Recently, John McAfee said, “Our paradigms for protecting corporate assets [online] no longer work,” said MacAfee.

He went on to discuss a consulting gig he had with a government contractor in which he discovered that the company’s competitor had installed a trojan horse on employees’ smartphones that intercepted data about contracts so that they could underbid the company every time.

The New Entry Point is Mobile

Smart phones are now the weak link in corporate security. Companies whose employees install untrustworthy apps on their phones may find that their proprietary technology ends up in the hands of the competition, overseas companies, or even foreign governments.

And it’s not just untrustworthy apps — legitimate apps can act as funnels, sending data to apps’ servers where it may be bought by data brokers who correlate it with other information gathered on individuals making it more valuable. Then it may be sold again.

Breaches are increasing

It is estimated that By 2017, 75% of data breaches will come through mobile devices.

The number of breaches is steadily increasing. Using this tool created by NYTimes.com, I found that some thirty pieces of my private information had been exposed to hackers.

That Quiet Sucking Sound

So while smartphones silently siphon off small and not-so-small amounts of data, these bits are correlated to one another and to me in order to build a complete dossier that can be used to sell me goods and services. But it’s becoming increasingly obvious that major breaches are inevitable. Meaning that that comprehensive dossier with my mother’s maiden name, my birthday, my social security number and my physical address, along with amazingly fine details about my lifestyle (see next week’s post) is going into a giant, incredibly attractive and valuable data silo that hackers will take a great deal of time, care and resources to penetrate.

A Key Defense: Real Time Monitoring

As breaches have become a daily occurrence, organizations are beginning to adopt modern defenses such as monitoring apps that can pick up unusual network behaviors. Real time monitoring of apps and app behavior is vital to understanding what apps do with our data and ultimately preventing it. It’s no longer enough to know that an app has a particular permission and wonder if it has used it. We need to see it in real time.

The Stagefright exploit is a particularly gruesome example of how mobile networks can be penetrated, whether corporate or consumer. With only the user’s mobile number, hackers can execute malicious code remotely and silently which can gain complete root-level access to your phone. This would allow hackers to harvest your credit cards and other data, make calls and send emails impersonating you, or even add your phone to a mobile version of a botnet, spamming or attacking other devices and computers around the world.

A device as mobile and connected as a smartphone is far more vulnerable than a desktop computer. As smartphones have become many times more powerful than the desktop I built in high school, they are better able to store our information and the convenience is irresistable.

But unless we keep a close eye on our smartphones and our data, they could become a the cyber version of a broken lock.