Mobile Threats: What is the Cost of a Security Breach?

In 2017, The Economist ran an article entitled The World’s Most Valuable Resource is no Longer Oil, but Data. Quoted hundreds of times since, the article points out that the five most valuable companies in the world are companies that collect and own (you can’t ask them to delete or even reveal what they know about you) vast amounts of user data.

‘Your smartphone probably knows more about you than you do,’ warns cnet.com. ‘It knows where you are at all times. It knows every person you talk to, and what you’ve said to them. It has your family photos, your pet’s pictures, your passwords and more. For attackers, it’s a digital passport to access everything they would need to know about a person.’

Since data is worth so much, it’s no wonder it has captured the interest of criminals. But if personal data is merely a handful of cash, company data is a massive vault of riches. And increasingly, mobile devices are the key that opens it.

Smartphones, tablets, and other devices have transformed the way we do business. Today’s mobile workforce checks emails, shares files, accesses the network and remotely performs countless other tasks we once could only do while sitting in the office. While these devices attain lofty levels of convenience and connectivity, they also represent a very real threat.

Note that while we have been using ‘mobile threat’ for the sake of convenience, the term covers a whole range of vulnerabilities in the ways we do business. Mobile threats can come from:

1. Apps
   Recently Forbes reported that thousands of dangerous apps had been found on Google Play, including many that ‘even a tech-savvy user may struggle [to detect] before installation.’
   
   
2. Web pages
   In spite of assurances that there is such a thing as a secure website. ‘Secure’ merely refers to the connection. The website itself could still be rife with malware, spyware, and other malicious programs.
   
   
3. Emails
   Phishing is a relatively new term now familiar to anyone keeping an eye on mobile threats. Phishing emails seem to come from a credible or familiar source, but opening an attachment, clicking on a link, or even merely checking out the email itself can infect your mobile device.
   
   
4. Networks
   Why pay for data when you can surf for free? Because often ‘free’ wi-fi networks are anything but. By tempting users to log into such networks, hackers may gain access to all sorts of privileged information.
   
   
5. Physical access
   Mobile devices were created to go with you everywhere. Their very portability makes it far more likely for them to be left unattended, lost or stolen. Hackers who get their hands on unsecured smartphones have all the time in the world to access both the phone and your systems.

We will explore these security threats in more detail in our next article, Employee Negligence: The Greatest Mobile Threat is Sitting in Your Office. In the meantime, remember that where you see a necessary work device, a hacker may see lucrative, poorly-guarded opportunities.

While high profile cases would have you believe that only large companies are vulnerable to cyberattacks, American cybersecurity magazine, CISO Mag, quotes the president of Property & Casualty for the nation’s number one small-business insurer as saying: ‘Cyberattacks are one of the greatest threats to the modern company. Business owners are telling us that cybercriminals aren’t just attacking large corporations on Wall Street. They’re also targeting smaller companies on Main Street that often have fewer defense [sic] mechanisms in place, less available capital to re-invest in new systems and less name recognition to rebuild a damaged reputation.’

Malaysia is particularly vulnerable to cryptocurrency malware, ransomware attacks and drive-by download pages and the
cost of recovering from such attacks can be high (over RM200,000 for smaller companies, and millions or even tens of millions for larger companies).

Why the steep price tag? In an interview with The Edge Markets, President and Co-Founder of the International Council of Electronic Commerce Consultants (EC Council), Sanjay Bavisi, explained: ‘You have to pay (recovery experts), you also have to stop work. You have lost customer confidence, you are unable to grow your business further, your brand is completely affected; you just gave your competitors the opportunity to ride on your misery.’

A study of businesses in the US showed that 20% of cyberattack victims took longer than six months to recover, with 7% taking at least a year ‘to rebuild their reputation and customer trust.’ In some cases, the cost of recovery is simply too much to bear and the organization has no choice but to shut down.

The mobile threat is as much about people as it is about technology, and yet the greatest danger a company’s security is not the shadowy cyber villain in faraway lands. In fact, the cause of most companies’ priciest data breaches has a very familiar face, as we will see in our next article.