Mobile devices have changed the cybersecurity landscape for large enterprises. And anyone in cybersecurity will tell you that even the most sophisticated attacks often originate from the weakest link in any corporations’ security: humans.
Mobile security is a big problem, and it’s not going to go away.
According to a recent whitepaper citing a survey from IDG Research, roughly two thirds of organizations have a mobility program in which they give out a cell phone or have a corporate app. And 74% of survey respondents say that their companies had experienced a data breach due to a mobile security issue, almost always extending from malicious apps or unsecured WiFi.
Cybersecurity firm Proofpoint recently revealed that a rogue app store — given the delicious moniker “DarkSideLoader” — had been allowing iOS users to download free apps using a process known as sideloading. On iOS devices, sideloading is typically only allowed for enterprise customers that create their own apps and don’t want them available publicly on Apple’s app store.
However, the rogue store stole the enterprise code keys that allow these apps to be downloaded onto a device that hadn’t been jailbroken — a term referring to the removal of software restrictions on a mobile device, allowing apps or extensions from any source to be downloaded and used.
“The App Store was super-locked-down in the beginning,” says Ryan Kalember, SVP of cybersecurity strategy at Proofpoint. “They’ve never really veered from that, except for allowing sideloading for enterprise customers. This opened up security vulnerability that was unexpected. Now Apple’s got to play whack-a-mole as long as they allow enterprise sideloading.”
Often the offending apps are found on executives’ devices, which, at this point in history seems nearly inexcusable. There’s no way to eliminate the human element from a corporation, but maybe if we all took the time to think a little more like robots, it’d be harder for hackers to get into our data.