Data breaches are becoming a more common occurrence, but they are just as threatening as ever. The cost of a data breach on every scale is rising, and cybercriminals are noting just how profitable they can be. It is a worldwide issue, and since the perpetrators are worldwide, justice is not as easy as you might think.
And in a world with literally more smartphones, than there are people, this can be a great cause for concern. Without effort put forward, each of us is carrying around a device that can result in a devastating data breach. And you want to avoid that. We’ll go more into data breaches later, but you will find that there is a trend towards a greater need for mobile cybersecurity. Additionally, they are getting more expensive or problematic for the victims. You need your smartphone, but you can avoid the worst problems that can stem from them.
Here are some facts about data breaches on mobile devices that you should be aware of:
The Consequences and Costs of Data Breaches
While you know that a data breach is bad, just how much damage can one cause?
- In general, the answer is some version of “it varies, but it's very bad”. It depends on the size of the organization that was affected, the wealth or credit of the affected party, and how quickly the breach was detected as well as the response of all involved. When it involves mobile devices or apps, that can further complicate matters.
- As of 2021, the average cost of a data breach was 4.24 million. Also note that this is an average, and some data breaches can cost a company hundreds of millions of dollars.
- Furthermore, there is a huge potential informational loss involved. Think back to the major breach of information from Sony. Some of the information revealed to the public still is relevant, and the public lost a great deal of confidence not only in Sony’s ability to protect customer data but also in the competence of the employees in general (some of the emails were rather enlightening).
- Overall, the total cost of data breaches is predicted to reach 10.5 trillion by 2025, which is only a few years away. This dwarves the GDP of most countries on the planet (all but the U.S. and China), and it will likely still increase after that as has been the trend. It may seem like an extreme number, but cybercrime of all types has long-lasting effects and can take a long time to fix. When companies and individuals are cleaning up the aftermath, they are not producing very much.
- In some ways, it can be tough to track the costs and victims of cybercrime. Many crimes go undiscovered or unreported, leading experts to have to estimate or leave those parties out. Some parties do not wish to report out of embarrassment, while others think there is nothing to be done after the crime has happened.
- Naturally, those responsible for a data breach, either through negligence or malfeasance, can face severe consequences.
What Are the Causes?
- Overall, the vast majority of data breaches are caused by human error (we will be returning to this idea a lot). It is not hacking as you see in most movies or tv shows, where someone types frantically at a keyboard until something is hacked. Instead, it is often someone giving away their password or using something incredibly easy to break. In some rare cases, it is a hacker brute-forcing a notably weak password.
- Speaking of weak passwords and human error, take a note of the most commonly used passwords and make sure you aren’t using any of them, whether it's on an app, a general account, or directly for your smartphone.
- And the fact that such tactics are working means that cybercriminals are going to double down on them. Why spend the resources for an attempted hack to effectively force down a secure door when you can just trick someone into giving you the key and letting you in, perhaps serving you a cup of tea in the process? Expect more and new social engineering tactics to be used in the coming years.
- It should also be noted that cybercriminals generally work in groups or collectives. There are too many to track yourself, but the defense will be a matter of knowing that there could be specialists and people who do have all day to try to scam you.
Unique Problems with Mobile Phones
Mobile phones might do a lot of the same things as computers these days, but they can operate quite differently. Mobile phones have historically been more secure, but that will not last forever without preparation and action ahead of the curve. There also are unique problems that mobile devices have, which we’ll go into below:
- While the mobile phone can by default be more secure than the average internet-connected device, this can lead people to a false sense of security. People might think their phones can’t get hacked, or don’t hear about breaches as often as the big hacks. Furthermore, breaches that people do hear about often come from the side of an app creator, not a user. No one hears about an individual phone being hacked or infiltrated because it is not newsworthy.
- Much like there are malicious websites on the internet for desktops and laptops, the same is also true of mobile sites. Not all are trustworthy, and they might be designed to capture your attention (or make you feel like you can’t escape). If you run into such a site, the best thing to do is close out of it as soon as possible, and failing that close your browser by any means necessary.
- Smartphones are by default devices of convenience, and people like to use them as quickly and efficiently as possible. Unfortunately, this can mean that people who would otherwise like to use them might turn off security features if they find them hindering. Even a few seconds per use can be too much of an inconvenience, leaving a smartphone open to problems.
