With the ubiquity of mobile devices, it’s no surprise that attackers are following suit and putting mobile technology in their cross-hairs. With nearly all employees accessing business networks via smartphones, mobile security is a threat not just to the device owner, but to the organization as well.

MOBILE MALWARE DEFINED

As the name implies, mobile malware is malicious software targeting mobile devices such as smartphones and tablets. Mobile malware attack methods, as with most cybersecurity threats, are constantly evolving, with new attack vectors working to cause mobile device system collapse and the loss or leakage of proprietary, confidential, or personally identifiable information. The following list provides an overview of common mobile malware types:

• Drive-by downloads: This malware type is automatically installed on a mobile device if the owner opens an infected email or visits a malicious website. These downloads often install any of a buffet of threats, such as spyware, adware, or even malware that makes the device a bot that can then send viruses or scan a company’s network looking for security vulnerabilities.
• Spyware and madware: Mobile adware, or madware, collects device data it can then use to spam you with ads. Madware is usually installed with spyware, which gathers data about the device’s passwords, contacts, location, and such, and passes that data to a nefarious third party.
• Viruses and Trojans: This good ol’ fashioned malware can be installed via a dropper, which is designed to bypass detection.
• Browser exploits: As with the desktop version, browsers on a mobile device can be dangerous territory, rife with threats and exploits just waiting to infect and spread.

And this is just a sampling of the known threats—attackers recognize mobile devices as an oft-overlooked avenue to reach corporate assets and are thus continuously developing new types of mobile malware.

THE NEED FOR A FOCUSED MOBILE STRATEGY

In a startling statistic, Verizon research reveals that almost 50% of enterprises consciously sacrifice mobile security for speed-to-market and profitability gains—an increase from nearly 30% in 2018. This relaxed approach to mobile security puts these companies at considerable risk of data loss and leakage, downtime, and noncompliance costs and repercussions. To protect company data and access, companies must develop and implement a mobile device security strategy that helps the organization anticipate and then avoid an attack. And, should an attack occur, companies must be prepared to quickly and effectively mitigate breach damages. For now, BYOD policies appear to be here to stay. As such, a strong mobile malware defense is the most effective addition to your company’s security posture.