Mobile devices are popular targets for attacks. They are usually located outside the corporate perimeter – and at the same time, many companies invest too little in the protection of smartphones, tablets and notebooks. For example, in MTD solutions.
In today’s digital era, companies are facing an increasingly complex challenge: protecting their mobile devices from cyber attacks. While PCs and laptops have been protected by various security measures for decades, smartphones and tablets are often neglected. This is particularly worrying as mobile devices are increasingly becoming the gateway for cybercriminals. One reason for the concern is that the threat landscape has changed dramatically. This is because attackers are increasingly using artificial intelligence (AI) for their attacks, which often allows them to stay one step ahead of cybersecurity solution providers. This development, and the fact that mobile working also automatically involves cloud computing, should make companies sit up and think about revising and adapting their security strategies.
Measures are not enough
Many companies protect their local server and end device infrastructures, but rely on mobile device management (MDM) systems for their mobile device fleet (smartphones, tablets and notebooks) as their primary protective measure, if they rely on them at all. This is all well and good. MDM provides a solid basis for managing mobile devices – but is limited to basic security functions such as
device PIN enforcement, basic security policies and protection against unauthorised operating system modifications. However, these measures are not sufficient to fend off more complex threats such as phishing, malware or network attacks. To effectively counter the increasing threats, companies therefore need more effective solutions than just MDM –
Mobile Threat Defense (MTD), for example. MTD systems provide protection against a variety of risks, including phishing attacks, malware, insecure apps and sideloading, network attacks such as man-in-the-middle attacks, hidden jailbreaks or root access. To do this and to detect new threats early on, the solutions often use machine learning and large databases. They can detect threats in real time, respond to anomalies and, if necessary, initiate appropriate protective measures. Linking them to SIEM (security information and event management) solutions
can also enable companies to comprehensively monitor and quickly respond to a wide range of cyber threats.
Outside the company perimeter
Companies, especially SMEs, must take the threats to mobile devices seriously and go beyond basic solutions as part of their security strategy. The implementation of MTD systems should be considered an essential part of a comprehensive cyber security strategy to protect not only local IT infrastructures but also mobile devices. After all, these are by their very nature mostly located outside the corporate perimeter and connect to company data via unknown WiFi or data network connections. This is certainly one
reason why more and more attacks are no longer aimed directly at the corporate infrastructure, but at smartphones, tablets and laptops. It is advisable to rely on specialists who
focus on mobile security. However, most companies lack these specialists. This is because the jobs require different skills than for local infrastructures. However, companies should not wait until damage has occurred. At a time when work is increasingly being organised to be mobile and flexible, this is not only a security issue, but also a matter of competitiveness and business success.
Published in Swiss IT Magazine 11/2024 of 11 November 2024, www.itmagazine.ch