Mobile Devices: Five Billion New Doors to Cyber Threats
Over the past few years, a rising number of cyber incidences has compelled business owners to sit up and pay attention.
The threat affects companies of all sizes and in all countries, and by 2020, the impact of digital security breaches on the global economy is expected to reach nearly RM5 trillion.
Mobile devices are (literally) the key
A growing reliance on mobile devices in the workplace is partly responsible for this sharp rise in cyber-attacks. According to the Global System for Mobile Communications Association’s (GSMA) real-time tracking, at the time this article was being written there were over 5.1 billion unique mobile subscribers (with 743 new ones in the time it took to type this sentence). That’s billions of access routes into corporate networks, with billions more if you count cellular Internet of Things (i.e., devices you can control remotely via your mobile phone).
A 2018 survey found that mobile applications were the third highest security risk to businesses in Asia Pacific. In Malaysia, the average number of devices per person is 2.5, making this one of the region’s top hotspots when it comes to mobility.
Malaysia's mobile threat
Obviously, it is not the number of smartphones alone that makes us targets. It is also how prepared the country is to deal with attacks, and unfortunately, there we are also found lacking. As NST columnist David Shephard recently warned, ‘In ASEAN countries, enterprises’ rapidly expanding cloud footprints make them a prime target for cyber-attacks. While Malaysia is ranked third globally in commitment to addressing cyber security issues, it is also ranked sixth in the region and 33rd globally in vulnerability to cyber-attacks.’
This likely explains the findings of a study conducted by research firm Frost & Sullivan, which predicts that cyber threats could cost Malaysia more than 4% of the country’s total GDP.
Why hackers hack
Hackers are motivated by a number of things, including:
Hackers are criminals and therefore primarily tempted by the same thing that attracts their traditional counterparts: cold hard cash. A hacker who uses your mobile devices to gain access to company data and systems may then extort, blackmail, steal, sell, or use a number of other ways to take (or force you to hand over) money.
When most of us need servers or storage space, we buy it. Hackers might merely want to ride on your infrastructure to save the cost of paying for their own.
Hackers are experts at stealing personal data that enables them to pretend to be someone else. Consider the amount of power that hacker could acquire if all systems, employees, customers, etc. believed they were receiving directions or requests from one of your directors.
Sometimes the attack is ideological. So-called ‘hacktivists’ (hacker-activists), may infiltrate your systems to prevent what they believe are unethical or oppressive practices. In a high profile incident in 2014, North Korean hacktivists claimed responsibility for the theft and public release of employee and upcoming project data owned by Sony Pictures. It is thought they were provoked by a film which satirized their leader, Kim Jong-un.
Often the attacks are personal. A disgruntled employee, or a person who holds a grudge against your industry or company may seek no more gratification than to cause a nuisance or bring you down.
When it comes to motives to commit a crime, this is pretty unique to hackers. The truth is, some of them simply enjoy the challenge. Admittedly, you get more ‘street cred’ from breaking into large organizations, but even small companies serve as a training ground for the aspiring cyber-criminal. New technology, including mobile devices, offer a brand-new play area for these true crime gamers.
- To raise alarms
While this may seem like a contradiction in terms, ‘ethical hacking’ is a real thing. Often hired by the very companies they hack, these individuals use their tech skills to identify security weaknesses, which can then be repaired before real criminals find them.
In one famous case, researchers were alarmed by the dangers posed by an insulin pump that could be controlled remotely. When the manufacturer refused to take remedial action, the researchers highlighted the problem by creating an app to demonstrate that it was possible to remotely murder users.
- It’s not that hard
Security, laws, and enforcement have not caught up with either technology or criminal minds. New technologies quickly outpace our abilities or even understanding of how to use them safely. Mobile devices and the Internet of Things are brimming with vulnerabilities, which hackers sometimes discover even before the manufacturers or programmers who created them.
Regardless of a hacker’s motivation, there are steps proactive leaders can take to protect their companies from mobile threats. These will be explored more in the next few articles in our mobile threat defence series, starting with the cost of a security breach.