As mobile devices continue to proliferate, mobile security is becoming increasingly difficult to manage. Every mobile device, whether it is a smartphone or a tablet, provides hackers with a new avenue to seize private information. We have seen many banks, hospitals, and other large enterprises have enormous data breaches that caused a lot of damage and recovery time, and they don’t appear to be slowing down anytime soon.
BYOD is now a reality within IT operations. However, as the network expands outward from the office walls into hotels, conferences, and even the home, the IT organisations are now burdened with additional workloads as they are charged with protecting new assets and lines of information.
It is estimated that more than 35 percent of the global workforce are information workers, who use two or more devices, work from multiple locations, and use several apps in order to get the job done.
A recent study by tyntec reveals that a vast majority of organisations still have inadequate bring-your-own-device (BYOD) policies. That’s not very encouraging, considering that 49 percent of workers now use a personal mobile device for work-related tasks and spend a great deal of time on personal devices for their job.
“Over the past two years, there has been a rapid growth in smart phone usage and this has led to the rise in targeting these devices by cybercriminals. Mobile devices have thus come to face various threats. A hacker may send an SMS containing malicious URL or malware-laden attachment to hack or compromise a mobile device. Mobile security negligence is another factor that threatens mobile devices; so many of the apps users install on their devices – often without adequate knowledge or consent – can expose vital data due to operating system vulnerabilities, buggy app security, and unwanted permissions,” says Harish Chib, VP- MEA, Sophos.
Marwan Elnakat, Digital Banking Solutions Director for MEA at Gemalto, says other threats include Operating System emulation replacing a genuine OS/phone memory cloning in order to fraudulently access online resources from banks, enterprises, or governments.
“The OS of the device can also be corrupted with lower access rights. This can happen when users change the security settings of their mobile devices without realising the potential risks. If they download malware, it can potentially control all the apps operating on their devices, as it will have “super user” rights that override those of the owner,” he adds.
The proliferation of mobile devices has created more endpoints to protect and many enterprises have developed security policies that focus on or include mobile. “Initially as mobile device usage grew, most businesses were concerned with basic device deployment, device loss and theft. Later on, Mobile Device Management solutions came to the market to help IT staff manage these two issues. However, employee access to corporate data through mobile devices and the number of apps that employees can download has increased the number of risks and hence mobile security is now a top priority for a company’s IT department. Mobiles have been creating significant security challenges for organizations especially when it comes to the potential loss of sensitive company data. Now organisations have understood the need to control data accessed through a mobile device, defend against mobile threats and enforce security policies,” says Chib.
What are the essential things to consider for a mobile security policy? Industry pundits say enterprises should start mobile initiatives with a fully fleshed-out plan; your strategy should take a holistic view of mobile security with an overarching security framework.
“The process of creating a safe and productive BYOD environment begins with understanding the goals of the organisation with respect to mobile devices. Some businesses in the Middle East have minor security concerns and actively encourage the use of any type of mobile device, while in some other businesses, the vast majority of data must be protected with the highest levels of security,” says Scott Manson, Cyber Security Leader for Middle East and Turkey, Cisco.
Elnakat from Gemalto says to protect their consumers and combat increasing innovation from hackers, organisations which offer mobile apps such as financial institutions, government bodies, and service providers must adopt a layered approach to security based on the fact that various items are at risk: from the app itself all the way through to data access points. “This means that one cannot rely on a single method of protection for their entire app ecosystem; different layers of security need to be put in place in order to form a robust and secure platform to protect sensitive mobile data such as that in banking or government services apps.”
For years, organisations have turned to Mobile Device Management solutions with the hope of wrapping their arms around BYOD. MDM is a technology that enables organisations to control every aspect of a mobile device, from permitted apps to outbound communications. But that may not be enough.
“MDM has come a long way in helping facilitate the use of mobile devices in the enterprise. However, the device-level insights that MDM provides produce only a small subset of the information necessary to make strategic security decisions. Enterprises need comprehensive visibility over their entire mobile data ecosystem – the device, the app, the network, etc. – and not just a device-level solution,” sums up Manson.