Cyber criminals have always targeted mobile devices. How can companies protect themselves?

Mobile devices a security risk?

Cyber criminals have always targeted mobile devices. How can companies protect themselves?

Mobile devices are almost a given now in corporate life. Frequently, security can be left by the wayside.

Check your e-mails while you're on the go, keep working on a presentation, or send the newest financial figures to your colleagues: mobile devices have become a normal part of our working lives. In Germany, France, the UK, Spain, and Italy, three quarters of companies equip their employees with smartphones, according to a study by online IT publisher NetMediaEurope. Smartphones, tablets, and laptops make work more flexible and more productive – yet, they also carry some risks. Among other things, there are concerns about employees who treat their mobile devices carelessly.

In the sights of cyber criminals

Cyber criminals noticed this carelessness quite some time ago – and are setting their sights on mobile devices more and more frequently. According to information from IT association Bitkom, half of German companies became the victims of digital corporate espionage, sabotage, or data theft between 2013 and 2015. The damage: 51 billion euros – every year. The global figure, according to estimates by the "Center for Strategic and International Studies" (CSIS) is more than 400 billion euros.
The security of mobile devices deserves just as much attention as desktop security. According to the "BYOD and Mobile Security Report 2016" by Crowd Research Partners, almost a fifth of companies has had security problems either due to mobile devices owned by the company or due to the professional use of private devices (bring your own device).

Apps as a security risk

The German "Bundesamt für Sicherheit in der Informationstechnik" (BSI - Federal Office for Information Security) criticized the "Situation of IT security in Germany 2015" in its annual report, saying that providers and users tend to pay more attention to functional and economic factors than to security. In mobile technology – according to security experts – apps which weren't downloaded from official Apple, Google, and Microsoft stores pose the biggest security risk.
Another high risk results from the fact that manufacturers often aren't able to update software quickly enough to close security gaps. "Updates are sometimes not provided, only provided for a short time after purchase, or subject to a significant delay," explains the BSI. In addition, dangers are lurking when mobile devices automatically connect to public hotspots. "These are often open," warns the BSI. "They allow data to be transferred unencrypted, and therefore to be read by unauthorized third parties".

Eavesdropping on conversations

Dirk Backofen, Program Manager Portfolio Management, Engineering and Operations at Telekom Security
Locating mobile devices can also pose a security risk: According to the BSI, cyber criminals can often combine these locations with other information they uncover to create a comprehensive profile of their victims' movements. The Federal Office also notes that telephone systems running on second generation mobile technology (2G/GSM) are subject to eavesdropping at the wireless interface. In certain cases, 3G and 4G telephone systems are also subject to spying. "For example, if the attacker causes them to be switched over to a 2G standard," says the BSI.
Companies need to protect themselves against a large number of dangers. But how? Defensive mechanisms have to go on the hunt for unknown code, writes Dirk Backofen from the new business unit "Telekom Security" in his contribution to the book "Security Einfach Machen – IT-Sicherheit als Sprungbrett für die Digitalisierung" (Making Security Simple. IT Security as the Springboard  to Digitization), which will be coming out in October 2016. For smaller companies, however, it can be difficult to develop their own security concept. Intelligent services offer support. In the age of digitization, the best protection against attacks from the Internet also comes from the Internet, explains Backofen. "So-called managed services" offer companies an easy to implement full package of protection from the cloud that secures their company networks, data, and applications, and warns them of cyber attacks early on."
Security apps also offer effective protection, using algorithms that learn independently to identify even unknown risks through real time analysis of thousands of operating system parameters. Continuous monitoring for mobile devices functions similarly to continuous ECG monitoring for people. The app permanently monitors the mobile device for threats, analyses anomalies in a protected environment (sandbox), and automatically initiates suitable counter-measures through communication with the server if anything does go wrong, such as fully decoupling the infected device from the corporate network through mobile device management (MDM).

Separating work and private life

The BSI certifies highly developed mobile device management systems. It is possible, for instance, to cooperate with manufacturers to specify which apps can be installed. MDM systems also address scenarios in which mobile devices are used for both private and professional purposes. It is true that there are as of yet no cross-system standards in this still young market. However, "A thoroughly prepared MDM system integration, combined with ongoing monitoring and maintenance, can have significant benefits in the area of mobile device safety," say the security experts.
Companies get a good combination of low costs and good security with cloud offers. Expensive, protracted in-house development is no longer a necessity. Instead, large service providers offer users access to applications from the cloud, and always keep these up to date. In this way, companies can stay close on the heels of any new dangers and threats that may come up.

Further articles