Threats to mobile devices ‘have not changed’

Threats to mobile devices 'have not changed'

The level of threat against businesses caused by the use of mobile devices has not changed, according to industry analyst Gartner.

There are still two main causes of data loss on mobile devices – namely physical device loss and misuse of apps – and this is what businesses must contend with to limit risk.

That is the opinion of Dionisio Zumerle, research director at Gartner, who was speaking ahead of the annual Gartner Security & Risk Management Summit in London next week.

However, while the type of threat has not necessarily changed, he says that the consequences certainly have, mainly because mobile devices are now storing and accessing more sensitive data.

"In healthcare, for example, an increasing number of physicians are using tablets to process sensitive data about their patients," he explained.

"In finance, brokers are using their smartphones to exchange sensitive information. In these scenarios, a device that falls in the wrong hands and does not have adequate protection can be the source of a major data breach. "

When it comes to apps, the key problem is that the majority are invasive, and ask permission to access users' contact lists, personal information and locations.

Additionally, staff often use use personal file sharing apps with corporate documents, and although few of these apps are "truly malicious" Mr Zumerle notes that the vast majority do not offer enterprise-grade security.

"As such, they are frequently the subject of credential leaks and other security incidents. This 'bad hygiene' results in a multitude of enterprise data breaches, most of which go unreported," he added.

One ever-present threat to mobile devices is malware, particularly as the BYOD trend continues to strengthen, with ever-sophisticated techniques being used.

In some instances, cybercriminals are repackaging legitimate apps into malicious ones, while the last few months have also witnessed the development of mobile attacks that can be applied across the enterprise.

Mr Zumerle added: "These are more realistic, can be exploited remotely and can do greater damage. However, we have yet to see these attacks translate into actual damages for organisations."

In the meantime, he advised businesses to take a variety of precautions, including requiring basic enterprise security policies, defining device passcodes, disallowing models that cannot be updated or supported, and restricting the use of unapproved third-party app stores, which can together help to minimise business risk.