Preventing attacks on mobile applications in the enterprise

The use of mobile devices within enterprise organizations is commonplace, so organizations must prepare for all sorts of mobile threat vectors — including attacks via mobile applications — to avoid a cybersecurity breach.

As the COVID-19 pandemic and the trend of working from anywhere have pushed many people to work remotely, mobile devices have become a primary channel for employees to stay in touch with their employers and enterprise networks. While this shift has offered convenience and flexibility to workers, reliance on mobile devices brings new security risks to the table. Ransomware, malware and other types of attacks can target mobile devices to great effect, and organizations must account for this to keep data secure throughout the enterprise.

Mobile app breaches threaten enterprises

It only takes one compromised mobile device for an attacker to access an organization’s network. Corporate-owned and BYOD mobile devices are the ultimate target for land-and-expand attacks, where an attack on a mobile device sets the stage for another attack on a back-end system or cloud application. A typical corporate user’s mobile device may have business email, a unified communications application such as Slack or Teams, and a Salesforce or other customer relationship management (CRM) client. When attackers compromise such a device, they have full access to the corporate network resources — as if they’re authorized users of the device.

Because many workers resorted to using personal and corporate-owned mobile devices to get their jobs done amid the pandemic, the mobile attack surface has grown in recent years. A 2022 report from mobile security vendor Zimperium found that a global average of 23% of mobile devices encountered malicious applications in 2021. The firm also found that 75% of phishing sites specifically targeted mobile devices that year.

Additionally, with each new application a user installs on a mobile device, the attack surface grows. Threats to applications, such as exposed APIs and misconfigured code, leave customer data open to attack. Outdated mobile apps only add to these security vulnerabilities. Organizations can look to enterprise mobility management (EMM) and