C-Executives, IT, sales… Which staff is the most exposed to mobile threats?

Posted by Roxane Suau on September 20, 2018

Nowadays, the vast majority of employees is using smartphones or tablets as part of their work. Those devices, whether they are corporate (COPE) or personal (BYOD), are a gateway to organizations information systems.

typo_employees_

Mobile Threat Defense solutions (like VMware Workspace ONE, IBM Maas360, Microsoft EMS, Blackberry...) allow IT teams to list and manage their mobile fleet while ensuring its compliance. Furthermore, they can associate them with security modules which ensure device protection against mobile threats.

Over the recent years, the Pradeo Lab thwarted numerous mobile attacks. Analyzing those threats allowed us to identify their modus operandi, to finally figure out which type of users where the most vulnerable and to what type of threats.

 

Having a rooted smartphone is very common within IT teams

With a peak of 6% of rooted or jailbroken devices among an organization, the IT department leads by far the number of exposure to OS risks and attacks, compared to only 0.1% in the others. By deeply amending the operating systems of their smartphones and tablets in order to benefit from extra features for some of their applications, those employees are weakening their devices and consequently ease the access of malicious and intrusive applications to their device and de-facto to personal and corporate data. As a result of these practices, IT Teams are mostly hit by mobile attacks that exploit the root rights.

 

Sales staff, target #1 of Man-In-The-Middle attacks

Always on the move, sales teams include the most mobile people in a company. With the expansion of unsecured public hotspots, you can work everywhere: hotels, airports, restaurants, mass transit... Accordingly, they are highly exposed to network risks and became the most targeted people by Man-In-The-Middle attacks. As a reminder, a MITM attack happens when a communication between two parties is intercepted by a third-party one. The attack perpetrator secretly spies on the communication and sometimes alters it, while ensuring that the communication seems legit. MITM usually targets corporate mail inboxes, SaaS solutions, banking applications etc. in order to steal sensitive data.

 

Executives are the most vulnerable mobile users

Companies’ executives usually benefit from VIP security policies, allowing them more flexibility than employees. It is common to see administrators not restricting access to applications and networks to VIPs. This special treatment exposes data to an even greater range of threats.

In average, 95% of security policies dedicated to executives notify them when using an intrusive or malicious application, but are not set to block them for convenience purposes. Without surprise, 88% of mobile threats targeting executives come through mobile applications versus 77% in general.

 

Through its 360° protection, Pradeo’s Mobile Threat Defense technology protects from applications, network and device threats. Moreover, its granularity allows adapting security levels accordingly to employees’ uses, creating a tailor-made protection.

Contact our mobile security specialists to learn some more.

Topics: Cybersecurity, Mobile Security