- Jailbreaking phones remain a common problem on the security front. Many people jailbreak their own phones to gain more access or allow them to use a phone with another carrier, but jailbreaking also heavily weakens the security of a phone, allowing for cybercriminals to create more exploits. Others might jailbreak a phone to allow access to more apps that are not on an official app store. However, many of these apps are problematic and some are outright malware in disguise.
- An out-of-date smartphone can be much more easily hacked, much like an out-of-date computer or computer with an out-of-date security program. Make sure that you update it regularly and update your apps similarly. It might be done automatically, but it is wise to check that such settings are turned on.
- A smartphone, even one that’s important to work and accesses sensitive information, can be used anywhere. This leads to plenty of security issues. People operating on public networks can easily have their information intercepted, and just a few login credentials lost can lead to huge problems. You will want to make sure you are using a data plan instead of a network, and you will likely not need to use such data to keep yourself safe. Watching videos on public WiFi is fine. Doing your taxes is not.
- It's much easier for a physical thief to run off with and pocket a smartphone than they could a desktop computer or even a laptop. There are measures to help with this such as phone tracking, biometric locks, and more, but even the base hardware might be valuable to sell.
Notes on the Targets
The cybercriminals and security problems themselves are only one part of the equation. While they are usually at no to little fault, we should also consider who cybercriminals are targeting. Some groups and types of businesses get targeted more than others, and there are other trends you should pay attention to. Here is what you need to know:
- To start, you may wonder what all of this information about businesses may have to do with smartphones. How could they be key to data breaches at larger firms? Smartphones have access to so much, and people often do not take notice of them when they might commit a security error or leave themselves open. There might be cybersecurity experts and IT professionals who take notice, but if company leaders and every employee listened to them, we wouldn’t have nearly as many problems as we do now with cybercrime.
- However, the most secure sites in the world do take smartphones seriously. Some smartphones are more inherently secure than others, and some mobile sites and apps are more secure. If you work in a secure job, you might have such a phone provided to you, and are prohibited from using your personal phone. At the start of the recent pandemic, there was much planning related to this and some worry. Would people be safe working at home?
- In short, note the following: just because so many sites get targeted every day doesn’t mean that all sites have an equal chance to get hacked or every mobile device has an equal chance to find itself with a problem. Cybercriminals go after the easiest target or the easiest target with the highest payout.
- Think about some of the most popular apps on the market now, or the ones that aren’t talked about but are commonly used. How much data do you think they have on people? How valuable would the totality of that data be to the right people? A staggering amount, surely. Alternatively, how much would a company be willing to pay in ransom to ensure that the hacked data never got released?
- When it comes to companies and business targets, some industries are targeted much more than others. The health care sector is one of the most concerned groups, and from 2017 to 2021 attacks on organizations in the sector quadrupled. This is a trend that is not expected to slow down, either. And given the amount of sensitive information health care organizations have, it makes sense why they would be targeted so much.
- To their benefit, health care organizations also have stricter rules on the use of smartphones, websites, and data regarding patient records and the like. Smartphones won’t be used so often if protocols are followed. If they are or will be in the future, we can expect specialized, work-only devices to be used. Many remote workers in the sector already use specific laptops.
- Government organizations are not immune to cybercrime and are some of the most targeted institutions. Should these organizations not have some protocols and rules in place for smartphone usage, we may see additional stories about government groups large and small suffering data leaks. This could lead to security issues and less faith in government.
- International borders mean nothing to cybercriminals. In fact, many cyberattacks. If you see a lot in the news about how many attacks are coming from Russia, China, or North Korea, there is a lot of truth to that. And if countries hoping to destabilize others do so through cyberattacks, that’s all the advantage to them.
A Lack of Security
One of the most concerning things we’ve found is just how little prepared a lot of companies seem to be when it comes to cybersecurity. While you might not be able to change much in regards to your smartphone security with this information, you should remain aware regardless:
- Generally, only five percent of folders at companies are properly protected. Given the amount of data that can be found or inferred from even basic documents, this is a huge problem, especially since protecting folders and files is now easy.
