How corporate espionage targets your mobile devices

Hackers are targeting insecure mobile devices to steal company secrets.

Corporate espionage probably isn’t the first thing that comes to mind when you contemplate threats to your business. Unless you’re developing nuclear fusion or have prototyped a pocket gene sequencer, you’re unlikely to be targeted for your business secrets, right?

Unfortunately, that’s not how it works. No matter how benign — or clandestine — your business, it is a target simply because it exists in the vast, unsecured realm of cyberspace. One university study found that 20% of European companies have suffered a breach due to industrial espionage. Because your employees are out there in the field, making calls and sending messages and emails that are filled with sensitive information, from confidential pricing to customer details. All of which, were it to fall into the wrong hands, could be costly, and potentially ruinous.

Corporate espionage: the invisible crime

If your business is breached by bored black hats, the first you’ll know about it is when your database shows up on the darknet with a Pastebin linking to your “pwned” spools. If your network is compromised through corporate espionage, however, you will likely never know about it. It is a crime whose efficacy hinges largely on the victim never learning of it. As a result, you may never determine how your nearest competitor manages to consistently quote just below you, or how they were first to market with a product you’d been furtively working on for years.

Calculating the cost of stolen IP is extremely tough. The Center for Strategic and International Studies, however, asserts that the US loses $20-30 billion per year to Chinese cyber espionage alone. Given that corporate — or industrial — espionage is a tit-for-tat game, it’s safe to assert that the global cost of espionage is multiples higher.

How hackers get in

Attackers bent on corporate espionage compromise business systems via the usual methods: hacking, wiretapping, and installing malware predominantly. Businesses are most at risk when employees are abroad and are forced to connect to unfamiliar mobile and wireless networks. Mobile devices are particularly vulnerable. Because mobiles are designed to seek out and connect to the nearest cell tower, they are susceptible to fake cell towers, or IMSI catchers, commonly used by law enforcement for surveillance, but also by sophisticated criminals and nation-state hackers for illicit data harvesting.

Adam Weinberg, FirstPoint CTO says: “It is very relevant to note that security loopholes are still reported to be present in the 5G networks, presenting a substantial risk to the users.”

The prevalence of such devices is far greater than you might think. Mobile cyber security provider FirstPoint claims to have detected fake cell towers in more than 50% of the countries visited by its clients. The company’s anti-espionage software automatically protects corporate employees from such threats. Most businesses aren’t so well protected, however. Identifying fake cell towers and weeding out other MITM attacks is beyond the capabilities of even the most security-savvy employees. The strongest password or firewall in the world can’t save you from threats executed at this level.

Statistics show that 42 million attacks against mobile devices were attempted in 2017. Meanwhile, 76% of businesses surveyed admitted to allowing workers to connect to mobile hotspots. Furthermore, 82% of companies permit staff to use their personal devices for work, which significantly widens the ways in which business data can be accessed by attackers.

Corporate espionage costing business How can companies protect against corporate espionage, and make sure that sensitive data and trade secrets are kept private? Read here

What businesses can do to prevent cellular espionage

Many of the causes of industrial espionage are human: disgruntled former employees and competitors posing as clients to steal your secrets. While there are limits to what can be done to prevent these sorts of attacks, there’s a lot that can be done to prevent technical intrusions from being perpetrated. Employees who frequently travel overseas on business are well briefed on the importance of using a VPN and avoiding unsecured wifi networks. Protecting their mobile devices from similar attacks, however, calls for specialist technology that can identify and block all such threats.

Such solutions, like Wandera, can block snooping of a mobile device’s voice, SMS, data, and location information, as well as preventing the insertion of malware, go a long way. In addition to FirstPoint, Microsoft has developed an enterprise mobile security product to protect devices when employees are out in the field.

Even with best-in-class cellular protection in place, however, protecting your trade secrets also calls for a cultural change, so that staff are cognizant of the sort of low-hanging fruit

they unwittingly leave to hackers every time they download an email attachment, install an untested app, or transmit sensitive information via an insecure channel.

In today’s hyperconnected world, expecting employees to communicate solely via heavily secured company laptops is unrealistic. Mobile now rules everything around us, and staff are more likely to be found emailing on their iPhones from airport lounges and commuter trains than they are on their desktops. Embracing mobile without embracing its inherent security flaws is vital for businesses that value their intellectual property.

This article is tagged with: