James Plouffe discusses the 5 mobile security threats your CIO needs to know about
1. Outdated technologies
We should be taking serious lessons from the recent WannaCry attack. Time is definitely against us and large-scale patch deployment is still more cumbersome than it should be. However, there is good news. Enterprise computing is currently undergoing an evolution that will make OS upgrades and updates much simpler but, to take advantage of these advancements, companies need to overhaul outdated hardware and systems. Obviously, this presents a whole new set of challenges: it can be complicated, time-consuming, and expensive. Companies that are capitalising on these innovations and keeping technology up-to-date will fare the best against the crippling cyberattacks that have taken businesses down.
2. Mobile-to-Cloud security
The mobile-cloud world continues to expand and this is forcing companies to reevaluate their approach to security. Traditional cloud security solutions are no longer fit for purpose – they aren’t an adequate fix for making sure cloud data does not fall into the wrong hands through unsecured mobile apps and devices. CIOs should search for a cloud security solution that embraces the unique proficiencies offered by Enterprise Mobile Management (EMM). By embracing EMM, IT admins will be able to outline granular cloud access control policies at the level of application, IP address, user and device identity, and device posture. This will allow IT to bridge the gap between mobile and cloud security, allowing for a more detailed understanding of how users are accessing enterprise cloud services and therefore arming you with the tools to better protect your cloud data.
3. Changing regulatory landscape (GDPR, HIPAA, PCI, etc)
We are finally seeing practical, common sense security standards being codified into the law. This is happening globally and there is a shift from compliance on paper to compliance in practice. The General Data Protection Regulation (GDPR) is coming into force next May. This will provide Europe with one single, consistent and all-inclusive data protection and privacy legal regime. It is important for enterprises to adapt to these new regulations and provide sufficient security for personal data. One way to achieve this is by applying controls and procedures, one of which being EMM. By implementing EMM, you can keep business and personal data separate on devices. Most importantly, this will allow you to defend your business data from outside threats and unauthorised use or disclosure.
4. Internet of Insecure Things
The Internet of Things (IoT) is connecting more and more devices. Gartner predicts that 8.4 billion connected ‘things’ will be in use worldwide in 2017. This is 31 percent more than 2016. The benefits of this are clear, but what are the dangers that you should be worried about? In the first instance, the increased number of devices creates more entry-points for hackers and cyber-criminals. For this reason, it is absolutely critical that organisations have a vigorous infrastructure in place that only allows access to authorised devices. We have also witnessed the risk of “weaponised” IoT devices targeting organisations. This happened last year with the DDoS attacks on Dyn. To prevent this, it is necessary to fortify your network perimeter. IoT will continue to grow and it is worrying how vulnerable the software is on these systems. There is a serious danger of larger and more destructive attacks taking place in the future. And so CIOs must ensure that employees’ devices are secure.
5. Compromised devices
Our research found that 11% of the world’s companies have compromised devices (“jailbroken” or “rooted”). These devices are able to access company data – a clear and dangerous problem that must be addressed. The only way to deal with this is to ensure that device compliance policies are enforced consistently. Although heavy-handed device management is not always the best approach to mobile security, a stringent degree of device and app verification is essential for maintaining the protection of enterprise services.