The D-N-A of mobile security – managing the threat of mobile devices
Paul Conaty, Head of Consulting at CWSI and Suzan Sakarya, Sales Director UK & Ireland for Wandera will both be guest panellists at the third annual cyber security conference, Dublin Information Sec 18 on Monday October 15th at the RDS Dublin.
Follow the eyeballs
For those of us who have been in business for a while we might still remember getting our first corporate mobile device. It was probably a pretty basic affair, a “feature phone” with a few annoying ringtones, used for making calls and sending texts and little else.
The development of the smartphone, coupled with huge advances in mobile data networks and the rise of the cloud have changed everything. Mobility within the enterprise has exploded. What started as a consumer technology quickly spread into businesses allowing employees to work in a more agile and flexible way. In 2016 more data was consumed on mobile devices than on desktop PCs for the first time ever and this trend shows no sign of slowing.
Mobile the weakest link
This fast-paced change has left IT teams scrambling to keep up. Mobile devices are used in a different way to more traditional laptops and desktops, often including personal apps and accounts on one device. They are more likely to be used outside of the corporate walls and have the ability to access many disparate networks, not to mention smaller, more portable and easier to lose. This makes managing and securing mobile devices a challenge.
Many companies have implemented mobile device management (MDM) solutions which allow for fast deployment of business apps, the ability to block unwanted apps and also to wipe devices remotely if there is a security risk detected or if the device is lost or stolen. However, these solutions don’t address some of the growing and very real mobile security threats that are emerging such as malicious mobile applications, applications that expose sensitive data, phishing on mobile devices or unsafe Wi-Fi networks.
As yet, companies have not invested in mobile security solutions in the same way they have in their traditional infrastructure. It’s hard to imagine an enterprise not having security software on a desktop or laptop PC but on mobile devices the adoption of such software is still extremely low.
Hackers are wise to the fact that corporate mobile devices are increasingly the weak link in a company’s infrastructure, and exploit this weakness through targeted campaigns.
Real and growing threats
Phishing is the number one threat to mobile, backed by research from Google, Black Hat and US Homeland Security, and last year research showed that 76% of businesses suffered a phishing attack. Furthermore, it’s much more difficult for users to tell a legitimate message from a phishing message on a mobile device. As a result users are 3 times more likely to click on a phishing link on a mobile device than on a desktop machine.
The proliferation of mobile malware is also a top security concern for enterprises across the globe. In 2016 the number of malicious malware installation packages targeting mobile devices more than tripled, resulting in almost 40 million attacks globally, a number that continues to rise.
Closer to home, recently published data from CWSI and Wandera shows that almost one in five mobile devices operated by businesses in Ireland will suffer some kind of security incident each month.
The D-N-A of mobile security
D is for Devices. Outdated operating systems can create security vulnerabilities and devices that have been “jailbroken” or “rooted” (respective terms for unlocking or amending the operating systems on iPhones and Android devices) pose a heightened security risk.
N is for Networks. In today’s world, the coffee shop Wi-Fi could be your new corporate network but is that Wi-Fi connection secure? These days a Wi-Fi connection can be “spoofed” with a cheap, easily available device and some basic knowledge. This could be exposing your employees’ credentials to a “Man-in-the-Middle” attack.
A is for Applications. These useful tools keep us all productive but malicious applications are on the rise. Risks include leaking of personal information, key-logging to harvest credentials, location tracking and even microphone-hijacking to pick up sensitive corporate conversations.
Security requires strength in depth
Wandera’s Suzan Sakarya explains how technology can help: “A good Mobile Threat Defence solution will minimise the above risks, give you visibility and control of the data your employees are using and help you to protect your employees from doing the wrong thing before it becomes a security incident.”
CWSI’s Paul Conaty advises, “Any sound security strategy should rely on multiple layers of protection. Implementing Mobile Threat Defence software in addition to your existing MDM platform will give you the right foundations but this needs to be complemented with education and training of your employees to raise awareness of mobile threats and encourage the right mobile behaviour.”
With data breaches hitting the news daily, companies can’t be too careful when it comes to security. As modern workplaces evolve, mobile security needs to be given the same focus as other, more traditional parts of your business’s IT infrastructure. Join Paul and Suzan at Dublin Information Sec, 2018 to learn more about how you can protect your organisation against rapidly changing mobile threats.
Dublin Information Sec 2018 in an Independent News and Media event. Please visit www.independent.ie/infosec18 for further information and tickets.