- Depending on which survey or study you look at, about 90 to 95 percent of data breaches are caused by human error. This means they are easily preventable with the right protocols, training, and discipline, but they are not.
- Even after a data breach has occurred, it isn’t as though the perpetrators will set off all the alarms and throw a loud party letting everyone know. It took an average of 207 days to identify a data breach in 2020. That is a long time for cybercriminals to collect additional data.
- Part of the problem might not be a lack of interest in hiring people, but a lack of enough people with relevant skills. One survey noted that 55 percent of companies have unfilled cybersecurity positions. About 50 percent say that the applicants they get are not well-qualified. And 61 percent of responses indicate that cybersecurity teams are understaffed.
- There are a total of 3.5 million unfilled cybersecurity jobs in 2021. The good news is that based on current rates in education and related predictions, the number of unfilled positions is not expected to grow.
What You Can Do
All these stats can be frightening. Is your phone safe? Is your phone going to be hacked or compromised next? Chances are it's perfectly fine and it will not be hacked, so long as you follow the proper procedures and keep yourself safe online and while you use apps. Here are all the basics you should be following:
- As for whether you should install a cybersecurity program into your smartphone, it can depend. As a rule, your smartphone will have the proper security already installed, and malware on iPhones is incredibly rare. If you fear that you have downloaded something less than ideal or regularly download files onto your phone then an installation is warranted. Just be careful of the program that you use, as you might find that the cure can be worse than the virus, so to speak.
- We recommend using a security app from a reputable company, and that the app is not free. If you are not paying for the product, then you (and your data) are the product. If you subscribe to a service for your laptop or desktop, then you may have complimentary access to their mobile product.
- Most of what you should be concerned with is your own behavior on your smartphone and potentially falling for a scam of some sort online, leaving your smartphone or accounts vulnerable. Scams that might be easily noticeable on a browser might not be so noticeable once you are trying to look at everything on a mobile site. You also need to stay aware of common scams and major events. You don’t need to check the news every day (that would be exhausting), but you should make a quick search every few weeks.
- Common sense will be your best friend in avoiding scams. If something is too good to be true or seems out of character, it likely is.
- You absolutely need to protect your phone in a physical sense as well, making sure that no one steals it. Generally, this means keeping it on your person, which isn’t too hard. You also need to avoid pickpockets and the like in large cities. There are chains and devices you can use to help keep your phone in your pocket.
- If your phone does get stolen, you will be grateful to have a way to track it. While there might be concerns over location tracking, generally this information isn’t so readily available and companies should have it than a criminal have your phone, which they could then potentially use to access all of your data. Something like a “find my phone” feature comes standard these days, and all you’ll likely need to do is activate it.
- There might be more specific needs based on your particular phone or the apps you use, but you should look in more detail at the different options and what vulnerabilities there could be. Perform additional searches to make sure you are leaving any doors open.
- Educate yourself as to the common scams you might find online, whether they are meant for smartphone users or not. Phishing scams and variations are the most common, then various other forms of social engineering and impersonation. Be wary of strangers that reach out to you out of the blue. Don’t overshare information, either in communications or on social media.
- Stick to the main app stores for your apps. There is hardly any reason you might want to go outside of them, and there are fewer security controls on other app stores. There is everything you might ever want on the main store, and you will likely find malware elsewhere that could ruin your phone. Those stores also might not be legitimate and outright steal your credit card information.
- If you are in a position where you can create policy for your organization, you should consider investing both in more cybersecurity technology in general and looking to create a cybersecurity plan for the organization.
- And even if you are already doing so, not enough organizations consider smartphones to be an important part of the security plan. They mostly focus on company laptops and desktops. Yet most people will discuss work on their smartphones, or check work emails on one. Those conversations alone could cause a data breach.
After reading all of that, we understand that you might have cause for concern about the safety of your phone, your apps, and your private information. Yet know that there are measures you can take and habits you can form to keep yourself safe and that people are putting forth their best effort to make sure that cybercriminals don’t have free run of the internet. Just keep aware of what you’re doing online, follow your instincts (after you train them a bit), and keep on top of any major changes in the smartphone world. We hope that this information has been helpful to you and may you have a safe time using your smartphone.