In the digital era, businesses of all sizes are prone to plenty of security threats spreading from devices like computers and mobile phones. Fortune 500 enterprises are facing the highest amount of risk, due to a large number of employees and turnover in millions. 

In an ideal hacker world, the higher the risk of a security threat, the higher the potential of reward. Hackers try a myriad of methods to intrude into enterprise infrastructures and seek for potential damages to be made. Attackers are also automating security attacks in the form of email phishing, identity theft, malicious spyware and more. In 2019, the FBI reported 1300 incidents every day with a total of 467,361 complaints at the end of the year. Businesses and individuals lost $3.5 billion to cybercriminals last year. 

Global security threats are set to rise with the massive adoption of smartphones, BYOD and businesses embracing a range of digital solutions. We have compiled the trickiest mobile security threats and how enterprises can fight them back. 

Phishing Attacks

Phishing attacks are one of the most significant mobile security threats to an enterprise. More than 90% of the attacks within the organisation range from identity theft and fake calls from renowned banks. These attackers try to attain bank account details and credentials through various means and aim to obtain access to secure and confidential information. 

With more people getting aware of phishing attacks, hackers are utilizing new modes of communication to convince and dominate the other person on phone/system. With ever-evolving technologies, phishing attacks are also transforming, and modern hackers are using screen sharing based software to take complete control of your system. These attackers generally request system’s access to initiate fraud payments from employees. Most of the high-level executives and non-technical employees are prone to be a target of a phishing consequence. 

Solution: Always look for trusted contacts and never share your email, password and bank details over the phone or computer. National bank branches generally use automated IVR calls for security purposes, and users should only trust their respected banking partners to share any personal details. Users should also check for HTTPS in the address bar of the browser to ensure the shared URL is legit. Large scale enterprises should train their employees to tackle common security threats and make them aware of the common pitfalls in the security landscape. 

Malware Attacks

Malware attacks occur from various cybersecurity threats, including viruses, malware, trojans and javascript injections. In a malware attack, hackers generally try to steal data, get unauthorised access to networks and destroy confidential data on remote computers. These attacks are initiated typically from clickbait emails, attachments to download, spam emails, folder sharing access and can infect the machines and devices connected to the network. Malware attacks can have multiple repercussions to the enterprise IT infrastructure and can damage all the connected devices. Malware attacks also provide backdoor access to confidential customer data like emails, credit card numbers, and CVV codes. For reputed and large scale enterprises, such information can cost millions of dollars. Types of Malware include:

Spyware

Intrudes and monitors the user’s computer to obtain sensitive information such as passwords and encrypted data.

Adware

These range from pop-up ads and automatic ad displays which force the user to download content/apps. 

Keylogger

Keylogger tracks, records, and stores keystrokes of users to attain confidential data and communication. 

Ransomware

Hackers gain access to a computer and lock down the drive/hard disk until the enterprise pays the ransom amount. 

Solution: Ideally, companies should install a firewall in their infrastructure to monitor and disable certain websites. This could include messaging apps, social media applications and even private email servers. Companies should monitor traffic, without breaching the privacy of employees.

Weak Passwords

Easy to crack passwords can be an entry point for hackers to intrude into enterprise databases and backend. A weak password generally comprises passwords which are easy to guess or are based on proper nouns and names easily found in dictionaries. Modern hackers scrape the whole dictionary and try to use various permutations and combinations of famous bands, musicians, catchphrases, complex numbers, birthdays and chronologies. Using a simple password can lead to a nightmare for employees as well as the enterprise stakeholders, as data can be easily compromised through this method.

Solution: Always use passwords with a mix of special characters, capital letters and numbers which are unique and can’t be found in a dictionary. Other than that, Two-factor authorisation (2FA) should be enabled in enterprise-based devices so that even after someone is able to crack your password, they will have to verify it on your personal device to get access into the system. The two-factor authorisation is catching up fast amongst commercial units, banking applications as well as within highly secure enterprise IT infrastructures. 

Way Forward

As the technology landscape keeps evolving, mobile security threats and enterprise phishing attacks will rise with time. Businesses need a dedicated CIO and security architect to strategize and imbibe preventive measures for the enterprise IT infrastructure. In the 21st century, companies just can’t ignore the threats of security hazards, as it can have a significant impact and dent on the overall revenue.