System and application updates always seem to pop up at less than timely moments, and most of us postpone them without second thoughts, for days, weeks, months… However, these updates represent an essential piece of systems’ stability and safety, as they include functionality enhancements and patches to security holes.
Enterprise mobility is remarkably enhancing productivity. Companies have seized this opportunity by enabling collaborators to work with mobile devices and applications, often out of companies’ premises. Accordingly, mobile data privacy has become a major focus for end-users and authorities in the last years. The area is now regulated by general or industry-specific laws that require organizations to protect their mobile environment through the deployment of dedicated solutions. These new usages and legal requirements are redefining cybersecurity, constraining security heads to rethink their strategy.
Maintaining a safe digital framework can be a tricky task for large organizations’ IT teams. To help them, some solutions such as security information and event management (SIEM) softwares are specifically designed to group and analyze large amounts of data and make them comprehensible at a human scale. By relying on these capabilities, a SIEM can alert on suspicious and potentially illegitimate behaviors, providing security heads with visibility in a security context.
Mobile users are often unaware of how vulnerable their smartphone can be. A regular mobile usage involves manipulating numerous corporate and personal data, installing apps, granting permissions, connecting to various networks, etc. But while all these can seem innocuous, common tasks and habits such as delaying an update or side-downloading an app actually come with risks.
Along the massive growth of enterprise mobility, cybercriminals looking for valuable data naturally shifted their interest toward mobile devices. Indeed, smartphones and tablets have inherent capabilities that, when exploited illegally, can provide a direct access to all the data they manipulate. Mobile threats can operate at three different layers of a device: 78% of them use mobile applications, 10% exploit the OS and 12% leverage the network.
From phishing attempts to the more sophisticated Man-In-The-Middle, this article presents the most common network attacks used to exfiltrate data from mobile devices in the corporate environment.