As 2018 draws to a close, we here at Corrata are taking a look back at the year that was in the world of cyber security. Overall it was a very eventful 12 months, defined by high profile data breaches, major changes to privacy legislation with GDPR, and increasingly sophisticated phishing and malware attacks, but how did these developments and trends impact enterprise and what will this mean for 2019?
Increased enterprise mobility
Smartphone ownership and data usage is now at an all-time high as a result of reduced costs and greater accessibility on an international scale. Mobile devices can be used for video streaming, shopping, social media, and communicating with anyone in the world, with global circulation now estimated to reach over 6.2 billion devices by 2021. Businesses have also realized the value of mobility in improving communication, convenience and productivity among employees. Whereas in the past, employees only had access to the internet from their desktops, today many enterprises permit the use of mobile devices for professional as well as personal business. In 2018 it was reported that 85% of total mobile data traffic was generated by smartphones, and with this figure set to increase over eight times in the next five years, it is clear that enterprise mobility is set to keep rising. This comes with considerable risk however, as mobile devices generally lack the security and control features afforded to traditional desktop technology, employees are left extremely vulnerable to growing mobile threats.
Mobile phishing attacks growing more sophisticated
Recognizing the opportunity that increased mobility has created, cybercriminals have created powerful phishing campaigns aimed at exploiting mobile-specific channels. 2018 saw a huge increase in these malicious messages, especially via messaging apps and social media platforms. Over 70 million fake and suspicious Twitter accounts were identified this year alone, while millions of users on Facebook, Instagram, LinkedIn were targeted by fraudsters posing as legitimate friends or connections in extremely believable spear-phishing campaigns.
WhatsApp was reported as one of the riskiest smartphone apps in 2018 following the discovery of the ‘Martinelli’ and ‘WhatsApp Gold’ scams circulating through the messaging app. Created specifically to fool users and lure them into following malicious links, these attacks were spread worldwide and further highlighted the vulnerabilities of mobile devices that can so easily be exploited.
Due to the real-time, constantly connected nature of mobile, phishing attacks can also now continuously develop and evolve. 2018 saw an explosion of ‘zero-day’ phishing attacks, campaigns created, deployed, engaged, and dissolved all in a time frame as short as a single day. This year over 46,000 new phishing sites were created per day, with many of these online for only 4 to 8 hours before moving to an entirely new hosting server and therefore evading detection from traditional anti-phishing solutions and databases. Machine Learning is becoming a key element in the fight against cyber-crime to anticipate and detect these zero-day threats.
Data leakage and privacy concerns
Data privacy and concerns over the safety of personal data collected was a prominent concern in 2018, especially after the regulatory changes of GDPR and several high profile data leakage scandals. In March 2018, news broke that the personal data of over 50 million Facebook users had been acquired and used by British political consulting firm Cambridge Analytica without the users’ express permission or knowledge. This has led to major investigations into the legitimacy of Facebook’s data collection practices, ongoing legal proceedings, and could see the first major test of Europe’s new privacy laws introduced by the General Data Protection Regulation (GDPR) in May 2018. Another major data breach was reported in November 2018 when it was discovered that the personal information of over 500 million customers of the Starwood Hotel group had been stolen due to unauthorized access to the hotel giant’s network since as far back as 2014. Starwood could also face significant fines of up to 4% of its global annual revenue under GDPR, as it is likely to be found in breach of the new rules. GDPR has drastically impacted internet privacy and the way in which companies can collect, store, and process customer and employee data. Enterprises all over the world have been forced to review their internet and data security policies, changes that we are likely to only start seeing repercussions for in the new year.
Rise in malicious apps
2018 also saw a spike in malicious app downloads by smartphones, designed to install malware or phish sensitive information from the device. During the summer, the hugely popular online video game Fortnite announced that it would be made available to Android users through the website of the game’s developer, rather than through the usual channel of the Google Play Store. This raised concerns that requiring users to enable the ‘Unknown Sources’ setting on their device to sideload the app would make Android users vulnerable to attack from malicious third-party applications. However, downloading an app via an official app store does not always guarantee the legitimacy of the product, as was also discovered in 2018. In November of this year, more than half a million Android users were found to have downloaded and installed malware posing as legitimate driving games straight from Google’s official Play Store. At least 13 gaming apps were identified as malicious and found to install spyware on the device before deleting its icon and hiding from the view of the user. Google have responded to the findings and are working to improve its policies to prevent malicious apps getting into the store in the first place, however it is clear that users will need to be wary of what games and apps they are downloading, especially if their device is being used personally as well as professionally.
Looking back and moving forward
2018 was a year full of interesting trends and discoveries, but one thing remains clear: enterprise mobility isn’t decreasing and cyber security is only becoming more critical to forward-thinking businesses. Corrata’s cutting-edge Mobile Internet Security and Data Usage Control solutions provide comprehensive protection, control, and visibility for mobile devices ensuring total security, privacy and peace of mind for your organization in 2019. Look out for our 2019 predictions coming in the new year, we have a feeling it’s going to be an exciting one!
To find out more about Corrata’s Mobile Security and Usage Control solutions and how they can help to protect your employee devices, and to check out all of our previous blog posts and whitepapers from this year, visit www.corrata.com or email us at firstname.lastname@example.org.