Although the number of mobile security threats is on the rise, so are measures to combat them. According to TechTarget, the three top threats to mobile security are malware, data leakage via cloud-based applications and services and user error.

Malware a Growing Problem

There are approximately 500 million samples of mobile malware that have been detected, and the growth rate for new malware detections is running at 72 percent per quarter, according to a recent report. Not only is such malware a security risk when the device connects to a network and is able to propagate, but it’s also often designed to steal data from devices.

Mobile malware often manifests itself differently than malware found on PCs. All too often, it results from users downloading risky mobile apps that harvest sensitive data. According to research from MobileIron, less than 5 percent of organizations deploy anti-malware controls to protect the mobile devices connecting to their networks. Not only should organizations be using such controls, but they should ensure that employees only access mobile apps from corporate-approved app stores.

The Leaky Cloud

Cloud-based storage and file-sharing applications have proliferated in recent years and provide a convenient way to access, store, manage and share information. Employees now routinely use such services for both personal and corporate purposes, including the use of consumer-oriented applications and those not sanctioned for use by the enterprise. The uncontrolled use of such services can lead to sensitive and confidential data being leaked out of the enterprise, and could compromise an organization’s ability to meet its security and compliance objectives.

While one alternative is to blacklist certain applications and services to prevent their use, users can find their way around such controls by using a different service to store sensitive information. Organizations would be better off providing employees with officially sanctioned apps and educating them on the need to only use apps that have been approved for corporate use when storing sensitive data.

The Human Factor

User error is a further mobile security threat that organizations face. Many users are lax when it comes to securing their devices, using weak passcodes, or none at all, and not encrypting the data that they contain. Given that mobile devices are routinely lost or stolen, unsecured devices can often provide unauthorized access to data. Some users also root or jailbreak their devices in order to overcome default restrictions or to allow them to customize them, but this makes it much easier for data-stealing malware to be introduced onto a device. According to MobileIron, 50 percent of organizations have at least one non-compliant device on their network at any given time. Another danger is that employees will use unsecured Wi-Fi networks to connect to corporate information, which increases the chances that their devices could be hacked.

Deploy Strong Security Controls

To ensure that corporate data on mobile devices is adequately protected, organizations should look to utilize secure mobile device platforms, such as Samsung Knox, that provide multi-layered protection, as well as containerization to keep corporate data separated from personal data. Solutions should also provide the ability to remotely wipe data from either the work container or the entire device should the device be lost or stolen.

Organizations should also look to deploy enterprise mobility management (EMM) controls that are able to identify compromised devices and can enforce the use of a standard operating system, as well as upgrades and patches. Many EMM solutions enable data monitoring on devices and feature cloud access controls to prevent data leakage via cloud services.

Mobility provides many advantages for business and is an unstoppable force. With the right mobile security strategy in place, organizations will be well placed to shield themselves from the risks.

Visit Samsung’s mobile security services page to learn how to properly assess your exposure to mobile threats and mitigate against these risks.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth