The Impact of Mobile Devices on Cyber Security - Essay Example

The Impact of Mobile Devices on Cyber Security The widespread popularity of mobile devices such as Smartphones, tablets, iPhones, and iPads has made modern life more convenient and productive. These technologically improved mobile devices assist people to perform a variety of activities such as online bill payments, online purchasing, fund transfer, and data transfer, and internet browsing. The major advantage of the modern mobile devices is that they can be used to perform those daily activities even while the users are on the move. It is observed that today mobile devices proliferate in corporate environments as these devices can be easily connected to company networks. Although these devices have become an integral part of the modern life, they raise certain potential challenges to the cyber security. According to experts, it is relatively easy to hack mobile devices as compared to other computer devices. Hence, they are highly prone to data theft. In addition, today mobile devices are widely used for cyber crimes because this practice reduces the chances of being caught. Despite numerous advantages including high productivity and greater convenience, mobile devices raise severe threats to cyber security. According to a study conducted among IT professionals (as cited in Dimensional research, 2012), nearly 89% of the organizations connect mobile devices to their corporate networks. Roughly 65% participants responded that their employees used private mobile devices to access the corporate networks. The participants also indicated the major mobile platforms used to access corporate networks were Apple iOS (30%), BlackBerry (29%), and Android (21%). Majority of the participants (64%) argued that there has been an increase in mobile devices-related security risks to their organizations over the past two years (Dimensional research, 2012). Today, companies store a variety of sensitive business information including corporate emails, business contacts, customer data, network login credentials, and employee data on mobile devices because such devices are easy to move from one place to another. Experts indicate that when these devices are used by careless employees, the organization’s cyber security is most likely to be compromised. For instance, it is often observed that employees connect their personal mobile devices to unprotected company networks like Wi-Fi in order to access internet. This practice increases the chances of malware attacks on the company networks and subsequently the malware-affected network may cause to lose the valuable business information stored in the company’s mobile devices. In addition, fraud employees can easily copy sensitive company information to their personal mobile devices within seconds and such issues can challenge the firm’s cyber security. Similarly, mobile devices are extremely prone to theft and loss due to their small size and high portability. If mobile devices reach the hands of third parties, they can access the data stored in it using highly advanced applications even though those devices are password-protected. Due to their small size, it is easy for external people to steal mobile devices. Evidently, data theft by individuals would more harmfully affect an organization than data loss due to malware attacks. In case of data theft, there might be a possibility of leaking the sensitive data to business competitors. This type of data loss or theft from mobile devices would extremely impact individuals too. Probably, people will store their family-related images and videos and other personal documents on their mobile devices. If such data are accessed by unauthorized people, this would cause great troubles to the users. Kuspriyanto and Noor (2012) point that the use of NFC (near field communication) in mobile payments systems make mobile platforms vulnerable to financially motivated cybercrimes. Evidently, such issues often cause users to suffer huge financial losses. Today, business organizations widely use social media websites like Facebook, Twitter, and Skype to market their products and services and to collect feedbacks from clients. However, recent reports indicate that the presence of malware is high in these social networking sites. These malwares can easily attack mobile devices that are widely used today to login to social networks. Once the mobile devices are affected by malware attacks, the threat may naturally spread to the company networks too. Ultimately, the situation would negatively affect the cyber security of the organization. Reports (as cited in Cooney, 2012) indicate that malicious applications are particularly targeting mobile devices considering the widespread popularity of mobile devices like iPads. The number of malicious software targeting mobile devices has increased from 14,000 to 40,000 over the last year. In addition, the number of vulnerabilities of mobile devices also rose from 163 in 2010 to 315 in 2011, representing an increase of over 93%. As of the first half of 2011, roughly half million people had their Android devices affected by malwares (as cited in Cooney, 2012). As Venter and Eloff (1998) indicate, hackers use a variety of methods including data interception to obtain access to users’ sensitive information. Other major hacking threats to mobile devices include browser exploits, keystroke logging, malware, unauthorized location tracking, network exploits, phishing, spamming, spoofing, and zero-day exploit. The growing number of vulnerabilities in the design and configuration of mobile devices greatly assist hackers to gain access to the users’ data. In addition, the way people use their mobile devices also influences the cyber security. For instance, some users do not enable password protection or keep their operating system up to date with late security patches. Under such circumstances, it is easy for hackers to gain unauthorized access to user data. Sometimes, a mobile device is used by several users. This practice may aid interest groups to install key logging software in the mobile device and thereby to gain user passwords and other written data. Data interception is the major technique through which mobile devices are made vulnerable to cyber security failure. Under this method, hackers try to focus on intercepting communication to and from the device instead of targeting the mobile device itself. As a result, the user loses his confidential data during the course of mobile communication. As Friedmana and Hoffmanb (2008) point out, although there are many techniques to prevent such threats, a significant percent of people are not much aware of the importance of cyber security. Similarly, Bluetooth enabled mobile devices are more likely to compromise cyber security. To illustrate, Bluetooth has been widely used as the medium for data transfer in many of the modern mobile devises. In the same way, there are numerous applications that depend on the same technology, which in turn intensify the need for comprehensive security mechanisms. As pointed out by experts like Robayet (2012), the authentication and encryption functions on the mobile devices can be easily disabled. In other words, the default configuration settings of the devices are not always reliable and secure. Another major weakness of the Bluetooth is that it currently provides only device authentication and not user authentication. One of the attacks of these sorts is termed as ‘Bluesnarfing’, which “allows illegal connection to a device silently without alerting the owner of the device and the need of the approval from the owner” Through Bluesnarfing, attackers can access even the restricted area, including the “phonebook, pictures, settings, messages, call history, and phone serial numbers” (Ho, Brian, Kwong & Wu (n. d.). In short, the widespread use of mobile devices has intensified cyber security issues recently. Despite the numerous advantages and feasibilities, mobile devices are still prone to threats including data theft and malware attack. The small size and portability of the devices increase the probability of data theft whereas, technologies like Bluetooth raise potential security threats to modern mobile devices. Admittedly, the way people use devices is very important with regard to cyber security issues. Enabling password protection and using newest security applications is the important but primary step a user can take up in this context. References Cooney, M. (2012). Cybercrime-fest targets mobile devices. Network World. Retrieved from http://www.networkworld.com/community/blog/cybercrime-fest-targets-mobile-devices Dimensional research. (2012). The impact of mobile devices on information security: A survey of IT professionals. Retrieved from http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report.pdf Friedmana, J & Hoffmanb, D. V. (2008). Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses. Information Knowledge Systems Management, 7: 159–180. Ho, S., Brian, N., Kwong, J & Wu, F. (n.d.). Security Analysis of Bluetooth Enabled Mobile Devices. Retrieved from http://courses.ece.ubc.ca/412/previous_years/2005/modules/term_project/reports/2005/Security_Analysis_of_Bluetooth_Enabled_Mobile_Devices.pdf Kuspriyanto, H. E & Noor, B. (2012). Mobile Payment Protocol for Tag-to-Tag Near Field Communication (NFC). International Journal of Interactive Mobile Technologies, 6 (4): 34-38. Robayet, N. (2012). Security threats analysis in Bluetooth enabled mobile devices. International Journal of Network Security & Its Applications, 4 (3): 41-56. Venter, H.S & Eloff, J.H.P. (1998). Data packet intercepting on the internet: How and why? A closer look at existing data packet-intercepting tools. Computers & Security, 17 ( 8): 683. Read More