CyberTalk

Say goodbye to standard security for smartphones (you need this instead)

Zahier Madhar, Lead Security Engineer, Office of the CTO

By Zahier Madhar, Lead Security Engineer and Office of the CTO, Check Point.

Smartphones play a pivotal role in all of our lives. In a way, smartphones today are a sort of a diary, storing pictures, organizing them and displaying them in a story telling modality. Smartphones are much more than a piece of technology that allows you to make phone calls and send text messages.

Many people, before they go to bed, they have their smartphones in their hands; they are getting the latest updates, finishing some work, or watching a movie or video shorts. And once they wake up, the first activity of the day consists of picking up the smartphone, checking the time and seeing about whether or not they have missed any updates.

Smartphones: dual uses

That very same smartphone is often used for business purposes as well; such attending or hosting meetings, emails and managing an agenda. The dual-purpose dimension is also the case with a laptop (used for both private and business purposes). The biggest different between a laptop and a smartphone is that a smartphone is always turned on and connected to the internet, while a laptop, not-so-much.

A second difference is that a laptop is managed and has a threat prevention application on it. In contrast, smartphones are, in many cases, managed by the organization but not secured by a threat prevention application.  However, the smartphone contains the same mix of private data and business related data as the laptop. See the problem?

The bakery next door

In a previous Cyber Talk thought leadership article, I talked about the bakery next door. The bakery next door can use a smartphone to get the status of the ovens, but also to control the ovens. Imagine if the baker’s smartphone were hacked and hackers took control over the most important ovens. This would impact the bakery’s output immediately. This is not just a theory; this could happen. Although this example is small-scale, the implications are immense; lack of smartphone security can jeopardize a business.

History of mobile threats

Malware targeting smartphones is not new. The difference today compared with 20 years ago is that the smartphone holds sensitive data; sensitive data on private and business level.

The question is why do organization fail to install mobile anti-malware on the smartphones? I believe it has to do with awareness, costs, and user experience or they think it is not needed (especially for iOS users).

iOS cyber security

Despite popular belief, it is possible to install malware on iOS devices and since the EU’s Digital Markets Act of 2022 came about, Apple has been forced to allow also apps outside the App store on its phones.

But regulating smartphones based on unified endpoint management and mobile device management is not enough. The reason why is simple: These security tools do not contain security controls for inspecting apps, network connections and interfaces in regards to malicious behavior.

Malware prevention

Let’s get back to the bakery next door. The baker uses his smartphone for daily business (baking bread-related tasks) and also for personal use. To avoid getting infected by malware, the baker does not install apps outside of the App store, does not scan QR codes and does not connect to public wifi.

As with his laptop, he makes sure that the smartphone and his apps are always updated with the latest software releases. Still, this is not enough. The baker won’t successfully avoid SMS phishing, malicious websites and network related attacks by taking those steps. To truly advance his security, the baker needs to install a mobile security solution that protects the smartphone from mobile security risks.

The baker is lucky because he relies on a cyber security vendor partner to deliver a platform and he can simply apply mobile security, in addition to the other security controls that have been delivered, through the platform.

In other words, what the baker has is a consolidated cyber security platform with threat prevention, ensuring that his business won’t be disrupted by opportunistic hackers.

Key takeaways

As I mentioned earlier, smartphones have become day-to-day essentials, shaping our social interactions and business operations. However, they also present security risks, as they contain sensitive personal and business information. Here are some tips to enhance smartphone security:

1. Stick to official app stores for downloading apps.

2. Avoid connecting to public wifi networks.

3. Consider installing a mobile threat prevention application.

As a Chief Information Security Officer (CISO), it’s crucial to treat smartphones with the same level of security awareness as laptops. Incorporate them into your awareness campaigns and ensure they are regularly updated with the latest patches.

Implement mobile threat prevention solutions like Harmony Mobile from Check Point to serve as a security enforcement point for your Unified Endpoint Management (UEM) or Mobile Device Management (MDM) system.

These measures will enhance security maturity and provide visibility into potential malicious activities on mobile devices within your organization.

For more insights from Zahier Madhar, please click here. To receive compelling cyber insights, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.

Exit mobile version