By Sundar Balasubramanian, India and SAARC MD, Check Point Software Technologies
In the last few years, that mobile device in your hand has taken a place of importance in all our lives. The smartphones of today transforms into a sort of a diary, storing pictures, organizing them and displaying them in a story telling modality. Smartphones are much more than a piece of technology that allows you to make phone calls and send text messages.
Many people, before they go to bed, they have their smartphones in their hand; they are getting the latest updates, finishing some work, or watching a movie or video shorts. And once they wake up, the first activity of the day consists of picking up the smartphone, checking the time and seeing about whether or not they have missed any updates. The smartphone is an important part of our personal lives.
However, mobile threats including here in India is seeing an ever-evolving landscape of attacks. India’s mobile user base is booming, solidifying its position as the second-largest smartphone market globally (trailing only China) with a staggering 492.7 million users in 2021. This growth spans both urban and rural areas, further fueled by the widespread adoption of work-from-home policies during the pandemic. As mobile usage surges, it’s crucial for users to be vigilant against the rising threat of mobile scams.
The landscape of mobile scams is becoming more sophisticated and diverse. In India, recent examples include SIM swap scams and call forwarding scams. However, the government is actively taking steps to combat these threats, cybersecurity awareness campaigns to educate citizens, and recent actions include blocking over 1.4 lakh mobile numbers linked to financial frauds.
Smartphones: dual uses
That very same smartphone is often used for business purposes as well; such attending or hosting meetings, emails and managing the agenda. The dual-use aspect is also the case with a laptop (used for both private and business purposes). The biggest different between a laptop and a smartphone is that your smartphone is always turned on and connected to the internet and a laptop, not-so-much.
A second difference is that a laptop is managed and has a threat prevention application on it. In contrast, smartphones are, in many cases, managed by the organization but not secured by a threat prevention application. However, the smartphone contains the same mix of private data and business related data as the laptop. See the problem?
The bakery next door
Today’s modern bakery can use a smartphone to get the status of the ovens, and also control the ovens. Imagine if the baker’s smartphone were hacked and hackers took control over the most important ovens. This would impact the bakery’s output immediately and perhaps even steal customer data that had been collected. This is not just a theory; this could happen. Although this example is small-scale, the implications are immense; lack of smartphone security can jeopardize a business.
History of mobile threats
Let me put this into greater context. Twenty years ago, Nokia was producing popular mobile phones, like Nokia 1100 and the Nokia N Gage. At the same time, a group of technical people started a proof-of-concept (POC) to demonstrate that mobile phones could be hacked. The first malware for mobile phones was called the Cabir Worm. The Cabir Worm targeted Symbian OS, which was mainly used by Nokia. The incident clearly demonstrated that mobile phones could be infected by the malware through Bluetooth. In other words, hackers have been targeting phones for 20 years and they’re not about to stop.
Malware targeting smartphones is not new. The difference today compared with 20 years ago is that the smartphone holds sensitive data; sensitive data on a private and business level.
The question is why do organization fail to install mobile anti-malware on the smartphones? I believe it has to do with awareness, costs, and user experience or they think it is not needed (especially IOS users).
iOS cyber security
Despite popular belief, it is possible to install malware on IOS devices and since the EU’s Digital Markets Act of 2022 came about, Apple has been forced to allow also apps outside the App store on its phones. Regulating smartphones based on unified endpoint management and mobile device management is not enough. The reason why is simple: These security tools do not contain security controls for inspecting apps, network connections and interfaces in regards to malicious behavior.
Malware prevention
But, let’s get back to the bakery next door. The baker uses his smartphone for daily business (baking bread-related tasks) and also for personal use. To avoid getting infected by malware, the baker does not install apps outside of the App store, does not scan QR codes and does not connect to public wifi.
Just like with his laptop, he makes sure that the smartphone and his apps are always updated with the latest software release. Still, this is not enough. The baker won’t successfully avoid SMS phishing, malicious websites and network related attacks by taking those steps. To truly advance his security, the baker needs to install a mobile security solution which protects the smartphone against mobile security risks.
The baker is lucky because he relies on a cyber security vendor partner to deliver a platform for supporting his business and he can simply apply mobile security, in addition to the other security controls that have been delivered through the platform.
What the baker has is a consolidated cyber security platform with threat prevention, ensuring that his business won’t be disrupted by opportunistic hackers.
As I mentioned earlier, smartphones have become essential in our daily lives, shaping our social interactions and business operations. However, they also present security risks, as they contain sensitive personal and business information. Here are some tips to enhance smartphone security:
- Stick to official app stores for downloading apps.
- Avoid connecting to public Wi-Fi networks.
- Consider installing a mobile threat prevention application.
It is therefore crucial to treat smartphones with the same level of security awareness as laptops. Incorporate them into your awareness campaigns and ensure they are regularly updated with the latest patches. Implement mobile threat prevention solutions to serve as a security enforcement point for your Unified Endpoint Management (UEM) or Mobile Device Management (MDM) system.
These measures will enhance security maturity and provide visibility into potential malicious activities on mobile devices within your organization.