 | Issue: | North America I 2015 |
| Article no.: | 6 | |
| Topic: | Cybercrime and mobile security in the enterprise | |
| Author: | George Anderson | |
| Title: | Product Marketing Director | |
| Organisation: | Webroot | |
| PDF size: | 383KB |
About author
George Anderson Dip DM.
George Anderson is the Senior Product Marketing Director for SMB Products at Webroot,
George has spent the past 14 years in IT Security. The first seven were in IT Security Business Development and Marketing for Computacenter, one of Europe’s leading systems integrators. More recently he has been Global Product Marketing lead for Clearswift.
Prior to this his career was in the Advertising and Direct Marketing industry where he was the first prize winner of the Institute of Direct Marketing Diploma, a course in which he later regularly lectured. He founded the Wasey, Campbell-Ewald Direct Marketing Agency and has held senior marketing positions at Ogilvy & Mather Direct and McCann-Erickson Direct where he was their European Director.
Article abstract
Even a simple malware breach can result in exposing company contacts and millions in liability and containment. Password enforcement is the absolute minimum security requirement across all devices. But it is vital for organisations to develop a comprehensive security policy based on its specific needs. Questions around what can reasonably be expected of employees who use their own devices for work need to be addressed. Do these devices have antivirus and antimalware security, app reputation details, and lost device protection installed on them? And if not should the employee be restricted from accessing company information?
Full Article
The evolution of cybercrime
The past year has really seen cybercrime come to the fore as hackers and criminals find new and inventive ways to cause havoc across the globe. High-profile attacks like Home Depot, iCloud, Sony and JP Morgan, to name but a few, have proved that no business is safe from attack. But while attention-grabbing attacks like these make national headlines, it can be easy to forget that cybercrime can affect everyone, from home browsers to enterprises, mobile devices to corporate networks – no-one’s off the radar.
Traditionally when people thought of cybercrime, computer attacks and hacking came to mind, but through the emergence of mobile internet attackers are now able to reach victims though a vast array of channels and on any of your devices. While computer viruses and Distributed Denial of Service (DDoS) attacks on websites remain popular today – highlighted by the recent onslaught of Lizard Squad attacks on popular gaming sites over Christmas– the rise of malicious apps and cloud attacks in recent years is worrying.
The impact of mobile devices on enterprise security
One of the key developments in cybercrime has been the prolific targeting of mobile devices. As technology has evolved, hackers have found more and more inventive ways to target individuals and their personal devices. Malicious apps, unsecure Wi-Fi and SMS Phishing are just some of the methods that fraudsters are using to access personal data and cause havoc.
While these attacks are obviously concerning for all mobile users, there have been wider repercussions emerge from this trend. As the line between work and personal devices begin to blur, and the prominent move towards Bring Your Own Device (BYOD) continues, there has been a dramatic increase in the amount of workforces using personal devices for work activities. This trend has raised various questions and concerns around privacy and work-life balance – but one that is often neglected, by both organisations and their employees, is security.
Mobile devices have access to corporate data, yet many organisations do not enforce password use on these. BYOD devices are the highest risk to organisations’ security, due to use of public Wi-Fi, apps downloaded from third-party locations, jailbroken or rooted devices that undo the security built into the operating system, and frequent device loss. All of which will allow third parties to access personal and corporate data, often through excessive app permissions or malware compromises of the devices.
The scale of this problem, particularly with Google Android devices (the vast majority of personally owned devices) is evident when we look at the growth of malicious, suspicious mobile apps – in 2013 there was a 384 percent increase in threats to Android devices, as reported in recent research. It got exponentially worse in 2014 – and now in 2015, of the 14 million Android apps 3.8 million are suspicious, 1.6 million are malicious and 1.8 million are unwanted due to excessive permissions. So in all, over 50 percent of all Android apps are not safe.
Shoring up BYOD
Even a simple malware breach can result in exposing company contacts and millions in liability and containment. Password enforcement is the absolute minimum security requirement across all devices. But it is vital for organisations to develop a comprehensive security policy based on its specific needs. Questions around what can reasonably be expected of employees who use their own devices for work need to be addressed. Do these devices have antivirus and antimalware security, app reputation details, and lost device protection installed on them? And if not should the employee be restricted from accessing company information?
To effectively and simply manage a BYOD environment, a single mobile security solution should be installed on all devices. This solution should include visibility of the security status, enforce password use, and have the ability to track the location of all enrolled devices. A Mobile Security Management (MSM) solution that is cloud-based, with over-the-air deployment and real-time security that is always up-to-date, with minimal performance impact on the device resources and user productivity, is likely to meet your requirements.
Alternatively, Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) services have extensive functionalities, but the cost of these solutions can be high and their invasiveness can cause friction in a BYOD context. In order to secure highly regulated industries, such as finance, healthcare or government agencies, heavier mobile security solutions may be required. MDM solutions may include “containerisation” for information, to separate personal data from business, so that only business data is removed when wiping a device.
During the selection process it is vital to keep operating system requirements in mind. Some solutions support only Android devices, many support both Android and iOS devices, and only a few support Blackberry and Windows. All of which needs to be considered when employees usually have a range of different devices based on personal preference.
Moving to the cloud
Many have touted this year to be the year of the cloud attack, and it’s easy to see why. According to a recent IDC report, almost 90 percent of internet spending (including mobile apps, big data and social media) will be on cloud-based technologies over the next six years.
While many companies are making the leap to the cloud, securing it remains an ongoing challenge for IT departments. Smart cyber criminals know where the holes reside and view this space as a big target. Public clouds offer a huge vulnerability that needs agreed minimum enforced standards in order to help improve its security.
However, enterprises can take measures in order to protect themselves from cloud-based attacks. The first step is to incorporate cloud-based security for antivirus and malware protection.
Mobile security in the future
Mobile malware is increasing at an explosive rate, 2014 saw malicious Android malware grow by 134% compared to the previous year. As the adoption of everything mobile increases globally, mobile threats will continue to grow and evolve. Protecting corporate data now reaches further than ever before. It is vital that organisations take measures now to secure their mobile devices in order to prevent future threats. Access to valuable data via mobile devices can be secured with enhanced employee communication and education, as well as by putting comprehensive corporate mobile policies in place, and the use of mobile security solutions. This, combined with an increased focus on cloud security, will help enterprises enjoy a more secure future.
