Mobile Security & Enterprise Mobility Blog

Another Day, Another App Breach

 

Another Day, Another App Breach

They say it happens in threes.

This time, the three are:

  1. Flipboard, the social sharing site and news aggregator, reset millions of user passwords after hackers gained access to its systems several times over a nine-month period;
  2. Developer platform Stack Overflow earlier this month confirmed a breach involving “a very small number” of user data; and 
  3. Canva, one of Australia’s biggest tech companies and a favorite among large companies who often build quick websites, design logos, and eye-catching marketing materials. admitted close to 140 million users had data stolen following a breach last week.

In this instance, “they” are wrong. These just happen to be the latest three and there will be more. There always seems to be more. And when a company is hacked, its employee, partner, client and other business passwords and data will be compromised.

But  it doesn’t have to be that way. You can’t stop the bad guys from trying to hack your laptop, computer or phone – yes your phone – to get company information. You can certainly protect all of these endpoints.

Of note, in the coverage of the above breaches, there is no mention of how the hackers “got into” the different company networks. While I don’t know how they did it, let me tell you what I do know:

  • We protect our computers with antivirus, firewalls, VPNs, anti-spyware and every anti-X solution we can find. However, very few companies  do the same with their mobile devices;
  • Mobile devices are now the de facto platform for productivity in business. Today, the traditional computing devices (e.g., servers, desktops and laptops) upon which enterprises have focused their security and compliance efforts represent only 40 percent of the relevant endpoints. The remaining 60 percent of devices are mobile; and 
  • Mobile devices are an unprotected endpoint with access to or containing all of the information of a traditional endpoint.  And while there are some overlaps in what you protect – email, calendars, etc., – the way you solve the traditional endpoint security problem is completely different than how you solve the mobile security problem.

According to Verizon’s Mobile Security Index 2019, 86 percent of respondents agreed that mobile threats are growing faster than other types of threats and 83 percent agreed that organizations need to take mobile security more seriously.

Mobile is an Endpoint Needing to be Protected From Breaches

So, what can be done?  Consider this:

  • Zimperium is the global leader in mobile threat defense (MTD), offering real-time, on-device protection against Android and iOS threats;
  • Zimperium solutions, collectively known as the zPlatform, allow customers to detect and prevent more mobile threats, with the least amount of organizational friction than any alternative. Zimperium’s on-device, machine learning-based detection of mobile threats and enterprise-class capabilities are unmatched;
  • Over the last five years, Zimperium’s machine learning-based engine, z9, has detected 100 percent of zero-day mobile exploits without requiring an update. In addition to its proven efficacy against zero-day device and network attacks, z9 is the only machine learning-based engine capable of detecting previously unknown mobile malware on-device without requiring updates and without the risks of cloud-based lookups;
  • The Zimperium Intrusion Protection System (zIPS) is the world’s first mobile intrusion prevention system app that provides comprehensive protection for iOS and Android devices against mobile network, device and application cyber attacks. Much like a doctor can diagnose an illness by analyzing the symptoms your body is exhibiting, zIPS  can detect both known and unknown threats by analyzing the behavior of your mobile device; and
  • The Zimperium In-App Protection (zIAP) SDK ensures that mobile applications remain safe from cyber attacks by providing immediate device risk assessments and threat alerts. Organizations can minimize exposure of their sensitive data, and prevent their customers and partners’ data from being jeopardized by malicious and fraudulent activity.

Clearly, hacking and breaches are not going to go away. The bad guys are doing their worst to compromise mobile data, apps and sessions through device compromises, network attacks, phishing attempts and malicious apps. We are helping millions – – we can help you.