Mobile security is at the top of every company’s worry list these days — and for good reason: Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly intricate puzzle. The stakes, suffice it to say, are higher than ever: The average cost of a corporate data breach is a whopping $3.86 million, according to a 2018 report by the Ponemon Institute. That’s 6.4 percent more than the estimated cost just one year earlier.
While it’s easy to focus on the sensational subject of malware, the truth is that mobile malware infections are incredibly uncommon in the real world — with your odds of being infected significantly less than your odds of being struck by lightning, according to one estimate. Malware currently ranks as the least common initial action in data breach incidents, in fact, coming in behind even physical attacks in Verizon’s 2019 Data Breach Investigations Report. That’s thanks to both the nature of mobile malware and the inherent protections built into modern mobile operating systems.
The more realistic mobile security hazards lie in some easily overlooked areas, all of which are only expected to become more pressing:
1. Data leakage
It may sound like a diagnosis from the robot urologist, but data leakage is widely seen as being one of the most worrisome threats to enterprise security in 2019. Remember those almost nonexistent odds of being infected with malware? Well, when it comes to a data breach, companies have a nearly 28% chance of experiencing at least one incident in the next two years, based on Ponemon’s latest research — odds of more than one in four, in other words.
What makes the issue especially vexing is that it often isn’t nefarious by nature; rather, it’s a matter of users inadvertently making ill-advised decisions about which apps are able to see and transfer their information.
“The main challenge is how to implement an app vetting process that does not overwhelm the administrator and does not frustrate the users,” says Dionisio Zumerle, research director for mobile security at Gartner. He suggests turning to mobile threat defense (MTD) solutions — products like Symantec’s Endpoint Protection Mobile, CheckPoint’s SandBlast Mobile, and Zimperium’s zIPS Protection. Such utilities scan apps for “leaky behavior,” Zumerle says, and can automate the blocking of problematic processes.
Of course, even that won’t always cover leakage that happens as a result of overt user error — something as simple as transferring company files onto a public cloud storage service, pasting confidential info in the wrong place, or forwarding an email to an unintended recipient. That’s a challenge the healthcare industry is currently struggling to overcome: According to specialist insurance provider Beazley, “accidental disclosure” was the top cause of data breaches reported by healthcare organizations in the third quarter of 2018. That category combined with insider leaks accounted for nearly half of all reported breaches during that time span.
For that type of leakage, data loss prevention (DLP) tools may be the most effective form of protection. Such software is designed explicitly to prevent the exposure of sensitive information, including in accidental scenarios.