Cybersecurity as a whole — and mobile security specifically — has always been akin to a game of whack-a-mole, but that game has gotten even more intense since the arrival of COVID. In fact, there are estimates that cyber crimes have increased by 500% since the COVID-19 pandemic began in March 2020. And to compound matters, we’re collectively more reliant upon our smartphones and technology as we strive to work remotely and stay connected.
One of the latest spyware threats, discovered by Zimperium, a mobile security firm, is prompting many companies to re-evaluate their security protocols, including app installation whitelists / blacklists and bring-your-own-device (BYOD) policies, among others.
PhoneSpy Spyware – The Android Spyware That’s Threatening the Business World
This latest piece of spyware targets Android smartphone devices and the capabilities are rather startling. Not only does this spyware — named PhoneSpy Spyware — have the ability to steal sensitive data from devices, but it can also control the microphone and camera. In addition to unsettling eavesdropping capabilities, this spyware can even delete security apps.
The scary part: PhoneSpy can actually embed itself within legitimate apps. TechCrunch explains, “Unlike other spyware campaigns that typically take advantage of on-device vulnerabilities, this campaign, known as PhoneSpy, hides in plain sight on victims’ devices, masquerading as legitimate Android lifestyle apps, from TV streaming to yoga instruction. In reality, however, the spyware is stealthily exfoliating data from the victim’s device, including login credentials, messages, precise granular location and images. PhoneSpy is also capable of uninstalling any apps, including mobile security apps.
“Researchers at mobile security firm Zimperium, which discovered PhoneSpy inside 23 apps, say the spyware can also access a victims’ camera to take pictures and record video in real time, and warned that this could be used for personal and corporate blackmail and espionage. It does this without a victim knowing, and Zimperium notes that unless someone is watching their web traffic, it would be difficult to detect.”
On a personal level, users may be unsettled by the idea of a random stranger accessing their data and eavesdropping via their smartphone’s mic and camera. But the risk of tangible losses arising from the spyware infection are relatively few.
Things are very different when you approach this breed of spyware from the perspective of a business, as the potential impact of corporate espionage and data theft is staggering. Just think of how virtually every person plops their mobile device on the conference table where you discuss your new company strategies, financials or other sensitive business information — information that competitors would pay good money to learn. Each and every device on that table could be infected with spyware.
That’s just one example of how today’s malware and spyware is placing companies in a vulnerable position, prompting IT leaders to re-evaluate their security practices.
Maintaining Secure Devices: Taking on Malware and Spyware
Companies are now rather adept at handing out company-owned devices with an approved set of apps and software programs. But the challenges tend to multiply when the device is handed to the employee. These include:
- Controlling what apps are installed on the device once the employee is in possession of the device;
- Ensuring that apps and software programs are updated in a timely manner, especially when security patches are released;
- Prohibiting the installation and / or use of apps / software that pose a security risk; and
- Mandating the use of security apps, firewalls, partitions and other security measures.
These are just a few of the points that IT leaders must consider as they develop their company policies and best practices. And this says nothing of bring-your-own-device scenarios. BYOD policies are a bit trickier since the company doesn’t own or even control the device in question, yet if it’s connecting to the company network, software / apps and interacting with digital assets, then it could be posing a security risk. Clearly, some degree of oversight is necessary in order to maintain security and digital integrity. But how to achieve that oversight in a way that’s efficient and compliance-friendly is the challenge that many companies are now seeking to tackle.
Whitelists and blacklists have long been utilized for company-owned devices. With risks increasing, app and software whitelists are now gaining more popularity amongst companies that are allowing employees to use their own devices in the workplace. Only one thing is clear: there’s no cut and dry solution to cyber security threats and the game of whack-a-mole continues as corporate IT leaders seek to keep pace with new threats.
Enterprise Software and Mobile Apps to Minimize Security Risks for Your Business
Enterprise software platforms and custom enterprise mobile apps can be an effective part of a digital security strategy since you can consolidate many (or all) of your company operations into a single platform that can be outfitted with in-built security features.
You cannot expect to guard against all security, spyware and malware threats, but an innovative enterprise mobile app and enterprise platform can go a long way toward bringing peace of mind and minimizing risk. In fact, the team here at 7T has experience with enterprise development and development of highly-secure platforms with military-grade security, so we’re well-positioned to assist any security-conscious business that’s ready for a digital transformation project.
At 7T, we have earned a reputation as a top Dallas mobile app and software development company, with expertise developing dynamic mobile apps and innovative software platforms, from CRM platforms and ERP development, to Snowflake data solutions and beyond.
At 7T, our development team works with company leaders who are seeking to solve problems and drive ROI through digital transformation. As an innovative Dallas software and mobile app development company, as 7T integrates cutting-edge solutions into virtually every project. We’re here to deliver collaborative, multi-phased software development services to clients in all business sectors.
7T maintains offices in Dallas, Houston, Chicago, and Austin, but our clientele spans the globe. If you’re ready to learn more about an enterprise messaging mobile app or a SayHey Messenger integration for your enterprise platform, contact 7T today.