A mobile concern: Blending security with convenience

By Heide Brandes
BridgeTower Media Newswires

Mobility in business means convenience, but it also creates a major security concern for corporations and businesses in the U.S.

With more and more organizations using remote workers and mobile offices, security weakens if the potential threat of malicious attacks isn’t addressed.
In the report “Security in a Remote Access World” by iboss, the growth of mobile employees is putting a strain on resources used to secure mobile traffic. For instance, the rise of devices accessing a network is causing bandwidth to explode in growth, but is also making it hard for IT professionals to track cybersecurity threats as they attempt to break into a network.
Now users are wandering around with both corporate and personal smartphones and tablets to jump between personal, family and business activities. Experts say this “jumping around” could cause serious breaches in security that could lead to disaster.

“Security of mobile devices has reached a point where the old paradigm is no longer working and corporations are starting to move toward zero-trust networks in line with the Google BeyondCorp framework in which all devices including mobile, servers and laptops are all assessed for health and strong user authentication,” said Micah Wilson, solutions engineer at Duo Security of Oklahoma.

 The demand

“The demand for mobile security is incredibly large,” said Wilson. “As Wi-Fi was adopted en masse by home, corporate and government users and more information lives in the cloud, we are seeing a mass rush to address the security concerns. Engineers like myself receive a high volume of calls by recruiters. There is a lack of qualified professionals in the market right now, and I find that I have to hire strong networking people and then train them for mobility style networking.”
For IT engineers like Wilson, the challenge of keeping mobile devices secure is constantly evolving. In addition, he said most attacks against customers are due to the theft of mobile devices.
“Ninety-five percent of attacks against customers are because users were phished or their mobile devices were stolen. Having a strong strategy for protecting applications is key so that the devices become less important,” Wilson said. “Historically, companies have been turning to mobile device management solutions, but that isn’t scaling well. New security-as-a-service companies like Duo provide an aggressive and super-fast way of protecting local and remote users on any device.”

According to “Predicts 2017: Endpoint and Mobile Security,” a 2016 report by Gartner, 25 percent of mobile-ready enterprises will deploy mobile threat defense capabilities on enterprise-issued mobile devices by 2019. In addition, by 2020, 60 percent of current portable physical flash data carriers will be replaced by cloud-based business data sharing, and capabilities such as enterprise digital rights management encryption will be the only durable, granular, file-level mobile data protection.

Mobile malware and mobile attacks are increasing in both number and pragmatism. In addition, concern increases because many organizations continue to use portable flash media to carry and share data physically between work systems without the benefit of rigorous oversight.
“Data leakage is the main risk that enterprises recognize,” said Dionisio Zumerle, research director of digital workplace security for Gartner. “This can be caused by physical loss of the device, but also from usage of ‘leaky’ applications. These are not malicious applications necessarily, but can simply require excessive permissions or access enterprise data and send it to third parties (advertisers, for example).”

“Though not negligible, most enterprises today are not addressing risks coming from malicious threats. This is mainly because we have yet to see a highly visible data breach that can be directly attributed to the hack of a mobile device.”

What can be done?

Jayson E. Street, vice president of information technology with SphereNY based in Oklahoma City, spoke at the U.S. Chamber of Commerce convention in Florida in October about the dangers of unprotected mobile devices and how easy it is for hackers to gain access.

“I logged on and did a demonstration, and you could see people look at their phone and see where they were vulnerable,” Street said. “Using public Wi-Fi can expose you to malicious attacks.”

Street said employees and customers, as well as businesses themselves, can protect themselves by turning off the Wi-Fi tracker on their phones when not using Wi-Fi. In addition, all employees with access to sensitive information should use a virtual private network, or VPN, to create encrypted tunnels out to the internet.

“Even if you are on a hostile hot spot, your traffic is encrypted, and hackers can’t get in,” Street said. “Most people don’t think twice about connecting to a hotel’s Wi-Fi, but hotels are the biggest targets for attackers. Treat every Wi-Fi hot spot as hostile and always use the VPN. It’s one of the best defenses against attackers.”