SynthesisEssay: The Impact of Mobile Devices on Cyber Security
SynthesisEssay: The Impact of Mobile Devices on Cyber Security
Technologyhas enhanced the quality of life and efficiency with whichcorporations can share information with their customers andemployees. The development of mobile devices is one of the keytechnologies that have revolutionized lives and the businessenvironment. However, the excessive use of mobile devices to accesscorporate networks has increased incidents of cyber security (Garba,Murray & Armerego, 2015). Most of the previous studies focused onthe end-user risk factors, but little has been done to assess thecorporate environment and dangerous behaviors that increase thesusceptibility of corporations (Glisson & Storer, 2013). Thispaper is a synthesis of articles that address the issue of therelationship between an increase in the use of mobile devices and thethreat of cyber attacks.
Mobiledevices as a risk factor to an increase in cyber insecurity
Theuse of mobile devices has enhanced the lives of the people byfacilitating an effective and affordable communication, but it has anequal measure of challenges. Initially, computers were the majorcauses of cyber insecurity for organizations and individuals, butrecent trends indicate that mobile devices are the primary sources ofrisk. A report published by Keravalla(2015)indicated that an organization that has a total of 2,000 devices onits network has a 50 % chance that at least six of them will sufferfrom incidents of cyber attack.
Thehigh chances of the organizations being attacked throughinterconnected mobile devices have been attributed to numerousfactors. According to Keravalla(2015) the fact that about 75 % of the users of mobile devices accesscorporate information from different locations and at any time, aslong as they have the internet connection has limited the capacity oforganizations to enhance security of their networks. By allowingclients to access information from any location and at all times hasenhanced efficiency, but it has also created a platform forcyber-insecurity to thrive. This is because it has becomeincreasingly difficult to monitor the network and identifyunauthorized users. In addition, there are high chances thatemployees of a given organization will be tricked by fake internetproviders who wish to capture information that is downloaded oruploaded through their mobile devices. This is a common risk factorthat occurs when employees use free-WiFi that is offered by anonymousindividuals in the urban areas, especially in the restaurants, toaccess their employer’s network on their mobile devices (Keravalla,2015).This category of cyber criminals captures personal data (such aspassword and other login details) that is used by the employees toaccess the organization’s network and critical information.
Theuncontrolled growth of the market share for mobile devices has alsobeen identified as a major security threat. The findings reported byU.S. Computer Emergency Readiness Team (2010) indicated that themobile broadband connection increased at a rate of 850 % in 2008(U.S. Computer Emergency Readiness Team, 2010). Although this growthallowed more than 4.6 billion users of mobile devices to enjoy theinternet services, it did not create room for technologists todevelop security measures that could counter potential securityrisks. This increased the vulnerability and viability of mobiledevices to cyber criminals.
Theinterconnection of many devices has reduced the cost of sharinginformation, but it is also associated with a high risk of spreadingthe virus across the interconnected mobile devices. AccordingKeravalla(2015)mobile devices are at a high risk of getting infected with malwarewhile they are offline and the spread the virus to other devices oncethe user connects to the organization’s network. Therefore,interconnected mobile devices are a security threat to each other.
Mobiledevices and a change in cyber security trends
Technologyis considered as one of the fasted evolving economic sectors.However, cybercrime, which is one of the major challenges associatedwith technological advancement, evolves at the same rate as theunderlying technology. One of the key areas that have changed overtime is the motive behind cybercrime. According to Goldfarb(2016)most of the cyber criminals engaged in this risky behavior with theobjective of stealing money, but they are emerging motives behindmodern crimes. For an instant, the number of cyber crimes committedwith ideological as well as political agendas behind them has grownto five percent (PonemonInstitute, 2012).This emerging category of cybercrime is committed by individuals whoaccess corporate information that can help them accomplish politicaland ideological purposes, such as terrorism. In addition, trendsindicate that cyber criminals are continually shifting their focusfrom intellectual property to personal identification information,which has become easier to access with the increase in theapplication of the mobile devices.
Inaddition, the perpetrators of cybercrime have changed their tacticswith time in order to increase their ability to penetrate the moderntechnology. For an instant, the use of malware to accomplishcybercrime has decreased with time following the development ofstronger tools to detect and prevent it (Goldfarb,2016).Most of the perpetrators are currently using genuine software that isdifficult to detect and prevent. The utilization of mobile deviceshas made it increasingly difficult to monitor a large number ofinterconnected gadgets, where some of them could be accessinginformation with the wrong motives. The process of monitoringcorporate networks has become quite expensive, where the cost ofinvestigating a single incident is estimated to cost between $106,904 and $ 298,359 (PonemonInstitute, 2012).Mobile devices have been shown to cause a security challenge even tothe developed countries, where the U.S has about 11 % and Germanynine percent of all gadgets being affected by cybercrime (PonemonInstitute, 2012).
