You will soon receive an email with a link to confirm your access, or follow the link below.
You may now close this message and continue to your article.
Mobile security risks are real—and expanding. All types of organizations are adding mobile and IoT devices into their daily operational processes, without extending robust protections across all endpoints. As a result, the attack surface is expanding. Again, critical infrastructure is at heightened risk overall, from increased IoT use to legacy systems and equipment to nation-state targeting.
Not only are mobile compromises trending up, but the consequences of breach incidents can be profound. Widespread bring-your-own-device (BYOD) policies have led to corporate, sensitive or regulated data being stored on or passing through mobile devices. And because mobile devices are so easy to carry, they’re also easy to steal. If a mobile device has high-value data stored on it, a breach can result in the immediate loss or theft of that data, especially if the device’s lock screen is disabled or it doesn’t have remote-deletion capabilities.
of organizations have at least one mobile device user on staff who has disabled their lock screen feature, even though only 3% of all devices have the lock screen disabled.20
It’s especially worrisome that attackers who compromise a mobile device frequently use the infected device to gain access to company networks. This can result in large-scale data exfiltration, the spread of ransomware, customer and employee privacy violations and costly operational downtime.
of respondents experienced an organizational security incident involving a mobile or IoT device that resulted in data loss or downtime.
report that such compromises had major impacts on their organizations.
Consequences of a mobile-related breach can be especially devastating for organizations in critical infrastructure sectors. Mobile—and especially IoT—devices are embedded in mission-critical processes and workflows. A breach or failure can disrupt operations and has the potential to impact human health and safety.
of Public Sector respondents agree that a security breach of their organization could endanger lives, especially if critical or emergency services go down.
of manufacturing respondents agree that a security compromise could disrupt their company’s supply chain, bringing serious financial implications.
of healthcare respondents agree that the highly confidential nature of patient data makes their organization a prime target for cybercriminals.
Critical infrastructure organizations tend to face higher remediation costs and downstream losses when a breach occurs. Among respondents in critical infrastructure organizations that had suffered a compromise:
Nearly half (40%) admit they experienced damage to their reputations and loss of business.
More than a quarter (28%) report that addressing the incident required expensive remediation.
Michael Covington, Vice President, Portfolio Strategy, Jamf
According to research from Jamf, the majority of malicious actors targeting mobile devices are trying to achieve one of the six goals outlined below.21 That’s why it’s a good idea to follow best practices adapted for mobile from standards such as the NIST Cybersecurity Framework and Center for Internet Security (CIS) Benchmarks to help protect your organization.
Gain access to confidential business data. Attackers are frequently motivated by financial gains or competitive advantages; theft of intellectual property is frequently cited as a top motivator for developing malware.
Spy on users without their knowledge or consent. Threat actors have been observed taking advantage of the always-on, always-with-us nature of mobile devices to listen to conversations, intercept SMS messages and track physical movements through GPS.
Bypass internal security protections. Modern operating systems like iOS have built-in protections to restrict what can run on mobile devices. Changes to Apple’s controlled distribution model via regulation like the EU’s Digital Markets Act is reducing the efficacy of those once controlled walls built to protect the mobile device.
Obtain private data without authorization. Researchers at Jamf have seen malicious apps circumventing Apple’s Transparency, Consent and Controls (TCC) as part of the attack chain targeting Apple users, ultimately weakening built-in protections and making device compromise easier. Apple’s mobile devices have similar features in place to protect end user privacy that can also be tampered with as the attacker looks for the weak links in the chain.
Run malicious code on devices. Zero-click exploits are well-documented, but vendors are quick to patch vulnerabilities that are exposed to the remote attacker. The ultimate goal is usually for the attacker to gain a foothold on the device from which they can surveil, exfiltrate data or pivot to another asset.
Pivot from an infected device to compromise networks. Beyond data theft, privacy compromises and persistence objectives, it’s not uncommon for attackers to simply use a compromised (and trusted) mobile endpoint to move closer to the more valuable target within the organization.
20 Jamf, Security 360: Annual Trends Report, 2024.
21 Jamf, Security 360: Annual Trends Report, 2024.