Remote, gig, hybrid – these ways of working have become normalised during the pandemic and are now defining how organisations interact with employees across multiple skillsets, locations and countries. Anna Collard SVP Content Strategy & Evangelist at KnowBe4 AFRICA, believes that we need to make our people more aware of the threats of the oncoming rollout of 5G – a technology that will be transformative for mobility, but also introduces some new security vulnerabilities.
“5G technology presents a massive opportunity for the mobile industry to enhance the network as well as its security and will significantly improve security over legacy networks which is very much needed considering that there are expected to be around 1.8 billion connections on 5G by 2025,” she explains. “But we have to keep in mind that traditionally, operators used proprietary protocols for network management and hackers had to have specific understanding of these protocols to break them. Now, with 5G, they are moving towards a P-based protocol set, which is the same technology used on the internet.”
This protocol has its advantages – it is faster, it is better understood and it can be secured more effectively. It also has the disadvantage of more potential for attack because more cybercriminals understand this environment, the quicker it will take for them to exploit a vulnerability. According to the GSMA report ‘The Mobile Economy 2022’, security is a key component of mobile accessibility and the widespread use of digital technologies.
“There is an increasing number of reports on the increased risks that come with 5G and the mobile workforce,” says Collard. “These are matched by the increased number of cyber-attacks that are targeting mobile workers and the devices that they use. A recent example is the FluBot malware. This has caused mayhem on Android devices because it spreads easily and its attack vector – messages – are easily mistaken for the real thing.”
The FluBot mobile malware operates just like the flu. It infects the device using a blended attack of smishing using an SMS or WhatsApp message followed by a voicemail. Users click on the link, download the malware and then their systems are not only compromised, but used as a platform from which to inundate their contacts with the virus. It is fast, and so convincing that even sophisticated users fall prey to it.
“While the FluBot virus was dedicated to attacking Android devices, this does not mean iPhones are excluded from risk,” says Collard. “Every operating system on every platform is potentially vulnerable, which can result in attackers gaining privileges and access on your device. Some can mimic your banking website login so you end up handing over your credentials to hackers, not FNB..”
The challenge is the fact that working with small screens while on the go can result in people making mistakes they would not normally make on a PC or laptop. Add to this the fact that the devices themselves may be connecting to unsecured public networks or that many people on the continent use second hand or old devices that may no longer support the latest security patches.
“Companies need to make sure that users understand why keeping your apps and Operating Systems updated is so important and that jailbreaking or rooting your devices breaks all of the security on them,” says Collard. “They have to keep people up to date on the latest threats and how to identify them. It is the same training and education that should be entrenched within the business, but applied across every user, location, device and platform.”
While there is no way to predict how mobile threats will evolve or what the next threat will look like, it is possible to ensure that people understand the risks and how to protect against them. Mobile working and attacks are not going to change any time soon, so behaviours, attitudes and approaches must.