As the gap between desktop and mobile becomes smaller and smaller, businesses are encouraging the use of mobile apps and a BYOD environment. But with this power of creativity and productivity comes responsibility to security, and that’s something many CISOs are worried about.
One of these threats to enterprise security is data jacking. It’s the misuse or theft of data on a mobile from its primary owner. Examples of data jacking include ransomware, mobile malware, and theft of mobile devices that have sensitive, unencrypted information such as medical data or financial records. In fact, 24 percent of data breaches reported to the Office of Civil Rights in 2016 involved the loss or theft of an unencrypted device such as a USB drive, laptop or cellphone. Data encryption technology on those devices could have prevented the exposure of 1.5 million records last year due to data jacking.
Data jacking also extends to the network at large. Reports surfaced from Kaspersky Lab and others in December 2016 of criminals exploiting open installations of MongoDB and Hadoop databases and holding the information hostage. In that case, attackers simply scanned the internet for the open installations, copied and deleted the contents, and left behind a ransom note for the victim. In some instances, the data was permanently destroyed beforehand—meaning the company never got it back despite paying the ransom. These types of attacks increased 400 percent over a matter of weeks since they were first discovered.
As BYOD, mobile platforms and cloud computing continue to grow, CISOs are understandably worried. According to a 2014 Gartner report, more than 75 percent of mobile applications would fail basic security tests. Between the security vulnerabilities and employee carelessness, what can you do to protect yourself?
Ransomware and Ransomware-as-a-Service have paved the way for data jacking in general, so it’s sure to become more common as hackers seek to make easy profits with little work involved. In a growing cloud adoption world, it’s more important than ever to make sure your network is as secure as possible and protect your data. If you’re interested in learning more about a secure cloud infrastructure or a defense-in-depth strategy, visit our cloud page or contact us today.