Impact of Mobile Devices on Cybersecurity, Research Paper Example

In 2009 there were 4.6 billion mobile cellular users in the world (US-CERT, 2010, p. 1):as increase in purchases occurs around the globe, so too does increase in security risks. Security risks for mobile devices include theft of ideas, money, data (personal and governmental), and financial information (pin codes) (Smith, 2012, para. 1). Mobile devices have become such a prevalent tool to use not only personally but professionally as well. With this dual capacity it is becoming increasingly difficult to keep cyber security risks at a minimum because of any one device sharing information from a private company on a public platform. Hackers that gain access through poor private security then gain further access to large companies. Thus, private bank information becomes susceptible to security risks because of poor private firewalls. This paper will expound on the increase in cyber security due to the exponential increase in mobile device use.

One of the biggest risks of cyber security involved employees using private devices with their business server. When an employee or an executive downloads any of their personal or their client information onto a personal mobile device the employee runs the risk of that device being stolen, lost or “otherwise compromised, the critical data contained on it could fall into the hands of cyberthieves” (Ponemon, 2012, p. 1). In order to understand the significance and real life possibility the above scenario is, a look at percentages and numbers is needed.

Smartphones reached worldwide record sales in 2012 going up as high as 144.4 million units in the first quarter sales and a yearly increase of 45% after that (Drew, 2012, para. 3). Not only are smartphones breaking sales records but also other mobile devices are as well such as tablets whose shipments “jumped 120%, to 17.4 million units worldwide” (Drew, 2012, para. 3). These numbers reflect consumers being interested in devices that are flexible, give their life more ease (in relation to banking, sharing photos, music, etc.) and that are more accessible and easier to use than previous models. Newer models include Apple iPhone, Google Android, Research in Motion (RIM) Blackberry, Symbian, and Windows Mobile-based devices” (US-CERT, 2010, p. 2). Projected sales for 2015 show that people will most likely access the internet through mobile devices than through their PCs; “CTIA data shows more than one connected wireless device per American today (322 million), a usage rate that is only expected to increase” (CTIA, n.d. p. 5). This increase in sales however also leads to an increase in cybersecurity risks.

These mobile devices are seen as security risks by employers by “over 70 percent” (Palmer, 2014, para. 1). Post-industrial countries run the risk of higher rates of mobile device cyber crime and in fact Hong Kong and Brazil were the top two countries reporting mobile device compromise in 2012 (Ponemon, 2012, p. 2) with the U.S. and Germany (while still susceptible to attack) reporting success in fighting off infections. Cybersecurity isn’t limited to the actual device but the apps that users download onto the device. Research has shown that “96 per cent of apps have an average of 14 vulnerabilities each” (Palmer, 2014, para. 4). Countries across the globe are anticipating the increase of cyberattacks to increase (over 90 percent of British companies anticipate this) with one of the biggest risks being “organized fraudsters” (Palmer, 2014, para. 11).

This threat increase is also due to mobile device connection from phone, PC, laptop, ipad, etc. to businesses where critical data is compromised by other network devices such as the cloud (Drew, 2012, para. 2). Such serious cyberthreats have garnered concern from CEO’s and other top executives and they’re instilled a plan in their companies called BYOD, or “bring your own device” which allows “employees to connect to work IT systems with their personal devices. The practice can have several benefits…but it also poses a number of potential security risks” (Drew, 2012, para. 4). These risks include employees downloading personal information that identifies them or their clients through smartphone use (or tablet use). Even with precautions organizations see an average of 66 cyberattacks on a weekly basis (Ponemon, 2012, p. 1). These attacks vary from country to country with Germany and the U.S. being on the high end of attacks (82 & 79) with CEOs believing that “17 percent of machines and mobile devices within their organizations have been infected by an act of cybercrime” (Ponemon, 2012, p. 1). The cost of retrieving data, blocking attacks, and investigating cybercrimes averages at a high in the U.S. of $298,359 and an average low for Germany of about $106,904(Ponemon, 2012, p. 2).

Other important issues involved in mobile device influence on Cybersecurity is the mobile wallet. Consumers use this to check their bank accounts through mobile devices, to transfer money, pay for items/bills, check their balance. Such information is fodder for the cybercriminal who uses stored credit card and banking information to access accounts (CTIA, n.d., p. 12). Countries are trying to lessen the risk of such information getting into the wrong hands. The U.K., North American and Australia are all trying to create ways to defend against this threat (71 percent of IT leaders from these countries believe that ipads/tablets and smartphones are all at risk for cyberthreats(Palmer, 2014, para. 3)). Some of these IT leaders suggest lock codes on mobile devices, encrypted data, remote erase, use of private network (VPN), avoiding public wi-fi and Bluetooth leashing (Drew, 2012, para. 6-7). Such suggests are necessary as mobile device threat is getting more aggressive.

