Wednesday, May 6, 2020
Method to Detect and Mitigate Data Breach in Mobile Devices - Samples
Question: Discuss about the Method to Detect and Mitigate Data Breach in Mobile Devices. Answer: Introduction The detection and mitigation of data breaches in mobile devices is not an easy task. Some advanced tools and techniques are required to use to get rid of this problem. However, before start discussion about mitigation of data breaches, it is important to discuss about commonly encountered data breaches by users and how they put impact on their mobile devices. After analysis, some essential data breaches are found related to mobile devices such as Spyware, Mobile Botnets, Ad and Click Fraud, Dead Apps and IoT Malware. In next segments of this report I would like to focus on these data violations in detail and also highlight methods to resolve this problem with literature reviews (Hamblen, 2017). Common Data Breaches in Mobile Devices Following is detail discussion about data frauds in mobile devices: Spyware It is one of the vulnerable data breaches in mobile devices. Spyware software is used by hackers to access corporate network, databases and computer systems. Moreover, it is also used to find out ways to infect mobile devices. It is found by experts that this software can be operated both on iOS and Android devices. Pegasus is a common example of spyware that is used by cyber-criminals to hack iPhone or iPad for harvesting data (Doug Olenick et al., 2017). Mobile Botnets Today, new malware has potential to convert hosts of mobile devices into botnet which is controlled by hackers and owner of mobile device does not have any knowledge about this. This is really dangerous that without any notice of mobile user his or her data is stolen by hackers. According to analysis it is found that the first target of botnets was Android devices (Porter, 2012). At that time, hackers used proxy IP addresses to mask ad-clicks and to generate revenue from those clicks. After this data breach of botnets, some other data breaches were also found such as Hummingbad that infected more than 10 million Android based operating systems. Under this attack, users detail was obtained without knowledge of them and sold to others. Ad and Click Fraud It is also a harmful type of data frauds that is conducted in mobile devices and as well as on other devices. This fraud has become a matter of concern for every user because heavy losses are encountered due to this vulnerable attack. It is a way to get internal access of network of an organization by hackers. By doing this, attackers send SMS phish to mobile users with a link and document attachment, when user clicks on link then a malicious app automatically download into his mobile that can damage boot files and database resides into that device. Moreover, it is also possible that attackers can access hold of mobile device without authorization and can steal login credentials (Leitner, 2017). Dead Apps Dead Apps in mobile devices have also become a main concern of data frauds. It is necessary for users of mobile devices to update and monitor their mobile apps regularly. If those are apps are no longer supported by Google or Apple stores then delete them. Hackers take advantage of dead apps to harm your devices in any potential way. That is why supporter companies of these devices do not explore list of apps that further require no updates because hackers will try to misuse these apps. Therefore, it will be better that users keep themselves aware about these concerns. IoT Malware IoT malware data breach is related to Internet of Things. There are many packages of IoT malware have come into market that are putting influence on mobile devices. Indeed, IoT is connection of smartphones and other telecommunication devices. That is why it is for hackers to use IoT malware to attack on mobile devices to fulfill their hacking purposes (The ChannelPro Network, 2017). Therefore, above discussed ways are highly vulnerable that are used by cyber-attackers to implement data breaching in mobile devices. After this whole discussion, it is cleared that detection tools of breaching must be used properly both at developers and users basis. Before moving forward towards discussion of these methods, literature review is required to assess regarding prevention of mobile devices from data breaches. Literature Review about Mitigate Data Breaches in Mobile Devices According to analysis, it is found that some researchers prefer to implement information security strategy to get rid of this problem of data breaches in mobile devices. This security strategy will help to utilize mobile devices in a secure way by providing awareness to users that what kind of tools must be used to get rid of problem of data breaches and how mobile can keep secure from unknown virus attacks (Wang, 2005). According to Ernust and Young (2012), with the advancement of technologies, risks of its security and privacy are also increasing day by day. Therefore, without a proper planning and strategy, the detection and prevention is not possible. Information security strategy helps to reduce all threats regarding security and privacy of data. The established IS strategies consists of prevention, detection, response and compartmentalization and deception (Sveen, 2009). The prevention is the most common security strategy for protecting information assets from virus attacks. He re firewall is the best example of prevention which is in-built in operating systems for protecting computer systems and mobile devices from external attacks (Ahmad et. al. 2012). Next essential strategy of information security is detection and its aim is to identify malicious behavior of intrusion or attacks on data. Here IDS i.e. Intrusion Detection Systems are highly preferred to use by security experts. These systems allow users to perform continuous scan of their devices to detect security irregularities (Cavusoglu et al. 2005). Response strategy is one of the effective IS strategies. According to Ahmad (2012), after detecting an attack, this strategy provides guidance to users regarding implementation of appropriate security countermeasures (The ChannelPro Network, 2017). Both detection and response strategies are corresponding to each other because without response there is no meaning of detection. Most of the response strategies mostly refer to recovery and reaction. Further more, isolation strategy also plays an important role in detection and mitigation of data breaches. The main of aim of isolation is to trap intruders in a controlled zone of network of mobile devices to assess their actions. This strategy is basically known as deception strategy (Hu et al. 2011). From above discussion it is