Executives, on average, use more devices, and access more sensitive data from their mobile devices, at all hours and from wherever they are. As a result, research has revealed that in the second quarter, 32.5% of executive devices were exposed to network attack.
Skycure’s Mobile Threat Intelligence Report for the Q2 2016 timeframe noted that malicious hackers have been shifting their focus from a broad spam-type strategy to more targeted and financially motivated exploits, and their primary targets are executives. This whaling epidemic has meant that executives tend to be a bit more security conscious than the general population, with slightly higher rates of using passcodes to lock their devices and faster adoption of OS security updates. In fact, 7.5% more executives use device passcodes than non-executives, and 16.2% more executives were updated to the latest Android version than non-executives.
But, the exposure to network threats and malware are still very high. The report found that 22.5% of executive devices were infected at some point with at least medium severity malware. And 6.3% were determined to be high-severity risk.
While malware is occasionally identified and removed, this study determined that at any point in time, one in 50 executive devices is infected with high-severity malware, providing malicious hackers with continuous access to sensitive data and conversations.
“With virtually unlimited access to all critical corporate information, executives are understandably desirable and popular targets for hackers,” Skycure noted in the report. “This also explains the trend of malware toward more spear phishing and ransomware that is designed to target specific individuals, as opposed to the broad-based dragnet approaches that were more popular in the past. These new methods of corporate espionage, combined with executive access, exposes not just corporate information, but potentially that of their customers and partners as well.”
And it’s not only executives that are at risk. In any typical organization, about 23% of the mobile devices will be exposed to a network threat in the first month of security monitoring, the report found. This number goes to 45% over the next 3 months. A network threat may be a malicious Man in the Middle (MitM) attack that decrypts SSL traffic or manipulates content in transit to or from the device. It can also be a simple misconfigured router that exposes otherwise encrypted data for anyone to view. Regardless of how malicious the intent of the network threat is, individuals and organizations would be wise to avoid any network that does not accurately and securely perform the connection services originally requested by the user and the device.
Photo © Pinkyone