A Bluetooth worm known as “Cabir” attacks mobile devices and is a mobile malware “It runs on mobile phones using the Symbian Series 60 platform and spreads among Bluetooth-enabled devices that are in discoverable mode. The worm causes a phone to constantly attempt to make a Bluetooth connection, subsequently draining the battery. While this worm was an inconvenience to device users, today’s mobile malware is more insidious and often has more severe effects on devices and their users” (US-CERT, 2010, p. 3). In the evolution of malware on mobile devices the Ikee.B is the first iPhone worm created that strictly goes after financial information. It does this by searching out and forwarding bank or financial information that the iPhone stores and then attempts to connect the now infected iPhone with a botnet command. The malware only attacks iPhones with a secure shell (SSH), which allows for remote access to the phone and has been jailbroken, “A jailbroken iPhone is one that has been configured to allow users to install applications that are not officially distributed by Apple” (US-CERT, 2010, p. 3). This malware shows the ingenuity of cybercriminal’s ability to use previously PC-based malware in the form of botnets to transfer into use for mobile devices, for instance, “a victim iPhone in Australia can be hacked from another iPhone located in Hungary and forced to exfiltrate its user’s private data to a Lithuanian command and control server” (US-CERT, 2010, p. 3).

In order to curtail these attacks companies are taking strides with their own counter-devices for Cybersecurity such as spy software that includes FlexiSpy: “FlexiSpy is commercial spyware sold for up to $349.00 per year. Versions are available that work on most of the major smartphones, including Blackberry, Windows Mobile, iPhone, and Symbian-based devices. The following are some of the capabilities provided by the software” (US-CERT, 2010, p. 3). To help curtail such baleful attacks consumers should take strides in their own personal devices by installing security patches and software updates as soon as they come available. Installing software updates cannot be emphasized more, it allows programs to stay up-to-date with new security features as new cyberattacks become known (and the ways in which they’re attacking mobile devices becomes known) (US-CERT, 2010, p. 4-5). The U.S. and Germany (lead in preventing cyberattacks) are coming up with solutions on a weekly basis to more specifically address such cyberrisks on mobile devices. Such innovations include “anti-bot, application controls and security intelligence systems” (Ponemon, 2012, p. 2).

The role of mobile devices in the increase of Cybersecurity cannot be denied. Without the increase of ingenuity of technological engineers cyberattacks would not be flourishing (89 a week in the US). As such, there seems to be a link between the two: as Cybersecurity increases its intensity in protecting mobile devices, cybercriminals increase their efforts to break through their armor. It’s a cycle that seems to have no end. There is no cure-all for cyberattacks there is only education and being an aware and conscious mobile device user. Keeping devices up-to-date, not downloading solicitations from unknown sources, and reading literature that’s relevant to personal devices are all ways in which cyberattacks can be lessened. It is significant to note the strides in which Cybersecurity has come in handling malware on mobile devices, and hopefully, with the 2015 sales projections, Cybersecurity will only increase it’s efforts.

References

Drew, J. (August 2014). Managing cybersecurity risks. Journal of Accountancy. Retrieved from http://www.journalofaccountancy.com/Issues/2012/Aug/20125900.htm

The impact of cybercrime on businesses. (May 2012). Ponemon Institute. Retrieved from http://www.ponemon.org/local/upload/file/Impact_of_Cybercrime_on_Business_FINAL.pdf

Palmer, D. (2014, 5 February). Mobile devices significant risk to cyber security – BAE Systems. Computing. Retrieved from http://www.computing.co.uk/ctg/news/2330773/mobile-devices-significant-risk-to-cyber-security-bae-systems

Smith, T. (January 2012). Cyber security emerging trends and threats 2012. Enterprise Information Security Office. Retrieved from http://www.dhses.ny.gov/ocs/awareness-training-events/news/2012-01.cfm

Technical information paper-TIP-10-105-01: cyber threats to mobile devices. (2010, 15 April). United States Computer Emergency Readiness Team. Retrieved from https://www.us-cert.gov/sites/default/files/publications/TIP10-105-01.pdf

Today’s mobile cybersecurity. (n.d.). CTIA: The Wireless Association. Retrieved from http://files.ctia.org/pdf/Cybersecurity_White_Paper_2.pdf