rev and legacy mobile devices with implicit trust routines designed into the firmware are a security liability. They’re targeted with Meltdown and Sepctre attacks. Most legacy mobile devices lack the patches to keep them current, so having an entire fleet on the latest hardware and OS platforms is critical to security. 

Manage BYOD and corporate-owned mobility devices with UEM

Adopting a unified endpoint management (UEM) platform is essential for ensuring every mobile device is secured at parity with all others. Advanced UEM platforms can also provide automated configuration management and ensure compliance with corporate standards to reduce the risk of a breach. CISOs are pressuring UEM platform providers to consolidate their platforms and provide more value at lower costs.

Gartner’s latest Magic Quadrant for Unified Endpoint Management Tools reflects CISOs’ impact on the product strategies at IBM, Ivanti, ManageEngine, Matrix42, Microsoft, VMware, Blackberry, Citrix and others. Gartner’s market analysis shows that endpoint resilience is another critical buying criterion. Leaders in endpoint security include Absolute Software’s Resilience platform, Cisco AI Endpoint Analytics, CrowdStrike Falcon, CyCognito,  Delinea, FireEye Endpoint Security, Venafi, ZScaler and others. 

Automate patch management across all corporate and BYOD devices 

Most security professionals see patch management as time-consuming and overly complex, and often procrastinate at getting it done. In addition, 53% said that organizing and prioritizing critical vulnerabilities takes up most of their time. Earlier this year at RSA 2022, Ivanti launched an AI-based patch intelligence system. Neurons Patch for Microsoft Endpoint Configuration Monitor (MEM) relies on a series of artificial intelligence (AI)-based bots to seek out, identify and update all patches across endpoints that need to be updated. Other vendors providing AI-based endpoint protection include Broadcom, CrowdStrike, SentinelOne, McAfee, Sophos, Trend Micro, VMWare Carbon Black, Cybereason and others. 

One mobile device being compromised is all it takes

As is the case with microsegmentation, which is a core component of zero trust, CISOs and their teams need to take the perspective that a cyberattack is inevitable. While Verizon found that 82% of security professionals say their organizations are adopting or actively considering a zero-trust approach to security, the majority sacrificed security for speed to get more done. 

With mobile attacks becoming more lethal and focused on obtaining privileged access credentials, security leaders must face the sobering fact that all it takes is one mobile device to be compromised to have an infrastructure breach.

Source link

improve mobile security Zerotrust
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Bitdefender Total Security review

March 6, 2024

Avast Premium Security review

March 6, 2024

Eset Home Security Ultimate review

January 23, 2024

AVG Internet Security review

October 31, 2023
Add A Comment

Comments are closed.

Editors Picks

Binance and Coinbase Have Been Sucked Into a Regulatory Turf War

April 9, 2023

The bane of Silicon Valley: How Web3 solves the geographical siloes of innovation 

October 12, 2022

Emojis In The World Of Work

July 17, 2022

Roidmi X300 review: It’s good, but not £600 good

March 21, 2023

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.