Tag Archives: bring your own device

Huge Cyber Blind Spot for Many Firms

There is a large blind spot most organizations fail to recognize and protect—the mobile network.

Today, employees use their mobile devices to access business-related information more than ever. According to recent Business Wire research, 72% of organizations have adopted Bring Your Own Device (BYOD) policies to some extent, and an additional 9% plan to do so in the coming year.

Mobile devices have practically become additional endpoints in organizations’ networks, allowing access to the same resources and making the risk of a mobile breach as severe as any other. While the risk from mobile devices grows, in most cases the administrators have only partial control over them, and slim protection.

Related infographic: Convenience of mobile computing engenders risk

The main solutions most organizations implement to manage their mobile network are MDMs (Mobile Device Management systems) and EMMs (Enterprise Mobility Management systems). Both solutions strive to provide organizations with a clear and comprehensive view of their mobile network, as well as enforce security policies. The main difference between the two systems is additional application management features incorporated in EMMs.

MDMs and EMMs provide crucial value for organizations, because, unlike computers, which are usually chosen and provided by the company and thus easy to manage and control, mobile devices vary greatly in many ways, such as manufacturer, model, carrier and even operating system and security patch date. Providing a consolidated view of the network is the first step toward protecting it. In this mission, however, MDMs and EMMs fall short.

MDMs and EMMs can be compared to computer firewalls—providing a holistic view of the network and allowing basic application control, but by no means sufficient to protect any organization in today’s threat landscape.

Mobile malware also is on the rise, both in Android and iOS ecosystems. We have witnessed it grow in spread, variety and sophistication, following the steps of PC malware in many areas. Mobile malware can even overcome and break into secure containers by rooting the devices. Just like in the PC world, to defend against the emerging cyber threats in the mobile world requires advanced protections such as sandboxes and endpoint protections.

See also: How to Keep Malware in Check  

While regular endpoint solutions can’t protect mobile devices, there are dedicated solutions that can. The new generation of mobile security solutions can identify and block threats not only by using signature-based detection, but also by applying advanced dynamic-threat-prevention techniques, which can detect both known and unknown malware. Because mobile threats are real and continue to evolve, organizations must do the same to protect their networks.

Organizations need consistent coverage of cybersecurity policies across their infrastructure and end-user devices, including smartphones and tablets. Even more so, organizations ought to implement advanced, up-to-date solutions to fend off the ever-growing stream of sophisticated mobile malware. Why spend millions of dollars defining policies and implementing controls on other systems and devices but leave the primary end-user device that contains the same kind of sensitive information unprotected from threats?

This article originally appeared on ThirdCertainty. It was written by Michael Shaulov.

Pokémon Go Highlights Disruptive Technology

If you hear employees talking about spending their stardust and candies, chances are they’re caught up in the latest pop culture fixation: Pokémon Go. The mobile phone game sensation has fans roaming the country with their handhelds out to capture the “Pocket Monsters” scattered virtually throughout the real world.

The kid in me chuckles at this innovative use of augmented reality (AR) technology. But my cyber risk side looks at AR and sees potential issues involving malware, privacy, data disclosure and employee safety.

Real-World Risks

Computer and online games become instant targets for malware, through such things as fake and cracked versions in app stores. Hackers could gain control over a phone and thus a wealth of data about its user. For companies with bring your own device (BYOD) programs, enterprise email accounts and other data could be exposed.

See also: Better Way to Assess Cyber Risks?

Of course, BYOD risks are not limited to Pokémon Go. For example, sensitive information can be exposed through employees’ social media postings and other activities.  But apps that are addictive and seemingly innocent can blind users to the risks of downloading.

AR technology combines elements of the digital and physical worlds into a single view, allowing data, text or images to be superimposed on a live video feed. In Pokémon Go, AR allows for the game map to align with a real-world map and players to find and even photograph their monsters in physical locations.

What if a Pokémon is located inside your company’s office? If a user shares a photo or screenshot of such a location, it poses a risk of inadvertent loss of sensitive company or customer information. And there are issues around invasion of privacy for people/places that don’t want to be involved in the game.

Managing Risk

As surely as Pikachu evolve into Raichu, technology like AR will morph and bring new risks. Businesses may try to block or limit employees’ access to AR and similar technology, but that may only provide temporary relief before the next threat emerges.

See also: Cyber Risk: The Expanding Threat  

So as with all cyber risks, when it comes to Pokémon Go, organizations should make sure they don’t focus only on prevention. Among the steps to bolster response and recovery, businesses can:

  • Educate employees about the risks.
  • Conduct regular cyber risk assessments and audits to identify threats and assets at risk.
  • Develop and test disaster recovery, business continuity and incident response plans in conjunction with law enforcement, regulators and others.
  • Purchase cyber insurance to deal with the inevitable risks that slip through the cracks.

AR and other disruptive technologies are here to stay, and promise to benefit companies and consumers. Risk professionals will need to be nimble as they manage the accompanying risks.