As the world becomes increasingly connected, it becomes easier to get online from anywhere. This creates benefits for employers, such as allowing flexible work schedules and remote work. At the same time, it exposes the enterprise to potential threats by cybercriminals.

Smartphones and tablets have capabilities that can be exploited — allowing hackers to locate devices or users, eavesdrop, access files or even turn on cameras. The stolen data may be used by the hackers who obtained it, but often this information is either leaked onto the dark web or put up for sale there for other nefarious users to obtain. Resale of corporate data has become lucrative, making cyberattacks more common.

Cybercriminals are always on the lookout for new ways to breach an enterprise’s network, and they can attempt this via application, network or device. Here are some of the most common types of cyberattacks targeting networks and devices.

Read more about attacks on applications in Part 1.

MAN-IN-THE-MIDDLE ATTACK

A man-in-the-middle attack occurs when communication between parties is intercepted and/or altered by a hacker. These attacks target unprotected WiFi hotspots or through using IP, ARP or DNS spoofing to intercept information.

As the number of public WiFi hotspots that don’t require a password grows — it is forecast to reach 542 million in 2021, according to Statista — organizations must be aware that employees connecting to these unsecured networks may expose corporate data. Create a policy for employees to refer to when working on the go that will help to limit exposure.

PHISHING AND SMISHING

Phishing attacks on mobile devices were one of the top threats detected in 2018. Phishing tricks mobile users into clicking on malicious links, opening infected files or downloading malware from emails that were sent from either spoofed email addresses or SMS (smishing). As these attacks become more sophisticated, they unfortunately also become increasingly effective at stealing sensitive data.

OUTDATED OS EXPLOIT

Users are now accustomed to periodic notifications to upgrade their operating systems. It is important for employees to follow through on all devices, as these upgrades contain security patches to vulnerabilities discovered by developers and researchers. What’s more, the detected vulnerabilities are disclosed once the system updates are pushed to users. That means cybercriminals have a manual on how to attack devices that haven’t been updated.

This is one of the most widely used attacks because most mobile users don’t install updates as soon as they are available, endangering the data on their devices.

PROTECTING YOUR ENTERPRISE

If you’re concerned that your organization’s data and devices may be at risk, contact Tech Orchard for customized diagnostics and solutions. We’ve built a lasting relationship with Gartner’s highest rated enterprise mobility management (EMM) and unified endpoint management (UEM) provider in the business: VMware Workspace ONE powered by AirWatch. This solution can help to ensure user compliance across all devices, to act as a broker across your identity infrastructure, and to continuously verify and auto-remediate device and user risk to keep employees productive. Contact us for more on how it can work for your business.