The digital world’s fast becoming a pretty dangerous place. If you think about things like malicious networks, malware and vulnerabilities, digital threats pose a dire risk to a company’s data if the mobile devices are not properly secured.
Last week, I reached out to Brian Duckering, head of product marketing for Skycure, now part of Symantec, about the biggest issues chief information security officers (CISOs) face with enterprise mobile security—a crucial area in today’s hyper-mobilized world. Here are some of the highlights of our conversation:
Which mobile security threats should CISOs be most concerned about when planning an enterprise strategy?
Brian: The short answer? All of them! When I think of the biggest threats, though, I think of three main buckets:
- The first bucket is malware. This, of course, represents the nasty apps that attackers try to install on end-user devices to steal or siphon data. Malware ranges from the annoying (e.g. adware) to the truly dangerous (e.g. ransomware and spyware). Leaky apps may not be classified as malicious, yet still present privacy concerns by insufficiently protecting sensitive data.
- The second bucket is often overlooked, and that’s malicious networks. A CISO must know that it is human nature, at this point, for people to conserve their data by connecting to any free Wi-Fi network they find. In reality, this can be extraordinarily dangerous.
- The third bucket I think of is vulnerabilities at the operating system (OS) and configuration levels. Both provide an open door for attackers. Unfortunately, many people do not know or care enough to keep their mobile OS up to date. And for configuration vulnerabilities, many users simply are not aware of what is safe or unsafe.
What is one of the worst mobile attacks or hacks you saw or heard about within an enterprise?
Brian: Jim Routh, CSO of Aetna, stated that the modern smartphone is the best surveillance device ever created. Spyware within an organization could completely devastate any company, costing millions in lost information and damaged reputation.
One of our customers had a vice president who was tricked into installing spyware on his phone—or maybe it was a family member who was tricked. Fortunately, our mobile threat defense (MTD) solution alerted the user and protected the device and corporate data before any harm was done. But we have seen spyware capable of acquiring complete control and access over a device, without any visible evidence to the user.
Why is enterprise mobile security different from what IT has been doing for 20 years with PCs and networks?
Brian: The last 20 years have been about firewalls and antivirus. The goal is still protection, but the landscape, the threats and the solutions are quite different now.
With PCs, companies typically own devices and everything on them. So, it is easier to lock down and enforce policies. Employees commonly own mobile devices—smartphones, tablets and the like. That brings up issues with privacy, regulations, security and Shadow IT.
The other factor is the technology landscape. Originally, PCs sat at a desk inside the corporate firewall, and a company bought one or two models. That was easy to lock down. Laptops were harder to lock down, but most employees did not install tons of their own software.
Now with mobile phones, data is constantly outside the firewall, and there are a plethora of phone types and literally millions of apps users can install. Plus, there is limited processing power and battery life, so you can’t drain those trying to protect the device.
Have you witnessed a mobile attack or hack that MTD stopped dead in its tracks?
Brian: Mobile attacks are identified by MTD solutions all the time, but your question is about stopping the attack. That’s not nearly as common.
Most MTD products focus only on detection, then notify the user or other system to remediate—sometimes too late. Solutions shouldn’t just alert a user and hope they take action. CISOs should be sure that MTD has real-time protection mechanisms, like automatic protection of corporate resources during an attack so no sensitive data can be viewed or stolen. In our case, Skycure flags all security incidents that were proactively protected right in the console, so CISOs could actually count them.
Some of the scarier incidents stopped include advanced spyware or ransomware. But the vast majority of attacks are simple and quick attacks just to steal email credentials. This can happen while users pick up a coffee and go completely unnoticed. The attacker can then breach the company using those credentials at some time in the future, and it may not even be considered a “mobile breach.” This should really scare CISOs.
How does MTD work alongside enterprise mobility and unified endpoint management platforms?
Brian: Enterprise mobility management (EMM) provides tools to securely deploy and manage devices, apps and content. MTD provides tools to proactively detect the variety of mobile security threats out there—malware, malicious networks and vulnerabilities—and protect devices and data with automated responses to threats.
By integrating the two solutions—the power of centralized management with the power of real-time threat visibility—CISOs can choose the best way for mobile devices to react when a threat is detected. In response to any incident that compromises the security of a device, Skycure notifies the EMM platform, such as VMware AirWatch, so policies can be enforced—then reversed automatically once the device is deemed safe again. For example, when a device is flagged as at high risk by Skycure, AirWatch could then restrict access to the corporate network or block applications.
Thanks again, Brian, for sharing the biggest challenges and mobile security threats that today’s CISOs face. Read more from Brian and Skycure, member of the VMware Mobile Security Alliance: