Beware the mobile threat

padlocked keyboard

Life was much simpler in the days of flip phones and Wi-Fi-free coffee shops. Back then the biggest worries were scams involving people using a mobile device to surreptitiously make international phone calls or using unfamiliar computers to send important information.

As technology has changed, however, so too have the threats. Now a lost smartphone can result in a major network compromise, and laptops left in taxis or dropped thumb drives can trigger data-breach notification requirements — assuming, of course, that the IT department knows whether devices carried by employees are connected to the agency’s network or contain sensitive or classified information.

And the problem is only getting worse. Trend Micro’s 2013 second-quarter Security Roundup report identified a dramatic increase in the amount of malware aimed at mobile devices that use the Android operating system. The report shows that the number of malicious and high-risk Android applications had grown to 718,000 in the second quarter of 2013, up from 509,000 in the previous quarter. Trend Micro expects the total number of malicious applications to exceed 1 million by year’s end.

McAfee, in contrast, identified a much smaller but still eye-popping number of mobile malware threats. For the first quarter of 2013, it identified 50,926 pieces of mobile malware. In contrast, for all of 2011, the company gathered only 792 samples. Most of the mobile malware was aimed at Android devices. (McAfee’s malware figures were lower due to the different way it categorized mobile malware.)

The types of threats are evolving as well. Kaspersky Lab recently identified mobile malware that is designed to leap to desktop devices.

And the threats don’t just come from mobile malware. Security researchers recently identified malware installed in USB ports that issues malicious commands to mobile devices plugged in for recharging. And then there are the concerns about connecting to unsecured public Wi-Fi signals, which can easily be monitored for valuable information.

This list of threats is far from complete or static. But it illustrates that mobile devices pose a serious cybersecurity threat to IT enterprises, and as other devices are locked down, attacks involving mobile malware will only increase. All of this is compounded by the “bring your own device” revolution, which has given employees access to company or agency networks via their personal devices.

Admitting that we have a security problem is the first step to mitigation. By recognizing the threats posed by mobile devices, administrators can now turn to security measures. Obviously, every agency is going to need a specialized approach, but some basic security steps would include:

  • Develop and implement a specific BYOD policy to manage personal devices connected to the agency’s networks.
  • Lock down agency-issued laptops and other mobile devices so that only certain programs can be downloaded and only specific information (if any) can be removed from the device.
  • Institute policies regarding connecting to networks when traveling.
  • Enforce strict policies regarding the carrying or use of mobile devices when traveling overseas, especially in areas where thefts of mobile devices or deliberate breaches are commonplace.
  • Inventory mobile devices regularly; knowing which devices should be connected to a network will help administrators manage the security process.

Mobile devices must be treated with the same responsibility and security measures as any other electronic device. Although they can dramatically increase efficiency and even employee satisfaction, they are yet another threat vector to worry about. Failure to do so could lead to unwanted results.

About the Author

Brian E. Finch is a partner at Dickstein Shapiro.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.