Business Driver: Zimperium Mobile Threat Defence
Business faces numerous conundrums when allocating resources that improve employee productivity and enhance the customer experience. Sales staff revel in their ability to work in the field and act more responsively to client requests. Many customers prefer the self-service approach to supply-chain management that enables online ordering and real-time ordering and inventory requests. This effectively increases the “surface area” that an organisation’s IT professionals must patrol and protect. Analysts like Ponemon and Gartner have identified mobile device security as a core threat that must be addressed to further mitigate security risks.
According to Chief Security Officer (CSO) Magazine mobile threats can be divided into seven key threat vector subsets;
Data Leakage and Data Loss Prevention
Losing sensitive data either inadvertently as a result of error or from a direct threat like malware or a targeted hacking attack risks reputational damage and possible financial loss. To counter this threat the deployment of mitigation measures that protect users from themselves and orchestrated threats can reduce or eliminate the potential threat.
After nearly two decades of intense scrutiny and harsh lessons, 91% of cybercrime begins with a simple email. For those in the field accessing digital assets, distractions can limit even the most security conscious employees from practicing good security. Clicking on a bad email link that eluded the spam filter happens, irrespective of security awareness training provided by diligent employers. Mobile devices provides a vector through which Enterprise can still be compromised, in spite of IT administrator’s best efforts to mitigate these risks.
Wi-Fi and Access Points
How many times have you accessed “free” wi-fi in the last year? For security savvy professionals the likely answer is never. If you believe the vendor research, nearly one quarter of devices have connected to insecure network connections or have had data intercepted with targeted “man-in-the-middle” attacks.
Un-patched Mobile Software
Application and security updates for mobile devices is a hit-and-miss affair at best. Leading vendors take their responsibilities seriously and enforce a solid security regimen upon their devices. This applies to IOS and Android based machines that must meet compliance standards before they gain admission to an organisation’s corporate assets. Bad policy and BYOD have muddied the waters and require intensive oversight to ensure compliance with policy and good practice.
Hijacking Devices for Nefarious Purposes
Every device with a network connection poses a potential risk if they are commandeered by malignant entities for illicit purposes. Most people are aware of the more common threats like capturing a PC’s camera or hacking a home router but compromising a mobile phone to be press-ganged into mining crypto-currency seems unlikely and laughable. It’s already happened. If there is a way to steal resources, criminals will find a way to exploit any and all mobile device weaknesses.
An ongoing, seemingly insurmountable challenge.
Unprotected mobiles can still be found across every Enterprise. Not setting a PIN or storing inappropriate data insecurely on mobile devices still occurs in spite of relentless training and the most rigid policy settings.