Is your smartphone smart enough?

The short answer is ‘No’.

When security breaches and significant hacking incidents make headlines, they tend to be about celebrities who got their personal pictures leaked, ill-fated technology failure, or human error. If you think that you can’t fall victim to hackers because you’re not a person of interest or rely on your antivirus software, you may want to reconsider that. Not only your devices can be hacked, but it can also happen easily, quickly, and without your notice.

Today we’ll focus on the weak link you always carry in your pocket: your smartphone.

Smartphone attacks are on the rise, and nobody is safe Your smartphone knows more about you than you do. It knows where you are all the time, it knows who you talk to, it knows what you say, it stores all your passwords, and it probably tracks your heartbeat as well. It has all your photos (even the deleted ones), and we’re quite sure you use the same device to share sensitive business information via text with your co-workers, employees, or partners. Oh, and let’s not forget about your mobile banking app that probably has the “Remember password” box checked for convenience’s sake.

It’s no wonder why cyberattacks targeting smartphones and mobile devices, in general, have risen by 50% in 2019. 2020 doesn’t look too good either, as security experts noticed many attacks targeting home-workers by exploiting coronavirus-related concerns.

COVID-19-themed cyberattacks spiked to nearly a million a day in March. Moreover, experts predict that the average cost of data breaches will be around $150 million in 2020, and cybercrime will cost the world $6 trillion by 2021. Every device with an internet connection is hackable, and nobody is safe. As the attacks have increased in sophistication so much that not even the rich and famous have access to special types of unhackable phones.

Top shocking mobile hacks targeting the “rich and famous”

  • Mark Zuckerberg, the CEO of Facebook, got hacked three times in 2016.
  • Jeff Bezos, the Amazon founder, had his phone hacked in May 2018 via a Whatsapp message containing a video.
  • Scarlett Johansson, Miley Cyrus, Jessica Alba, Jennifer Lawrence, and many other A-list celebrities also had their phone-taken pictures stolen by hackers.
  • Earlier this year, Twitter’s staff members were targeted with a spear-phishing attack through their phones, which led to attackers compromising the accounts of Bill Gates, Joe Biden, and Kim Kardashian.
  • Verizon’s 2013 Data Breach Investigations Report found that 95% of advanced attacks involved spear-phishing scams with e-mails containing malicious attachments that cause malware to be downloaded directly onto the user’s device, giving hackers a foothold into the organization.

And given the fact that most of us check work e-mails and download attachments blindly on our mobile phones during lunch breaks, your company’s internal systems are now more at risk than ever.

Why should you be scared of phishing attacks?

Mobile phishing campaigns will become harder and harder to spot, and as the line between a personal device and a work device gets blurrier, attackers are aware of how easily they can exploit channels outside the safety of corporate security to gain access to a company’s infrastructure. You need to be extra careful with your business’ sensitive information To put things simply if you’re an executive with business information stored on your phone, you’re a target.

“You don’t have to be a multi-million dollar enterprise owner to become a hacker’s target”

Corporate espionage stories are not only intriguing Hollywood movie plots; they happen in real life. For example, in 2010, Google fell prey to a sophisticated cyberattack (known as Operation Aurora) launched from China, which resulted in massive intellectual property theft. Apparently, the attackers targeted the Gmail accounts of a wide range of companies in finance, technology, media, and chemical industries, along with Chinese human rights activists.

And let’s not forget about Operation Shady RAT, which affected more than 70 companies and organizations from all over the world, such as the International Olympic Committee, the United Nations, and the World Anti-Doping Agency. McAfee identified malware spread via e-mail, providing the attackers with access to top-secret government documents, legal contracts, and sensitive data. Since we mentioned McAfee, the cyber-security company reported another corporate espionage case in 2011, known as the Night Dragon.

The operation involved Chinese hackers attacking the largest European and American energy businesses, gaining access to maps with potential oil reserves. In 2016, a few Chinese hackers gained access to more than a million Android devices, making around $500,000 a month by exploiting them. The victims simply downloaded legitimate-looking apps that contained malware that took over their phones.

The hackers developed a “business model” that consisted of scamming marketing companies into paying to boost the popularity of some mobile apps, as infected phones loaded, opened apps, and even left feedback on marketplaces such as Google Play without the owner’s knowledge.

That being said, unfortunately, there’s no silver bullet for cybersecurity, as the threats are continually advancing in complexity, and executives must keep up the pace. Enterprises of all sizes must protect themselves against more than 500.000 new threats developed daily, so how do we keep our business assets and trade secrets safe and prevent massive capital and intellectual property loss?

Looks like prioritizing security to prevent intrusion, control networks, identify, filter, and block malware across multiple mobile devices simultaneously is a must for any company out there – big or small.