From WannaCry to NotPetya, security breaches are becoming all too common in the news. But the big question is: where do these breaches come from? And are we more vulnerable on desktops or mobile devices?
Looking closer at some recent security breaches, most (including WannaCry) have stemmed from attacks targeting desktops. These attacks range from exploiting built-in vulnerabilities to infiltrating outdated software to relying on plain old human error.
Most data breaches tend to originate from within the Windows operating system, and this remains the primary focus of the cyber security sector. A 2016 report from Business Insider Intelligence estimated that $386 billion would be spent on cyber security initiatives to protect PCs between 2015 and 2020. The report projected that $113 billion would be spent on securing mobile devices over the same time period.
Are desktops less secure?
When Windows was first developed, it was made for a standalone PC. It was not created with the connected world in mind. As a result, the operating system (OS) had security holes from the start, and many of these holes have carried through to today. Designs for the Mac OS and Linux were based on a networked, multi-user system. While both have their own flaws, they still tend to be more secure than Windows, which runs on 86% of the world’s computers.
To address Windows security concerns, nearly all businesses running the OS have various forms of anti-virus software, firewalls and secure web gateways in place to protect sensitive data. Many personal PC owners running Windows also use some form of anti-virus software to protect their laptops and desktops.
Fact vs. feeling
Another factor fueling the consensus that desktops are less secure is experience. Many of us have dealt with a virus or some form of malware on our computers at some point. However, few of us have had the same experience with our phones. This builds up the notion that we don’t need to worry about security threats on our mobile devices the same way we worry about security threats on our desktops.
But then again, since traditional computers have been around longer, traditional computer viruses have been around longer, so this is why they’re more ingrained in our public awareness.
Are mobile devices actually more secure?
In terms of the way they were originally made, yes. Smartphones, tablets and other portable devices were not only designed for a connected world, but designed by developers who applied lessons learned from the desktops that preceded them. Mobile devices started out with a very different built-in security model compared with the original Windows OS, which had very little security.
But just because mobile devices were built to be more secure, it does not necessarily mean they still are.
The human factor
It’s really not possible for anything to be 100% secure, especially when we consider the human factor. We are still quite often the weak link in the chain. No matter how much training someone receives, people make mistakes. From not updating software to clicking on phishing links or simply losing devices, human error can leave even the most secure system susceptible to a breach.
We also interact differently with our mobile devices than we do with laptops or desktops. When it comes to work, many employees treat their company-assigned phones more like personal phones than they would with company-assigned laptops (although this isn’t always the case). This mix of work and personal use on one device can put an entire company’s data at risk, even if only one employee falls victim to an attack.
It’s just a matter of time
From the time the first iPhone was launched in 2007 to today, hackers have become increasingly adept at navigating through existing security layers to compromise mobile devices. And the amount of sensitive data on mobile devices continues to grow exponentially. Not only do we fill our phones with pictures and videos, but also highly sensitive information like bank details, logins for social media accounts and cloud-based storage platforms like Dropbox.
Unlike heavy desktop computers or even lightweight laptops, mobile phones live in our pockets and purses. At any given time, we’re carrying devices that have built-in cameras, microphones and GPS signals. The desire for hackers to gain access to these devices is obvious.
So what are the security concerns for mobile devices today? Below are the types of threats to watch out for.
Attackers are continually innovating. Our research shows that the number of malicious malware installation packages targeting mobile devices more than tripled in 2016, resulting in almost 40 million attacks globally. Gartner’s 2018 Market Guide revealed that there are 42 million mobile malware attacks every year.
There is a common misconception that iPhones are not susceptible to malware, which is in part due to the common misconception that Mac computers are not susceptible to malware. In fact, numerous different types of malware have been found on iOS, and the numbers are growing (for more on iPhone threats, read our post: ‘Beware iOS users: malware is by no means an Android-only problem’).
Android devices are just as, if not more, vulnerable to threats, and hackers were quick to discover and exploit these vulnerabilities (for more on Android threats, read our post: ‘4 ways hackers are infiltrating Android phones with malware’).
Phishing is the biggest threat targeting mobile devices. While smaller screens make it much easier to miss full URLs in browser windows, the general consensus that mobile devices are safer leaves many users with their guards down, and hackers are taking advantage of this.
Data from IBM shows that users are three times more likely to fall victim to a phishing attack on a mobile device than they are on a desktop, and new phishing pages are being created every 20 seconds. The attacks themselves are also becoming more sophisticated, with pages often posing as legitimate links from well-known brands. This is making it harder and harder for users to differentiate between what’s genuine and what’s deception. As 90% of data breaches start with phishing attacks, protecting mobile devices is becoming increasingly critical.
So, do we have a false sense of security when it comes to mobile?
In short, yes. Consumers and corporations alike assume that mobile devices are safe, and this gets back to that human factor issue. Most of us don’t even think about the possibility of security threats on our mobile devices, and this lack of awareness is exactly what leaves many devices vulnerable.
A 2014 study by Consumer Reports found that more than a third of mobile users did not implement any security on their devices, with 36% using 4-digit PINs and only 11% using more complex passwords.
This mindset is gradually changing as more and more users encounter things like phishing links through SMS or WhatsApp messages. However, only 14% of Americans think it’s more important for their mobile devices to be equipped with proper encryption than it is for their laptops.
The evidence shows that while mobile devices may have started out more secure than desktop computers, the game has has changed and hackers are continually becoming more advanced. The threats are real, and keeping your devices protected begins with awareness.