Home Topics Mobile security What is mobile security?
Explore IBM's mobile security solution Subscribe to Security Topic Updates
Illustration with collage of pictograms of clouds, mobile phone, fingerprint and check mark.
What is mobile security?

Mobile device security refers to being free from danger or risk of an asset loss or data loss by using mobile computers and communication hardware.

Why is mobile security important?

The future of computers and communication lies with mobile devices, such as laptops, tablets and smartphones with desktop computer capabilities. Their size, operating systems, applications and processing power make them ideal to use from any place with an internet connection. With the expansion of ruggedized devices, the Internet of Things (IoT) and operating systems, such as Chrome OS, macOS and Windows 10, every piece of hardware that's enhanced with this software and capabilities becomes a mobile computing device.

Because mobile devices have become more affordable and portable, organizations and users have preferred to buy and use them over desktop computers. With ubiquitous wireless internet access, all varieties of mobile devices are becoming more vulnerable to attacks and data breaches.

Authentication and authorization across mobile devices offer convenience, but increase risk by removing a secured enterprise perimeter’s constraints. For example, a smartphone’s capabilities are enhanced by multi-touch screens, gyroscopes, accelerometers, GPS, microphones, multi-megapixel cameras and ports, allowing the attachment of more devices. These new capabilities change the way users are authenticated and how authorization is provided locally to the device and the applications and services on a network. As a result, the new capabilities also increase the number of endpoints that need protection from cybersecurity threats.

Today, cybercriminals can hack into cars, security cameras, baby monitors and implanted healthcare devices. By 2025, there could be more than 75 billion “things” connected to the internet, including cameras, thermostats, door locks, smart TVs, health monitors, lighting fixtures and many other devices.

IBM Security X-Force Threat Intelligence Index

Gain insights to prepare and respond to cyberattacks with greater speed and effectiveness with the IBM Security® X-Force® Threat Intelligence Index.

Related content

Register for the Cost of a Data Breach report

Mobile security threats

While it's critical to establish and enforce an enterprise-wide security policy, a policy alone isn't sufficient to counter the volume and variety of today's mobile threats. In 2019, Verizon conducted a study (link resides outside ibm.com) with leading mobile security companies, including IBM®, Lookout and Wandera, surveying 670 security professionals. The study found that 1 out of 3 of those surveyed reported a compromise involving a mobile device. 47% say that remediation was "difficult and expensive," and 64% say they suffered downtime.

Companies embracing bring-your-own-device (BYOD) policies also open themselves to higher security risks. They give possibly unsecured devices access to corporate servers and sensitive databases, opening them to attack. Cybercriminals and fraudsters can exploit these vulnerabilities and cause harm or damage to the user and the organization. They seek trade secrets, insider information and unauthorized access to a secure network to find anything that could be profitable.



Phishing, the number one mobile security threat, is a scamming attempt to steal users’ credentials or sensitive data, such as credit card numbers. Fraudsters send users emails or short message service (SMS) messages (commonly known as text messages) designed to look as though they’re coming from a legitimate source, using fake hyperlinks.

State of the Phish: IBM X-Force Reveals Current Phishing Attack Trends
Malware and ransomware

Mobile malware is undetected software, such as a malicious app or spyware, created to damage, disrupt or gain illegitimate access to a client, computer, server or computer network. Ransomware, a form of malware, threatens to destroy or withhold a victim’s data or files unless a ransom is paid to decrypt files and restore access.

What is ransomware?

Cryptojacking, a form of malware, uses an organization’s computing power or individual’s computer power without their knowledge to mine cryptocurrencies such as Bitcoin or Ethereum, decreasing a device’s processing abilities and effectiveness.

Cryptojacking Attacks: Who's Mining on Your Coin?
Unsecured wifi

Unsecured wifi hotspots without a virtual private network (VPN) make mobile devices more vulnerable to cyberattack. Cybercriminals can intercept traffic and steal private information by using methods such as man-in-the-middle (MitM) attacks. Cybercriminals can also deceive users into connecting to rogue hotspots, making it easier to extract corporate or personal data.

How to Secure Wi-Fi From Home
Outdated operating systems

Older operating systems (OS) usually contain vulnerabilities that have been exploited by cybercriminals, and devices with outdated OS remain vulnerable to attack. Manufacturer updates often include critical security patches to address vulnerabilities that may be actively exploited.

