Analysis of Android phones last year revealed that 27% of the average user’s daily waking hours were spent looking at their mobiles in April 2020. This is up by a fifth on 2019, and interestingly, much of this increase stems from work-related activities. Time spent on business apps jumped from roughly seven billion hours in 2019 to 20 billion hours in 2020.
The numbers were not borne out of coincidence. They were the results of a pandemic-induced ‘new normal’, where the lines between work and home were, and still are, blurred.
Bedrooms have become offices, and offices have become ghost towns. Personal devices have also changed and are now being used for professional purposes more than ever. This is because working from home has instilled more fluid lifestyles and flexible working cultures.
We’ve seen many of our own customers embracing this transition. They encourage employees to adopt malleable habits and incorporate an increasing number of devices such as tablets and mobiles that support such cultures into their overall digital footprints.
What needs to be noted, however, are the risks that come with such changes.
The mobile threat landscape
With a greater digital footprint comes a greater overall attack surface for cybercriminals to live off. Indeed, the statistics speak for themselves – the widespread shift to remote working saw global phishing attacks rise 37% globally.
Such figures shouldn’t be overlooked.
While a personal device’s primary use may not be work-related, it can still access corporate data, and therefore needs to be secured.
Historically, mobile devices have been heralded for their security architecture. Apple has done a particularly good job of securing iOS through the sandboxing of apps. Mobile vendors have also played their part. They have provided mobile device management (MDM) and enterprise mobility management (EMM) software that containerises data effectively on any given device.
This is not to say that mobiles are immune, however. They are subject to the same phishing and Zero Days attacks stemming from malicious emails and websites that face PCs. The same browser vulnerabilities on Windows, Linux, or Apple Mac operating systems also exist on iOS and Android.
Apple’s 14.4 iOS update, delivered as recently as January 2021, is a case in point.
Here, the company announced that the patch addressed two vulnerabilities in WebKit – the browser engine used by Safari – that could allow a remote hacker to cause arbitrary code to execute. It confirmed that these vulnerabilities “may have been actively exploited”.
Don’t overlook the human factor
Mobile threat execution may often be exacerbated by human factors.
Mobiles are all about convenience – people will typically be more relaxed when using them. When using mobiles on the go, it can be easy to become distracted and let your guard down. Often, less attention is paid to certain links and webpages that have malicious intent.
Equally, mobile sanity checks are more difficult. You have a reduced screen size, making it harder for the human eye to determine what is legitimate and what has been constructed for phishing.
Smaller screen sizes on smartphones mean the browser address bar doesn’t always show the full URL being accessed. Worryingly, most users don’t know how to preview links on mobile before clicking.
Mobile isolation – is it the cure?
Research shows that unmitigated mobile phishing threats could cost organisations with 10,000 mobile devices up to $35 million per incident. Yet, such threats are now entirely avoidable thanks to new industry capabilities – namely, isolation technology.
Isolation moves the execution point for active content away from a user’s browser to a disposable, cloud-based virtual container. It essentially acts as a screen, preventing all active content, including exploit code from a target. Thus, it prevents attacks on a user’s machine.
At Menlo, we’ve built a secure web gateway that leverages the power of isolation to protect users on mobile devices – an industry first. Our Isolation Core technology powers the Menlo Security Global Cloud Proxy Platform. It eliminates the threat of malware and phishing attacks when users access the internet and email from smartphones and tablets.
It separates the enterprise network from the public web. All this while providing users with secure, low-latency connections to the Internet and SaaS applications. Rendering content safely in a remote browser stops any potentially malicious code from reaching the end-point.
The headline? Instead of it being ‘almost safe’, it can stop malware 100 percent of the time.
Such capabilities were previously unseen in a mobile capacity, and for good reason. Mobiles are all about the user experience. Apple’s entire brand is largely built on the principle of ‘native is best’. It allows its devices and systems to operate smoothly and seamlessly.
Further, there are challenges associated with keeping up with the continual evolution of mobile platforms and their ever-expanding features. Many devices are constrained in power, performance and network bandwidth and latency.
Smart document object modelling provides a solution
That is why we’ve introduced Smart document object modelling (DOM). It is the next iteration of our DOM-based rendering technology. It has traditionally been used to provide a secure and transparent browsing experience that surpasses traditional pixel-based remoting technologies.
Smart DOM pushes the boundaries of remoting technology. It enables accurate and efficient rendering that is well suited for mobile browsers and an ever-expanding web platform. All done while retaining the security and user-experience benefits of its predecessor.
It is the product of a decade’s worth of experience in developing RBI technologies and the latest milestone in providing 100% effective mobile browsing. Indeed, it could be considered a holistic cure that makes mobiles entirely secure.
Menlo Security protects organisations from cyberattacks by eliminating the threat of malware from the web, documents, and email. Menlo Security’s isolation-powered cloud security platform scales to provide comprehensive protection across enterprises of any size, without requiring endpoint software or impacting the end-user experience. Menlo Security is trusted by major global businesses, including Fortune 500 companies and eight of the ten largest global financial services institutions, and is backed by Vista Equity Partners, Neuberger Berman, General Catalyst, American Express Ventures, Ericsson Ventures, HSBC, and JP Morgan Chase. Menlo Security is headquartered in Mountain View, California. For more information visit www.menlosecurity.com.