Meer weten over veilige IT/OT-integratie in kritieke infrastructuur? Meld je nu aan voor de Round Table op 17 april 2025

Smartphone security: The unseen risks and solutions across industries

Smartphone security: The unseen risks and solutions across industries cover

Mobile security is a critical concern, and not just for organizations in the defense sector, but across all industries. As smartphones evolved into highly complex, always-connected devices, their vulnerabilities grow, leaving organizations exposed to a range of cyber threats.

Jurjen Braakhekke, Product Manager at Fox Crypto, says: “We have to stop thinking of smartphones as just personal devices. They are connected data centers in our pockets, and that changes everything.”

The growing importance of secure mobile communication

As we work more digitally, the risks associated with unsecured mobile communication become ever more significant. According to Jurjen, “We are increasingly realizing that smartphones, which have become an integral part of our daily lives, might not be as secure as we think.” While these devices were once seen primarily as personal tools, they now hold vast amounts of sensitive (meta)data, making them prime targets for cybercriminals, corporate spies, and even state-sponsored actors.

The challenge is that most individuals and organizations underestimate the full potential of these devices for data collection.

“The data we unconsciously share through our smartphones, such as metadata about our locations, usage patterns, and even the apps we use, can be pieced together to reveal far more about our personal and professional lives than most people realize,” Jurjen explains.

This realization has sparked an increased awareness of the need for better mobile security, not only in high-risk sectors like defense but across all industries, from healthcare to journalism and finance.

From hospitals to banks: The devastating impact of mobile threats across key sectors

Each sector faces unique risks when it comes to mobile security, and Jurjen highlights how these risks can have devastating effects on organizations if left unaddressed.

  • Healthcare: In healthcare, smartphones often store sensitive patient data, making them a prime target for cyberattacks. Hospitals and medical facilities are particularly vulnerable to phishing, where hackers can infect smartphones with malware, enabling them to then prepare ransomware attacks. Phishing can be especially difficult to recognize on the small screens of smartphones. “In the healthcare sector, it’s not just about protecting data; it’s about ensuring that systems remain available and operational, especially in life-or-death situations,” says Jurjen.
  • Journalism: Journalists are often subjected to confidential sources and sensitive information that could put them in danger if exposed. The risk of espionage or unauthorized access to confidential conversations is especially high, as mobile devices are the primary communication tool for many in the field. Jurjen emphasizes, “Journalists must protect the confidentiality of their sources, but they also need to ensure that their mobile devices are not inadvertently leaking data to malicious actors.”
  • Finance: Financial institutions are frequently targeted by cybercriminals seeking to steal sensitive financial information. Smartphones are often the gateway to sensitive transactions and account details, and if compromised, they can lead to severe financial losses. "In finance, it's not just the data we need to protect—it’s the trust and integrity of the transactions themselves," according to Jurjen.
  • Legal services: Lawyers and law firms handle privileged information that must remain secure. A breach of this data could result in serious legal consequences and reputational damage. “The legal sector is under pressure to not only protect client confidentiality but also to ensure that mobile devices used by lawyers and clients do not leak sensitive information,” says Jurjen.

These industries are far from the only ones impacted by mobile security threats. Whether it's intellectual property in tech companies or trade secrets in high-stakes industries, every organization now faces the risk of mobile data leaks or breaches.

Always on, always connected: The risks of mobile communication

Mobile devices pose several security risks, Jurjen says: “What makes mobile security different from traditional IT security is the variety of attack vectors and the always-on always-connected nature of mobile devices.” Some of the most concerning risks include:

  • Data leaks: As smartphones constantly collect and transmit data, organizations unknowingly expose sensitive information. Even metadata—information about the usage of the device—can provide enough insight for attackers to exploit vulnerabilities.
  • Physical security: Smartphones are portable, which means they can be lost, stolen, or accessed by unauthorized individuals. Although most organizations have robust measures to protect physical IT infrastructure, the same level of protection is often lacking for mobile devices.
  • App vulnerabilities: The rise of mobile apps has introduced a wealth of new entry points for cyberattacks. “Many apps, even those developed by reputable companies, may include hidden security flaws or malware that can compromise the device's security,” Jurjen notes.
  • Surveillance: As smartphones are continuously connected to the internet and various networks, they can become tools for surveillance from external threats.

How to mitigate mobile risks

So, how can organizations mitigate these risks? According to Jurjen, the key to securing mobile communication lies in combining technology with strategic risk management. Some of the most effective features of secure mobile solutions include:

  • Hardware-based security: One of the most effective ways to secure mobile devices is to integrate hardware-based security features, which cannot be bypassed by malicious software.
  • End-to-end encryption: Ensuring that communication is encrypted from sender to receiver, with no potential for interception along the way, is essential for preventing unauthorized access to sensitive data.
  • Mobile Device Management (MDM): This allows organizations to monitor and control devices remotely, ensuring that only authorized devices access sensitive data, and enabling the enforcement of security policies such as encryption and authentication.
  • User awareness and training: Finally, Jurjen stresses the importance of user awareness. “Even with the most secure technology in place, if users do not follow best practices or fail to understand the risks, the organization remains exposed.” Educating employees about the importance of mobile security and enforcing clear policies for smartphone use can help reduce human error.

Awareness and proactive security measures

As mobile devices continue to be an integral part of our professional and personal lives, the importance of securing them cannot be overstated. According to Jurjen, the first step for any organization is raising awareness about the risks associated with unsecured mobile communication.

“It starts with understanding the ecosystem of mobile communication,” he explains. “If organizations don’t know how their mobile communication systems work, they can’t be aware of the risks that come with them.” This includes understanding how mobile networks, apps, and cloud services interact and identifying vulnerabilities that could lead to data breaches.

Organizations must also assess their own behavior and risks. Jurjen notes that many organizations haven’t updated their mobile security policies in years, even as the landscape has evolved significantly. “If your policy hasn’t kept up with the rapid changes in technology, you’re at risk,” he warns.