Protecting data on mobile devices: A taxonomy of security threats to mobile computing and review of applicable defenses

Mobile devices such as laptops, PDAs and cell phones have become essential tools for enterprise productivity, but they are in fact significantly more vulnerable to attack than desktop computers. This paper provides a broad overview of threats to mobile devices and the data that resides on them, as well as available defenses. It provides a taxonomy that divides threats to mobile devices into seven categories: malware, phishing and social engineering, direct attack by hackers, data communication interception and spoofing, loss and theft of devices, malicious insider actions, and user policy violations. It then discusses security technologies that can be applied against each of these threat types, including firewalls, anti-virus and zero day anti-malware software, intrusion prevention systems, virtual private networks, data encryption, device control and data leak prevention technologies. It suggests how to assess priorities among the different threats and defenses, and concludes with suggestions for further research.