We are invaded by cyberattacks, digital hijackings and ransonware, terms that a few years ago still sounded like action, fiction or spy movies to us. Did you know that many of these vulnerabilities and risks travel with us in the palm of our hand?
Of course, we are not referring to "mutant" viruses and bacteria in our hands, but to our cell phones. These useful gadgets, which we enjoy so much, but which, if not protected, could be a gateway for these cybersecurity attacks, which are around our company 24 hours a day, to unleash a real catastrophe.
It is true that if we are in charge of managing a company, every euro invested in IT security and in the application of the best technological strategies will be profitable.
And the reason is that it is a decision that will not only protect our computer equipment, but also the finances and even the reputation of the organization.
Investing in cybersecurity impacts organizational sustainability and raises the bar for business adaptation to rapid change. And beyond that, it preserves one of our greatest treasures: our information and confidential movements.
Choosing the best technological solutions, with the maximum added value for our company and for those who make life inside and outside the organization, is a survival decision.
Even more so in these times governed by the Internet, cell phones, social networks, applications and all the Artificial Intelligence behind it.
As managers of a company, either in a decision-making position as a manager or project manager, what do we expect when we start a new marketing campaign? Well, of course, that our products or services will sell much better.
The truth is that we dream that this will generate the highest profitability and return on investment in the shortest possible time.
Cybersecurity policies must
look beyond spam blocking.
Mobiles are the new target
When we talk about investing in IT systems, we know that this increases the efficiency of your company and your employees, so that they have better-performing assets. Every manager, CISO or CIO, when talking about IT security, recognizes that this involves protecting computers from malware which could penetrate it.
In one of the worst case scenarios, if this malicious infestation occurs, we could logically be left without functional computers in our company if we do not have the right equipment and professional technologies to stop it.
The truth is that this breach would affect us as a whole, not just one, but several departments, or it could also paralyze us completely. In short, a chaos that we must avoid at all costs by investing in cybersecurity.
This is where the question arises: is it worth extending this protection to our mobile devices?
Many may think that a cyber attack on our smartphones is not an evil to die for. Simply changing our devices would put an end to the problem. Or maybe not...
You may be wondering if it is necessary to dedicate a budget to improve the security of mobile devices in our organization. What would happen if we don't?
Would you give away your mobile or tablet, with all your data and management secrets, to your competitors? Or would you hand over all your corporate information to a cybercriminal to sell your information or impersonate your identity?
As you can see, the risk is high. Not protecting the mobile devices from which you do business for the company, check corporate emails or make electronic money transfers and share files is a danger that we should not run.
With every click, call or email you can be exposed to industrial espionage and any other invasion of the organization's security.
Streamlining security and technology spending and maximizing ROI is something we need to put first when we talk about cybersecurity. This was made abundantly clear in PwC's 2018 Global State of Information Security Survey.
61% of managers and security managers of Spanish companies consider that increasing the capabilities and possibilities of digital development in business is one of the factors that pushes them to invest more and more in cybersecurity.
With this momentum and concern, cybersecurity is becoming an area of increasing importance in our organizational environment.
With the increasingly active use of mobile devices in everything that has to do with the circulation of information (the main value) within our organization, it is more than obvious that we cannot leave out of the equation these devices that have become extensions of our capabilities and performance.
It should not be forgotten that IT security seeks to protect the entire computer infrastructure and everything related to it, and mobile devices are already part of this, although we sometimes forget this. The latest cyber-attacks have not taken this reality into account.
Stealing the privileged and confidential information stored on a company's fixed or mobile devices is the main objective of hackers and organized mafias dedicated to violating the IT platforms of individuals and companies.
According to the Spanish National Cybersecurity Institute (INCIBE), mobile devices are increasingly being targeted by cybercriminals, which forces users (individuals and companies) to be aware of this and protect their devices.
In its most recent newsletter for early 2019, INCIBE warns about the escalation of phishing, the new onslaught of fraudulent emails for extortion purposes and the latest data breach that affected 773 million email accounts worldwide.
Having anti-malware policies in place in companies with tools that protect servers, laptops or desktops, smartphones, tablets and other equipment from malicious software is becoming increasingly crucial.
According to an ONTSI study, at least 70% of Spaniards carry a smartphone in their hands and 85% of them use them regularly to send and receive emails. 93% share personal or work information via the most popular instant messaging applications.
All over the world, the escalation of malware
in mobile operating systems
has grown by 1500% in just 6 months
This means that we are increasingly vulnerable to a cybersecurity incident. In one year alone, the CCN-CERT, the national center that monitors cyberattacks in Spain, detected 147 malicious events to companies and individuals. Two were scams and 145 were malware attacks (mostly ransomware) in order to hijack user information. And this was in 2016.
Since then, the main forms of malware contagion that have been detected come from:
Establishing which solutions are most suitable for your company will depend on the size of your organization and the level of security you need.
Configuring the tools that we can activate for the protection of information in our organization traditionally includes the use of systems specifically oriented to the protection of computers located at the workstations.
However, in light of the latest cyber-attacks focused on mobile devices, the most sensible thing to do is to include solutions that do not leave out these gadgets. There are global solutions that at the corporate level can very efficiently centralize the safeguarding of our business devices so that they do not become malware targets.
We must make sure that these solutions provide automatic and periodic controls of all the information downloaded on the mobile devices associated with the organization.
These controls should include instant review of email attachments and downloaded web pages, as well as timely responses that reduce exposure.
Also, the blocking of applications that are part of the blacklisting policy and the safe browsing of whitelisted apps.
Another point is to have cybersecurity tools in place to locate potential threats on different web pages and analytics services that detect risks and anomalies before they impact the confidentiality, integrity and availability of the organization's data.
As you can see, implementing anti-malware policies and reliable monitoring prevents infections across the entire enterprise network. Leaving out mobile devices in this formula is an unfortunate mistake, as the stakes are high.