Businesses have long been aware of the need to protect their information and systems from intrusions and other cyber attacks, but in past decades, this protection has largely taken the form of antivirus and security suite software. In the past few years, enterprises have also become more highly aware that the presence of portable media such as USB thumb or flash drives can become a launching pad to introduce malware into a system.
Now, however, mobile devices such as cellular phones are coming under increased scrutiny as well because they can represent a cyber security threat. Georgia Tech's recently released "Emerging Cyberthreats Report 2012" indicates that behavior as apparently innocuous as plugging in a mobile phone to charge it can actually mask an attempt to introduce malware into enterprise machines, systems, and networks. The danger occurs not when phones are plugged into a wall outlet to charge via standard wiring, but when employees or others, including guests in the facility, attach their phones via USB charging cables to computers.
According to the Georgia Tech report, this can open up a security hole that a hacker could potentially exploit. Nor would the employee or guest in the facility necessarily be a culprit. Using wireless technology, a hacker could surreptitiously install malware on the phone. The malware would be designed to spread itself into the network when connected, all without the phone's owner being aware of the fact that his or her phone has become infected.
This threat can be mitigated through the use of robust security software monitoring USB connections. Such software can be implemented and monitored by an IT company using a managed program model.