These days there are barely some people who do not have smartphones and personal digital assistants (PDAs). These handy devices are more likable than carrying laptops as one can easily check emails, connect to social media, take photographs and communicate to the world. Also the devices are easy to carry in people’s pocket, handbags, and purses without any worries of weight and size. With lots of advantages and likelihood mobile devices are possessing growing threats to the personal data. Research shows that the number of vulnerabilities in mobile operating system (OS) increased in relative numbers since 2009 ( Ruggiero & Foote, 2011). The constant exposure to the public network, lack of security infrastructure, unnecessary apps download, Bluetooth connectivity, lack of encryption, connecting to the private network are some of the growing issues with the mobile devices and threats has been detected in growing numbers. Some of the data breaches shows following trends in mobile security vulnerabilities:
1) Operating System and application Vulnerabilities (Crimeware): The costliest cybercrimes are caused by the faulty system and the use of the back doors and SQL injection by exploiting the weakness in the operating system, hardware, firmware, protocol, or services to access data or to access other networks.
2)Denial of Service: Another form of the system attack is Denial of the service (DoS) which is caused by the weakness in the transit node commonly called “Ping of Death” or malfunction sending data into black hole.
3)Cyberespionage (Phishing): Phishing is a firm of the fraud in which the attacker tries to learn sensitive information such as username, password, account information by impersonating a business or person in email, IM or other form of communication.
4)Weak Security Controls: With the growing apps and websites the security has been vulnerable and proper testing techniques has been limited enforcing the manual testing as primary testing techniques. Sometime security is treated as separate entity and through validation is not made.
5)Acts of human error of failure: Inexperience, improper training, mistake of incorrect assumption, sending the information to the wrong recipient, not understanding the security controls, policies an standards are common accidental human error that happens every day in the work environment and it is causing the big percentage of cyber-attacks. Connecting the devices with the organization network, sharing network password and connecting the personal phones to the network are common mistakes the employee make.
In conclusion, modern day cybercrimes have diverse motives and are carried over different business domains including mobile operating systems. These enterprise systems and data are being targeted in various ways; Crimeware, Cyberespionage, denial of services, human errors, weak security control. Since it is impacting everyone we must tackle against it by raising the awareness, patching systems properly, creating new security innovations, using firewalls for the VPN connections and using encrypted file and email system, preventing public Wi-Fi connections.
References
Ruggiero , P., & Foote, J. (2011). Cyber
Threats to Mobile Phones. (C. M. University, Producer) Retrieved February
07, 2016, from US-CERT:
https://www.us-cert.gov/sites/default/files/publications/cyber_threats-to_mobile_phones.pdf
No comments:
Post a Comment