Mobile security compromised by ?jailbreaking? phones

Posted by skyhighnetworks on June 24th, 2014

Mobile security breaches and leaks are imminent threats facing enterprises today. While hackers definitely pose a security threat, employees may actually create more harm to a company. According to security analyst Kevin Sze, “Your employees who frequently use cloud services pose a larger threat to your organization than hackers”. Research group Gartner expounds on this impending threat, reporting that, “In 3 years, 75% of company-wide data breaches on mobile devices will be caused by the misuse of cloud applications & services.” Hence, mobile security is an issue that should be addressed immediately by corporations, given the recent increase in mobile security breaches.

While attacks on mobile platforms are actually quite uncommon, the instances where employees use cloud services & applications to store documents via mobile platforms have now become an everyday occurrence. Thus, “placing corporate information in the cloud for remote working can build an uncontrolled stash of sensitive data”, says Gartner principal research analyst Dionisio Zumerle.

Additionally, employees can further put sensitive and confidential company data at risk by modifying one’s mobile device operating system. Given the mass appeal and commercialization of jailbreaking iPhones & rooting android devices, operating system manipulations have become quite common in the workplace. If a piece of malware indeed infiltrates a jailbroken or rooted mobile device, it’s an easy operation to extract highly confidential information. Furthermore, jailbroken or rooted devices are increasingly disposed to cryptanalytic attacks which systematically running through all possible keys or passwords, until successful.

Mobile device adoption is set to continue its astronomical rise, with 2+ billion smartphones & tablets projected to be sold this year, Gartner reports. With this rise of smartphones and tablets, while sales of traditional PCs decreasing, attacks on smartphones and tablets are increasing, states research firm Gartner Inc. By 2017, the focus of endpoint breaches will move to mobile platforms: tablets and smartphones. Furthermore, Gartner states that 75% of all mobile security breaches will be the result of mobile application misconfiguration and misuse – issues which can be easily evaded.

According to Dionisio Zumerle, principal research analyst at Gartner, a typical scenario of misuse of cloud services occurs via smartphone and tablet apps.  “When used to convey enterprise data, these apps lead to data leaks that the organization remains unaware of for the majority of devices," he said. Therefore, one of the best defense mechanisms for a company is to enforce safe utilization and configuration. One way to enforce this would be conducted via a mobile device management policy. 

In conclusion, CIO’s and information technology leaders should make active efforts in defending against malware on mobile platforms. Principal Analyst at Gartner, Zumerle states, "You have to cleanout the hype about mobile security attacks and find out which are the real risks for the enterprise. At this moment, the attacks are not very advanced. They're very plain." In order to combat mobile security threats, Zumerle suggests clients take on a more strategic approach on mobile security, by purchasing advanced technologies which not only cover issues present today, but also those that can adapt to future threats and conditions as they arise.

Author :
Skyhigh Networks, the Cloud Security Services company, enables companies to embrace Cloud Security Services with appropriate levels of security, compliance, and governance while lowering overall risk and cost. With customers in financial services, healthcare, high technology, media, manufacturing, and legal verticals, the company was a finalist for the RSA Conference 2013 Most Innovative Company award and was recently named a "Cool Vendor" by Gartner, Inc. Headquartered in Cupertino, Calif., Skyhigh Networks is led by an experienced team and is venture-backed by Greylock Partners and Sequoia Capital. For more information, visit us at http://www.skyhighnetworks.com/mobile-security/ or follow us on Twitter@skyhighnetworks.