Snap, Click, Save, Leak. Think You’re Safe? Think again.
Why Hollywood (and you) Need a BYOD Mobile Security Strategy
Oops, it’s happened again.
Someone’s sensitive information was stolen from a place where they were sure it was safe.
We all assume the private information like photos and financial information we store on our tablets and smartphones is safe. Whether it’s the naughty pictures you took on a romantic weekend getaway or the secret plans to your breakthrough new gadget, if a cyberthief wants it badly enough, they’re going to find a way to get it. And because more people are using their own personal devices for work purposes with little or no protection, the threat to your business is growing and very real.
Consumerization of IT has created significant challenges for implementing effective mobile security. The way people secure (or rather don’t secure) their personal iPhones, iPads, and Android devices is very different from how you’d protect company-issued, corporate-liable devices.
Most consumer devices are vulnerable to all sorts of attacks, making them mobile gateways onto your network and into your sensitive data. They can even be used as spying devices by cybercriminals or “threat actors” with remote access and control of the sensors on a device like the microphone and camera.
None of this is going away, and rather than pretending the problem will solve itself, there are three practical steps to consider to protect your business, its data, and your employees from advanced mobile threats.
First, understand the value and risks of using mobile devices for work purposes. The most successful programs give users the most functionality and your organization the strongest security. Visibility into how devices are being used helps ensure you don’t shut off the things that employees work faster, smarter, and make their jobs easier.
Equally important is knowing where vulnerabilities may exist like mobile Remote Access Trojans (mRATS), Man-in-the-Middle (MitM) exploits, and even compromises in security like the one on iCloud .
Remember, just because vulnerabilities like the one that caused the iCloud breach are patched doesn’t mean future exploits aren’t there. This isn’t the first time vulnerabilities in iCloud have been exploited, so it probably won’t be the last either.
Second, identify holes in your security strategy. Mobile Device Management (MDM), Network Access Control (NAC), and Security Information and Event Management (SIEM) solution address only part of the problem. None of these consider all of the different threat vectors cybercriminals exploit on mobile devices, in apps, and within the network:
- MDM helps you manage some device security, but secure wrappers and containers aren’t impenetrable.
- NAC provides basic protection, but not protection from advanced, targeted mobile threats.
- SIEM provides visibility into what’s happening in your infrastructure, but needs mobile threat intelligence to show the complete picture.
- Point solutions like anti-virus and authentication offer some protection from known threats, but they’re not complete.
Third, detect and analyze existing and unidentified threats to mobile devices, apps, and in the data stream, then mitigate threats appropriately based on the risk assessment. Advanced mobile threats are like diseases — they can’t all be treated with the same medicine.
Less severe threats can be neutralized quickly on the device. More complex, or even completely obfuscated threats may require in-depth detection, analysis and prescriptive elimination to protect the device, the data, and your business.
Once common on PCs and laptops, these threats are clearly targeting tablets and smartphones. They’re also growing in number and complexity, which makes them easy targets for anyone with a motive to steal valuable information or who just wants to cause mayhem. For the enterprise, visibility of mobile threat intelligence needs to be a part of a company’s broader security strategy or you’re not seeing the full picture.
So the next time you snap a photo at a party on your iPhone, or you save confidential plans from an email to your Android tablet for better viewing, ask yourself, “Is this device safe from prying eyes?”
Or will you be the next cybercrime victim headline?
Interested in learning more best practices for securing mobile in the Enterprise? Download our white paper 3 Steps to Implementing Effective BYOD Mobile Security Strategy.