After setting the record for the most data breaches in 2021, hackers continue to wreak havoc. Data breaches were up by 14% in the first half of 2022, according to the Identity Theft Resource Center (ITRC).
Ransomware and phishing attacks are the most popular types of attacks for cybercriminals because it’s easy money compared to the sale of information. Plus, these attacks require less effort and can be automated. Let’s look at a few noticeable data breaches that occurred this year.
- Crypto.com Breach (2022)
Crypto exchange hacks have existed since the origin of the very first crypto exchanges, and some are so prominent that they leave a dent in the crypto exchange hack history. Approximately $18 million worth of bitcoin and $15 million worth of Ethereum, along with other cryptocurrencies, were taken as part of this hack. The ability of the hackers to get beyond two-factor authentication and access customers’ wallets was largely responsible for how it was made possible.
2. MailChimp Data Breach (2022)
After a successful social engineering attack, cybercriminals were able to access a tool utilized by the internal customer support and account administration teams. The cybercriminals eventually discovered an email list of Trezor clients while searching the client email lists stored in Mailchimp’s internal tools.
Then, the hackers delivered a convincing phishing email to this entire customer list, stating that a serious security breach had occurred, requiring an urgent download of a patched version of the Trezor app.
3. Flagstar Data Breach (2022)
Flagstar Bank, one of the largest financial providers in the US, notified over 1.5 million customers of a data breach in which Social Security numbers were stolen. Hackers breached its network in December 2021 and accessed sensitive customer details. It took the bank over 6 months to detect the data breach.
4. Pegasus Airlines Data Breach (2022)
A misconfigured public cloud storage resource led to the compromise of 23 million files belonging to Turkish airline company Pegasus airlines. The misconfiguration meant that anyone with access to the database could obtain nearly 400 files with plain text passwords and secret keys.
5. Nvidia Data Breach (2022)
The world’s largest semiconductor chip company was compromised by a ransomware attack in February 2022. Cybercriminals had started leaking employee credentials and proprietary information online. They had access to 1TB in exfiltrated company data that they would leak online.
It also demanded $1 million and a percentage of an unspecified fee. Nvidia’s internal systems were compromised, and it had to take some parts of its business offline for two days.
How are Mobile Devices Attacked?
The most common threats to mobile security include malware. But there are emerging threats that organizations need to consider to ensure device protection. Below are the most common mobile security threats that organizations encounter.
- App-based Threats
Malware can be installed on mobile devices through pirated versions of legitimate apps. Non-compliant apps that violate company policies based on data it accesses or collects, pose a threat. Vulnerabilities within mobile applications can also be exploited to steal corporate data.
- Device-based Threats
iOS and Android, like PCs, contain vulnerabilities in their operating systems that can be exploited remotely or locally. Devices that run older OS versions are vulnerable to attacks. Physical threats to mobile devices occur in case of theft or loss of devices, posing a growing risk to organizations.
- Network-based Threats
Attackers can set up a device to route all traffic through a malicious proxy or insecure connection by using malware or social engineering to manipulate users. Active man-in-the-middle (MITM) attacks use public Wi-Fi connections to gain access by taking advantage of flaws in the browser or application that is attempting to transfer data or compromise the entire device.
How Can Companies Neutralize Data Breaches with MDM?
- Control OS updates: Ensure that mobile devices are running the latest and most secure OS version. Delay in updating OS means vulnerabilities continue to exist, and hackers have an opportunity to exploit data. IT admins can keep all devices updated with the latest software versions by remotely deploying OS updates using an MDM solution.
- Secure network access: Bad actors often use unsecured Wi-Fi connections to install malicious software and gain control over mobile devices. MDM can be used to prevent users from accessing public Wi-Fi networks and ensure corporate data is accessed using VPN. IT admins can also create a whitelist of websites and block unauthorized URLs.
- Control apps: The best way to protect the organization from data breaches through unsecured apps is by using the mobile application (MAM) capability of MDM tools. It allows IT admins to manage enterprise apps on their employee BYOD without interfering with personal apps or data.
- Secure lost devices: As BYOD grows in popularity so do the security risks associated with it. MDM tools can also help companies track misplaced devices and prevent a data breach. IT admins can also remotely lock lost or stolen devices.
- Encrypt corporate data: iOS devices are encrypted by default. Data encryption for Android ensures data present in Android devices are scrambled and rendered futile for unauthorized users. Data encryption happens on the go without affecting employee productivity.
- Restrict device functionality: To boost security, companies can restrict basic device functionalities. For instance, disable USB ports and Bluetooth to disallow data transfer.
- Enable geofencing: MDM tools also offer geofencing technology for businesses to restrict access to company resources. For instance, the data access rights to mobile applications can change instantly based on the device’s location relative to the geofence boundary.
- Enforce strong passwords: Poor passwords can also compromise the security of devices. Strong passwords can be enforced using MDM based on the company’s compliance policies. It is observed that the length of a password is more reliable than its complexity when protecting mobile assets from a possible data breach.
- Containerize corporate data: In the case of BYOD, companies can ensure only corporate data is managed through containerization. Employees’ personal files and data remain private and untouched.
- 10. Data Replication: Ensure fast, reliable data access to users, copying or updating data from one location to another, often in real-time or near real-time. In case of a data breach, data replication saves you. It is important to have your data copied and stored away so you won’t lose it.
With the number of cyberattacks growing each year and the repercussions of a data breach can damage the company’s financial position and reputation. Human error is also one of the major factors contributing to data breaches. By using MDM, companies can manage human negligence by setting policies and restrictions for users to follow.