A Global cybersecurity company has detected and blocked 22,248 mobile malware attacks against its users in the Philippines during the first half of 2021.
This underlines mobile threat is now a concern for enterprises and employees alike amidst the continuing remote work as the pandemic continues to force companies to set up their remote office environment. This trend keeps the population safer physically, but also opens vulnerabilities against enterprises.
And because some companies adopted the “bring your own device (BYOD) policy, it increased employee’s role in a company’s network security.
It is an open knowledge that employees use their personal gadgets, personal or office provided, for consuming information both for entertainment and education, and for the younger workforce, the same devices are used for gaming.
In addition to this, in a Kasperski-initiated survey last year, 33% of the 6,017 employees worldwide use their office devices to watch adult content, a fave target of cybercriminals.
With these risks more rampant in a work from home set-up, companies should revisit their policies, access rights, and security setup to block cybercriminals from entering their enterprise network through infected gadgets.
Mobile malware refers to malicious software specifically targeted to infect mobile devices including handsets, tablets, and other smart gadgets. While mobile malware hasn’t quite caught up to its PC counterpart in terms of volume or complexity, experts are seeing more mobile-specific malware designed to prey on smartphone features or tablet vulnerabilities. In the continuing era of remote work, mobile malware can steal an individual’s personal data but also be a launchpad for a targeted attack against a user’s employer.
In Southeast Asia, Indonesia logged the highest number of foiled mobile attacks from January 2020 to June 2021 followed by Malaysia and Thailand. Indonesia also ranked 3rd in terms of mobile malware detected in the second quarter of the year. In terms of the percentage of users attacked by mobile malware, 4.42% were from Malaysia, followed by Thailand (4.26%) and Indonesia (2.95%). Singapore is quite close with 2.83% of mobile users almost infected by this type of threat. The Philippines (2.27%) and Vietnam (1.13%) logged the lowest percent during this period.
The three most common mobile threats are:
- Trojans – malicious programs that perform actions that are not authorized by the user. They delete, block, modify or copy data, and disrupt the performance of computers or computer networks.
- Trojan-Downloader – downloads and installs new versions of malicious programs, including Trojans and AdWare on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs that will run automatically when the operating system boots up.
- Trojan-Dropper – programs that are designed to secretly install malicious programs built into their code to victim’s computers. This type of malicious program usually saves a range of files to the victim’s drive and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Given that hybrid work arrangements and BYOD are here to stay, organizations should practice digital hygiene and roll out a cyber wellness program for the company, and provide them encrypted devices. A clear policy on online activities and behavior will also guide employees.
Likewise, a clear protocol on online safety will also increase collaboration between the company and employees:
- Ensure your employees have all they need to securely work from home and know who to contact if they face an IT or security issue.
- Take key data protection measures including switching on password protection, encrypting work devices, and ensuring data are backed up.
- Ensure devices, software, applications, and services are kept updated with the latest patches.
- Install proven protection software.
- Enable the protection available on mobile devices, like anti-theft capabilities, locking and wiping of data, screen locking, passwords, and biometric security, etc
- Ensure employee router working from home supports works smoothly when transmitting Wi-Fi to several devices simultaneously, especially when there is heavy traffic (as is the case when using video conferencing).
- Ensure employees will regularly update their router to avoid potential security issues.
- Advice employees to set up strong passwords for their router and Wi-Fi network.
- For devices issued by the company, restrict use for work purposes only.
- Advise employees to not share their work account details with anybody else.