Mobile Ransomware Attacks: Don’t Let Your Business Apps Fall Prey to Malicious Code

Mobile Ransomware Attacks: Don’t Let Your Business Apps Fall Prey to Malicious Code
September 11, 2017 Krisztian Toth
mobile ransomware

Due to some recent major cyber attacks like Petya and Locky, security has again made it to the top list of concerns of businesses worldwide as they are learning the hacker slang the hard way.

Should security be one of your primary concerns, too, we give you a realistic overview of the threats and also some useful tips on how you can protect your business from such attacks. And not only on the good old desktop: as smartphones are on the way to become the most used devices in the workplace, you need to get ready to protect them as well!

mobile ransomware

 

Business desktops under attack again

Malicious code that blocks access to data or a whole computer by encrypting the files seems a successful recipe for easy money and extensive media attention. They provided an opportunity to talk digital security strategies good and bad as WannaCry hit corporations like Renault, Deutsche Bahn, and FedEx, and a reinvented version of Petya made its way to Russian and Ukrainian banks, Maersk, and WPP.

And this is not ‘just’ about the desktops anymore. With less publicity, attacks such as Fusob, Svpeng, and SMALL, also threatened mobile devices and systems  – just to mention a few. Enterprise mobility is no safe territory, anymore, and the vulnerability goes further than a weak endpoint: we’re talking about personal consumer devices storing or accessing company data.

 

Corporate security strategies revised

The broad reach of attacks forced many companies to alter their security policies regarding user control, transparency, the IT-departments’ role, and general awareness, especially as more and more enterprise software has its mobile version developed.

The risks can no longer be denied: there is much to do about:

  • A workforce that is increasingly mobile but not necessarily more experienced in protecting corporate data.
  • The volume and types of devices used in a workplace and how these devices handle data.
  • Reshuffling IT’s priorities: taking security measures, educating a wider group of stakeholders.
  • Analysing all the possible effects of a data breach on the business.

Besides the prevention measures mentioned above, you will also need protection. For example, anti-virus software makers are also adding their part in preparing for more assistance and expanding even more in the mobile space.

Symantec was the last to make the news with two recent acquisitions: the Israeli Skycure with a focus on predictive threat detection, and Fireglass with a browser isolation technology that helps to stop the spreading of malware.

VMWare has partnered up with Trend Micro to provide better protection against mobile attacks. It does that by allowing IT-administrators to get a birds-eye view of their (ever-growing) network, quickly identify threats, and make more informed decisions based on what they saw.

 

Securing mobile business applications in a future-proof way

The first step is to accept that every business is at risk: big or small, with or without a field team, working on any operating system. Also, every application is vulnerable to some extent. Then, take time to understand your current type and level of protection, so you’ll know what you’re missing: this way, you can react faster in case of an attack.

 

More focus on user behavior

In protecting your data in association with mobile apps, user behavior is crucial. From this perspective, your Millennial workforce might be the more at risk.

With a security awareness training, you can educate your staff about best practices, such as regularly updating the apps they use and the safety implications of sending mobile data through public wireless networks.

The best business mobile apps update themselves automatically for more protection, but it’s always worth to double-check.

 

Application control

As apps are becoming more and more dominant in the modern workplace, their integration becomes more important as well. The anti-virus software, the MDM or EMM should all work together in stopping any possible attacks and allow for maximum security.

Solutions that are independent of the location of the data, like precisely setting access rights and multi-level identification app by app, generally work well.

The successful combination of these methods might vary by company, but the goal is clear: to pass the five security checkpoints of a secure mobile business app. These checkpoints are the following:

  • Secure code. Developers use encryption, audits, reviews, testing, approval processes to make sure no malicious code could appear.
  • Secure data. Proper and up-to-date encryption of data ensures protection against misuse.
  • Secure access. Role-based access provides an extra layer of security to passwords.
  • Secure communication. The mobile app and the back-end should communicate with proper encryption and authentication protocols, like SSL/TLS.
  • Secure third-party services. The risk of each provider should be assessed and their security and risk management program revised.

If you are aware of the industry standards, best practices, and user-generated issues that might have an impact on security, you have already taken a big step forward in securing your mobile business apps.