Anincrease in the pace at which the perpetrators of cybercrime targetmobile devices is attributed to several factors. The most significantcontributing factor is the sluggishness in the development ofeffective detection capabilities. This has allowed criminals to catchup with the technology and attack thousands of organizations eachyear (Goldfarb,2016).The lack of adequate dedication of the management has also beenreported as one of the risk factors for an increase in securitythreat in the era of a rapid growth in the application of mobiledevices (PonemonInstitute, 2012). Companiesoperating in Germany and U.S. report the least number of cases ofcyber crimes associated with mobile devices because they are able touse a combination of strategies (including employee training,firewalls, and IPS) to detect and prevent attacks.
TheBring Your own Device (BYOD) as a risk factor for cyber security
Manyorganizations are guided by an idea that allowing their employees andsuppliers to buy their own mobile devices and use them to accesscorporate networks could help them reduce the cost of operation.However, trends indicate that the large number of employee-owneddevices limit the capacity of corporations to control and protect thenetworks from unauthorized access. According to DimensionalResearch (2013) about93 % of all mobile devices are connected in one way or another tocorporate networks and approximately 67 % of them are personal. Thesame study indicated that about 96 % of the corporations in the U.S.reported an exponential increase in the number of personal devicesbeing connected to their networks each year, where more than 45 % ofthe organizations experienced a growth rate of five times(DimensionalResearch, 2013).
Thehigh level of vulnerability is associated with the lack of adequateand effective BYOD policies, coupled with uncontrolled growth in thenumber of personal devices. Out of all corporations that allow theuse of personal devices to access their databases, about 93 %reported that the application of tablets and smart phones was a majorsecurity issue (DimensionalResearch, 2013). About63 % of these organizations held that their main challenge was tosecure corporate information while 63 % stated that keeping track andcontrolling the networks had become almost impossible. Thesestatistics indicate that the security threats have gotten out ofcontrol for most of the corporations that have adopted the BYODstrategy. Most importantly, a large number of these corporations havestopped monitoring the application of these devices on theirnetworks. For example, statistics show that about 63 % of theorganizations with NYOD strategy no longer manage the informationthat resides on those devices (DimensionalResearch, 2013).It is only 37 % of them that are concerned about security threats,where 21 % use active-synch policies, 15 % Mobile Device ManagementTools, and 8 % utilize secure containers to protect their networks(DimensionalResearch, 2013).
Thehealth care sector provides a useful case study of the relationshipbetween an increase in the application of mobile devices and securitythreats. These devices are utilized in the health care sector tominimize the cost of health and enhance efficiency in delivery ofservices. However, studies have shown that an increase in the levelof integration is positively related to the risk of compromise of theentire system as well as the data stored in it (ConnexionHealth Care, 2013).The high risk of compromise is attributed to poorly configurednetworks, the lack of adequate incorporation of IT products, and poorcyber security practices. This suggests that most of the risks areassociated with the weaknesses that occur in systems that aredeveloped by the health care facilities. However, there are someactivities that employees and clients of the health care facilitiesmay engage in and enhance the level of security threat by enablingthe cyber criminals to take advantage of the weaknesses existing inthe organization’s system. These activities include softwaredownloads, access to communication networks, leaving mobile devicesto untrustworthy persons, and accessing malicious websites (ConnexionHealth Care, 2013).Therefore, the overall level of threat is determined by theorganization, employee, and client practices, which makes itincreasingly difficult to protect corporate information.
Dangerousbehaviors regarding the utilization of mobile devices
Althoughmany scholars have blamed organizations for the increase in thevulnerability of their networks, there is sufficient data to showthat employees and customers engage in dangerous behaviors thatfacilitates cyber crimes. Currently, the main issue is not theinherent vulnerability of devices, but the fact that many users donot recognize the danger they subject the organizations to throughirresponsible practices. According to ExcelsiorCollege (2015)only 35 % of the smart phone owners use password to protect theirdevices, while 11 % of them are able to apply complex system, otherthan the common 4-digit PIN. This data shows that more than 65 % ofall users of smart phones do not make any attempt to protect theirdevices from unauthorized access. This increases chances that a largenumber of smart phones will be used to access corporate data byunauthorized individuals.