cleared that how information security strategy can be helpful to maintain security against data breaches in mobile devices and as well as on other computer systems. That is why it will be better for users of mobile devices to focus on proper implementation of these strategies to control issues of data frauds. Further, I would like to discuss some commonly used detection and mitigation methods of data breaches. Besides these security strategies, these methods are easy to use (Rouse, 2017). Methods for detection of Data Breaches in Mobile Devices First essential method of detection and mitigation of data breaches is usage of anti-virus. Anti-virus software is easily available online and can be downloaded into mobile devices. Anti-virus software solution has potential to detect and mitigate malware from devices with one click. After configuration of this software, antivirus starts scan of whole system, detects bugs and gives alert messages to users about fixing of bugs. But it is necessary for user to get advanced and powerful antivirus that can properly perform this action (Wood, 2012). Next essential method for mitigation of data breaches is use of encryption methods. If networks of mobile devices will be encrypted then it will be difficult for hackers to hack data from these networks that is sent and received by mobile users. This technique of encryption and decryption is known as cryptography (Cheng, Liu and Yao, 2017). It is a protected technique to resolve problem of data breaches and there is requirement to use a decryption key to decrypt the data which is not easily accessible to users. Furthermore, software updates or patches are also preferred to use for detection and mitigation of data threats. An operating system without security patches and updates is considered weak and hackers can easily control devices of users and can access information from databases. Before, implementing security patches, it is necessary to know that security patches take time to implement then it is necessary to get guidance from senior experts. Besides these above discussed methods, regular updates of software that are installed on mobile devices, are also required. These updates increase level of security in mobile devices by making it more powerful against vulnerable attacks. It is responsibility of users to be aware about these regular updates. Next important method for detection and mitigation of data breaches in mobile devices is to provide proper knowledge to users about technicality and security standards about mobile devices. By doing this, users will be aware about major attack s and will make their system more secure. Moreover, by knowing about security standards, users will measure security and privacy of their devices and if any problem will occur then they can make use tools and techniques properly. In this way, by using above discussed software solutions, mitigation and detection of data frauds both can be done easily. While using all these methods, users should have proper knowledge about its implementation, otherwise they can take help of professionals. Besides this, developers should be aware about new type of data breaches, virus attacks and should develop advanced tools and techniques to resolve this problem (Anderson, 2017). Conclusion To sum up, I can say that today data breaches are getting advanced and to get protection from these attacks better tools and techniques are necessary to use. Therefore, it will be better for users to be aware about these problems and try to get better prevention by using above discussed information security strategies and methods. Not only mobile devices but also other devices should be protected by using these detection and mitigation tools. References Ahmad, A., Maynard, S. B., and Park, S. 2012. "Information security strategies: Towards an organizational multi-strategy perspective," Journal of Intelligent Manufacturing), pp 1-14. Hu, Q., Xu, Z., Dinev, T., and Ling, H. 2011. "Does deterrence work in reducing information security policy abuse by employees?," Communications of the ACM(54:6), pp 54-60. Wang, G. (2005). "Strategies and Influence for Information Security," Information Systems Control Journal (1). Wood, A. (2012). "BYOD: The Pros and Cons for End Users and the Business," Credit Control (33:7/8) 12//, p 68. Cheng, L., Liu, F. and Yao, D. (2017). Enterprise data breach: causes, challenges, prevention, and future directions. Rouse. (2017). Avoiding data breaches through mobile encryption. [online] Available at: https://searchmobilecomputing.techtarget.com/tip/Avoiding-data-breaches-through-mobile-encryption [Accessed 18 Nov. 2017]. Leitner, S. (2017). Preventing Data Breaches with Mobile Device Security. [online] Blog.goptg.com. Available at: https://blog.goptg.com/blog/2015/09/03/preventing-data-breaches-with-mobile-device-security [Accessed 18 Nov. 2017]. Doug Olenick, O., Masters, G., Report, S. and Abel, R. (2017). Lost devices leading cause of data breaches, report. [online] SC Media US. Available at: https://www.scmagazine.com/lost-devices-leading-cause-of-data-breaches-report/article/530198/ [Accessed 18 Nov. 2017]. The ChannelPro Network. (2017). Mobile Device Security: Startling Statistics on Data Loss and Data Breaches. [online] Available at: https://www.channelpronetwork.com/article/mobile-device-security-startling-statistics-data-loss-and-data-breaches [Accessed 18 Nov. 2017]. Porter, M. E. (2012). "WHAT IS STRATEGY?," Harvard Business School Publication Corp., pp. 156-157. Sveen, F. O., Torres, J. M., and Sarriegi, J. M. (2009). "Blind information security strategy," International Journal of Critical Infrastructure Protection (2:3), pp 95-109. The ChannelPro Network. (2017). Mobile Device Security: Startling Statistics on Data Loss and Data Breaches. [online] Available at: https://www.channelpronetwork.com/article/mobile-device-security-startling-statistics-data-loss-and-data-breaches [Accessed 18 Nov. 2017]. Hamblen, M. (2017). One-fifth of IT pros say their companies had mobile data breach. [online] Computerworld. Available at: https://www.computerworld.com/article/3048799/mobile-wireless/one-fifth-of-it-pros-say-their-companies-had-mobile-data-breach.html [Accessed 18 Nov. 2017]. Kroll.com. (2017). Data Breach Prevention Tips - Data Security Best Practices | Kroll. [online] Available at: https://www.kroll.com/en-us/what-we-do/cyber-security/prepare-and-prevent/cyber-risk-assessments/data-breach-prevention-tips [Accessed 18 Nov. 2017]. Anderson, R. Year.(2017). "Why information security is hard-an economic perspective," Computer Security Applications Conference, 2001. ACSAC 2001. Proceedings 17th Annual, IEEE2001, pp. 358-365.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.