With the advent of mobility and the influx of BYOD in enterprise, employers are struggling to keep control of their networks, according to John Yun, Director, Product Marketing, Blue Coat.
Yun, who is in Dubai promoting Blue Coat’s new Unified Security for Mobile Devices, claims that with consumer driven devices being brought into work, the employee has total control over what devices are connected to the company’s network, opening huge security gaps for cyber criminals to tap into.
“An employee isn’t going to let the company tell them which device they can and can’t have. They’re going to buy it, bring it into work, and start using it right away,” said Yun.
“There’s been a major shift in control. Before, companies would set up their security policy for internally provided devices, and then implement this policy. Whereas now, the employee will begin using their chosen device before the company even had the chance to set up a policy for that operating system.”
Yun believes that mobility security is a difficult area to protect because of the many avenues which can be targeted. Recent reports suggest that in the near future, employees will own an average of seven different devices and that each one could be used to access company data. With each employee transferring and accessing corporate data on seven different platforms, keeping them all secure is a security nightmare.
“If an employee chooses the Apple iOS, they might not even consider security because the general consensus is that the OS is a fairly secure system. However, that can still be easily cracked to become a carrier of malware. This is called a Botnet, which is when a carrier becomes infected, becoming a Trojan, and then transports the Malnet onto another device, via spam emails for example.”
Malnets can breach mobile devices in many ways, a lot of which companies aren’t even aware of. Yun believes that the sophistication of attacks has never been as high as it is now and tracking them all is a very difficult task. He points out, for example, that URL coding on a PC can be monitored, but the mobile friendly apps are less detailed to ensure better speeds and simpler use for consumers, and so recognising and tracking malware becomes far more difficult. He also says that consumers will never wish to compromise on speed and performance on personal devices, so deploying individual security settings, like firewalls, into a mobile device will never be practical.
A company can track mobile apps and desktop sites, such as Google, but they may not be aware that the mobile site for Google is located under a different address. Users will be redirected, unknowingly to m.google, the mobile version of the site, which will be an unprotected source to the device. Yun warns that although companies may not know this, cyber criminals most certainly do.
“Whatever companies aren’t aware of, in terms of unsecured devices, criminals most certainly are. What we aim to do is to offer them a simple solution, making it easier for them to set a mobile security policy in place. With mobile security, it’s an ignorant area. Employers don’t want to bother with all the details, it’s very much a ‘it won’t happen to me’ type of situation, then sadly it takes a major mobile security breach for everyone to take notice.”
Yun claims that the understanding of mobile security is there now, but that businesses are still slow to cover all angles because of the difficultly of keeping up with system upgrades and the volume of devices being used.
“The consequences of failing to be secured are devastating now. Criminals aren’t targeting 1000 people for 1000 credit cards anymore; they’re targeting one company with 1000 credit cards. And they can destroy a business, either by bankruptcy or loss of earnings caused by the breach,” he said.
“Sensitive data, personal data, and corporate data are all accessible by very intelligent groups. It’s never been a better time to be a hacker because we are behind.”
John Yun and Blue Coat are hoping that the launch of their Unified Security for Mobile Devices solution can offer a full, consolidated package which enables businesses to embrace all the personal devices being attached to a company’s internal server. With two thirds of attacks that are tracked being Malnets, the importance to understand them and be alert has never been higher.