Itis estimated that about 1.4 million people in the U.S. lost theirmobile devices in the year 2014 and 1.3 million citizens in 2013(ExcelsiorCollege, 2015).These devices were never recovered. Assuming that 64 % of thesedevices had no passwords, about 896,000 smart phones could be used byunauthorized persons to access all data saved in them and allnetworks that were browsed by their original owners. Apart from thedisposal of devices that contain corporate information, employeesengage in careless activities that can be considered as the abuse ofthe corporate network. The findings reported by DimensionalResearch (2013) indicatedthat about 66 % of all employees with mobile devices that can accesscorporate networks are careless and abuse information stored in theorganization’s internet infrastructure. The data shows thatirresponsible employees could pose a greater risk to the corporatenetwork than ordinary cyber criminals.
Securitymeasures taken to control the vulnerability caused by mobile devices
Thevulnerability of most of the organizations in the modern businessenvironment is associated with the use of traditional mechanisms tosecure their networks. The fact that the risk of cyber attack iscaused by multiple factors implies that organizations should applydifferent mechanisms since there is no one-size-fit-all strategy thathas been proven to be effective. Consumer and employee education onthe safe use of devices should be a priority for all organizations(CTIA,2012).This approach is attributed to the fact that over three-quarters ofthe cyber-attacks result from the abuse of lost device and dangerousbehaviors of employees and customers. The second category of securitymeasures should focus on reduction of weaknesses within the corporatenetwork. For example, individual organizations can minimize thevulnerability of their respective networks by controlling thedistribution of software updates, side-loading, and adopting amultiple air-interface safeguard (CTIA,2012).Corporations should focus on the application of a combination of theaforementioned mechanisms in order to enhance the level of security.
Mobiledevices have increased efficiency in the contemporary businessenvironment, but they have come with an equal measure of the cyberthreats. Organizations have experienced an exponential increase inthe number of mobile devices that access their databases, which haslimited their ability to control unauthorized access to information.In addition, mobile devices have created a platform on which cyberattackers can revolutionize their tactics. The researchers havefocused more on the development of new technologies, but there is alimited attempt to introduce equally powerful strategies to safeguardthe new technology. The increase in the number of customers andemployees who engage on irresponsible use of corporate networks is anemerging trend that modern organizations are facing. Effectiveprotection of networks requires the application of multipletechniques.
ConnexionHelthcare (2013). CyberSecurity and Mobile Medical Devices: Protecting and Securing PatientMedical Information.Cambridge: Connexion Healthcare.
CTIA(2012). Today’sMobile CybersecurityCTIA.Retrieved July 17, 2016, fromhttp://www.ctia.org/docs/default-source/default-document-library/cybersecurity_white_paper.pdf?sfvrsn=2
DimensionalResearch (2013). TheImpact of Mobile Devices on Information Security: a Survey of ITProfessionals.Dimensional Research
ExcelsiorCollege (2015, May 29). Mobiledevices pose major cybersecurity threats.NationalCybersecurity College.Retrieved July 17, fromhttp://www.nationalcybersecurityinstitute.org/hactivism-terrorism-crime-and-espionage/mobile-devices-pose-major-cybersecurity-threats/
Garba,A., Murray, D. & Armerego, J. (2015). Bring your own deviceorganizational information security and privacy. ARPNJournal of Engineering and Applied Sciences,10 (3), 1279-1287.
Glisson,W. & Storer, T. (2013). Investigatinginformation security risks of mobile device use within organizations.Glasgow: University of Glasgow.
Goldfarb,J. (2016, June 29). TheIncreasing Importance of Security Analytics.SecurityWeek.Retrieved July 17, 2016, fromhttp://www.securityweek.com/increasing-importance-security-analytics
Keravalla,Z. (2015, August 24). Mobiledevices pose biggest cybersecurity threat to the enterprise, reportsays.NetworkWorld, Inc.Retrieved July 17, 2016, fromhttp://www.networkworld.com/article/2974702/cisco-subnet/mobile-devices-pose-biggest-cybersecurity-threat-enterprise-report.html
PonemonInstitute (2012). TheImpact of Cybercrime on Business.Traverse: Ponemon Institute.
U.S.Computer Emergency Readiness Team (2010). Technicalinformation paper-TIP-10-105-01 cyber threats to mobile devices.Washington, DC: U.S. Computer Emergency Readiness Team.