Canadian Underwriter

Network attacks hit a third of executive mobile devices in second quarter of 2016: Skycure

September 27, 2016   by Canadian Underwriter

Print this page Share

Just shy of a third of executive mobile devices were exposed to network attack during the second quarter of 2016 and almost as high a percentage were infected with malware, leaving valuable, sensitive data vulnerable to cyber criminals, notes a new report issued Tuesday by California-based Skycure.

Mobile “devices have a combination of apps with sensitive data, including personal, corporate and customer information, making them a valuable target for malicious hackers,” notes a statement from Skycure, which offers a platform to predict, detect and protect against existing and unknown mobile threats.

The fourth Mobile Threat Intelligence Report – which focuses on executive mobile devices, determined based on the installed apps – reflects worldwide mobile threat intelligence data from the company.

Tens of millions of monthly security tests were carried out from April through July involving both unmanaged devices and those under security management in enterprise organizations. The testing includes devices being used by both executives and non-executives.

“Executives tend to carry more devices than other employees, and typically have greater access to critical corporate or government information that would be valuable for a hacker to steal, making them ideal targets,” the report states.

Specifically, it notes that 32.5% of executive devices were exposed to network attack in April through June.

“The most frequent threats to mobile devices come from the networks they connect to, exposing communications and potentially compromising the device beyond the period it is connected to the malicious network,” the report explains.

At some point, Skycure points out that 6.3% of executive devices have been infected with high-severity malware and 22.5% have been infected with high- or medium-severity malware.

“While malware is occasionally identified and removed, this study determined that at any point in time, 1 in 50 executive devices is infected with high-severity malware, providing malicious hackers with continuous access to sensitive data and conversations,” cautions the report.

Malware infections

Executives taking part in the study had a variety of apps on their devices that hold sensitive information, including apps for customer relationship management, document storage and editing, expense tracking and “other mission-critical apps that may be designed specifically for their business,” the report notes.

“Personal apps, like those used for banking and investing, also hold or access sensitive data that may be tempting for hackers to try to view or steal,” it adds.

“Executives hold the keys to the corporate kingdom on their devices and hackers know it,” Yair Amit, Skycure’s co-founder and CTO, comments in the statement.

“Between ransomware, spear-phishing and simple network attacks, executives can not only expose their own data, and that of customers, but open the door to corporate espionage and other attacks,” Amit points out.

The Skycure Mobile Threat Risk Score – which takes into account recent threats to which a device was exposed, user behaviour and device vulnerabilities and configuration – shows about 32% of all mobile devices are medium-to-high risk.

That said, the percentage of high-risk devices dropped slightly in the second quarter of 2016 to 1.7%, the report states. “These devices have either already been compromised or are currently under attack.”

Skycure data indicates almost 23% of all mobile devices experience network attack in one month of observation, with that percentage increasing to more than 41% after three months.

Cumulative Exposure

“Regardless of how malicious the intent of the network threat is, individuals and organizations would be wise to avoid any network that does not accurately and securely perform the connection services originally requested by the user and the device,” states the new report.

Perhaps more positive, the report notes, is that executives are more security-aware than their counterparts in the general population.

That is reflected in the fact that 7% more executive devices had a pass code enabled on their device than the general population, and 67% of executive Android devices had been updated to Marshmallow.

“Considering the vast majority of operating system patches address security issues, quickly updating to the latest OS version is an important step to minimize the risk of exposure to device vulnerability exploits,” the report emphasizes.

That said, “the increase in security awareness of executives over the general population is relatively small,” the report cautions.

“So, as encouraging as this trend may be, it is unlikely to even come close to offsetting the added risk factors that executives introduce,” the report adds.

The report notes its recommendations include the following:

  • use a numeric or biometric pass code on the device in case it is stolen;
  • avoid connecting to public WiFi networks;
  • avoid accessing highly sensitive information when connected to public WiFi;
  • be sure WiFi name is sensible for the location;
  • only download apps from reputable app stores;
  • update the device to the most current operating system to have all security patches;
  • disconnect from the network if the phone behaves strangely (crashes or warnings); and
  • read security warnings and do not “Continue” if the exposure is not understood.