Take Your Medicine: Where There's A Tablet There Must Be Security
Excessive app permissions

Mobile apps have the power to compromise data privacy through excessive app permissions. App permissions determine an app’s functionality and access to a user’s device and features, such as its microphone and camera. Some apps are riskier than others. Some can be compromised, and sensitive data can be funneled through to untrustworthy third parties.

How to Lift the Veil on Mobile Application Security Threats
How to secure mobile devices

The core security requirements remain the same for mobile devices as they do for nonmobile computers. In general, the requirements are to maintain and protect confidentiality, integrity, identity and nonrepudiation.

However, today's mobile security trends create new challenges and opportunities, which require a redefinition of security for personal computing devices. For example, capabilities and expectations vary by device form factor (its shape and size), advances in security technologies, rapidly evolving threat tactics and device interaction, such as touch, audio and video.

IT organizations and security teams need to reconsider how to achieve security requirements in light of device capabilities, the mobile threat landscape and changing user expectations. In other words, these professionals need to secure multiple vulnerabilities within the dynamic and massively growing mobile device environment. A secure mobile environment offers protection in six primary areas: enterprise mobility management, email security, endpoint protection, VPN, secure gateways and cloud access security broker.

Supported devices
Learn how to manage multiple platforms with an AI-driven unified endpoint management. Try MaaS360 plan assessment Read the documentation
Enterprise mobility management (EMM)

EMM is a collective set of tools and technologies that maintain and manage how mobile and handheld devices are used within an organization for routine business operations.

Email security

To protect data from email-based cyberthreats such as malware, identity theft and phishing scams, organizations need to monitor email traffic proactively. Adequate email protection includes antivirus, antispam, image control and content control services.

Learn more about email security
Endpoint protection

With technologies such as mobile, IoT and cloud, organizations connect new and different endpoints to their response environment. Endpoint security includes antivirus protection, data loss prevention, endpoint encryption and endpoint security management.

What is the Biggest Challenge Facing Endpoint Security?

A virtual private network (VPN) allows a company to securely extend its private intranet over a public network's existing framework, such as the Internet. With a VPN, a company can control network traffic while providing essential security features such as authentication and data privacy.

Learn more about VPN
Secure gateways

A secure gateway is a protected network connection that connects anything to anything. It enforces consistent internet security and compliance policies for all users regardless of location or device type used. It also keeps unauthorized traffic out of an organization's network.

Cloud access security broker (CASB)

A CASB is a policy enforcement point between users and cloud service providers (CSPs). It monitors cloud-related activity and applies security, compliance and governance rules around cloud-based resources use.

What is cloud security?
Related solutions
IBM Security® MaaS360®

Manage and protect your mobile workforce with AI-driven unified endpoint management (UEM). 

Explore IBM Security MaaS360
Mobile security solutions

Stop mobile security threats on any device.

Explore mobile security solutions
Mobile device management (MDM) solutions

Visibility, management and security for endpoints and users.

Explore MDM solutions
UEM for frontline workers

Transform how you manage devices, apps and data for frontline workers.

Learn more about UEM for frontline workers
Mobile threat defense

Seamlessly deploy advanced mobile threat defense solutions to protect your entire mobile environment.

Explore mobile threat defense solutions
Resources IBM Security Framing and Discovery Workshop

Understand your cybersecurity landscape and prioritize initiatives together with senior IBM Security® architects and consultants in a no-cost, virtual or in-person, 3-hour design thinking session.

IBM Security X-Force Threat Intelligence Index 2023

Read the report and understand your cyberattack risks with a global view of the threat landscape.

Advanced endpoint protection versus risk-based application patching versus laptop management

Learn about the similarities and differences between advanced endpoint protection, laptop management and risk-based application patching.

MDM versus MAM: Top 5 differences

Learn more about the differences between mobile device management and mobile application management to make sure your mobile devices, users and data remain protected.

Take the next step

As flexible work models have become the new norm, employees must remain productive when working from anywhere on any device in a protected way. From endpoint management to native security, IBM Security MaaS360 provides an end-to-end UEM solution. 

Explore MaaS360 Book a live demo