Tag Archives: iOs

Huge Cyber Blind Spot for Many Firms

There is a large blind spot most organizations fail to recognize and protect—the mobile network.

Today, employees use their mobile devices to access business-related information more than ever. According to recent Business Wire research, 72% of organizations have adopted Bring Your Own Device (BYOD) policies to some extent, and an additional 9% plan to do so in the coming year.

Mobile devices have practically become additional endpoints in organizations’ networks, allowing access to the same resources and making the risk of a mobile breach as severe as any other. While the risk from mobile devices grows, in most cases the administrators have only partial control over them, and slim protection.

Related infographic: Convenience of mobile computing engenders risk

The main solutions most organizations implement to manage their mobile network are MDMs (Mobile Device Management systems) and EMMs (Enterprise Mobility Management systems). Both solutions strive to provide organizations with a clear and comprehensive view of their mobile network, as well as enforce security policies. The main difference between the two systems is additional application management features incorporated in EMMs.

MDMs and EMMs provide crucial value for organizations, because, unlike computers, which are usually chosen and provided by the company and thus easy to manage and control, mobile devices vary greatly in many ways, such as manufacturer, model, carrier and even operating system and security patch date. Providing a consolidated view of the network is the first step toward protecting it. In this mission, however, MDMs and EMMs fall short.

MDMs and EMMs can be compared to computer firewalls—providing a holistic view of the network and allowing basic application control, but by no means sufficient to protect any organization in today’s threat landscape.

Mobile malware also is on the rise, both in Android and iOS ecosystems. We have witnessed it grow in spread, variety and sophistication, following the steps of PC malware in many areas. Mobile malware can even overcome and break into secure containers by rooting the devices. Just like in the PC world, to defend against the emerging cyber threats in the mobile world requires advanced protections such as sandboxes and endpoint protections.

See also: How to Keep Malware in Check  

While regular endpoint solutions can’t protect mobile devices, there are dedicated solutions that can. The new generation of mobile security solutions can identify and block threats not only by using signature-based detection, but also by applying advanced dynamic-threat-prevention techniques, which can detect both known and unknown malware. Because mobile threats are real and continue to evolve, organizations must do the same to protect their networks.

Organizations need consistent coverage of cybersecurity policies across their infrastructure and end-user devices, including smartphones and tablets. Even more so, organizations ought to implement advanced, up-to-date solutions to fend off the ever-growing stream of sophisticated mobile malware. Why spend millions of dollars defining policies and implementing controls on other systems and devices but leave the primary end-user device that contains the same kind of sensitive information unprotected from threats?

This article originally appeared on ThirdCertainty. It was written by Michael Shaulov.

Phishers’ New Ruse: Trusted Tech Brands

Most of us don’t think twice about opening and maintaining multiple free email accounts where we live out our digital lives. And we’re getting more and more comfortable by the day at downloading and using mobile apps.

Yet those behaviors can harm us. ThirdCertainty sat down with David Duncan, chief marketing officer for threat intelligence and security company Webroot, to discuss how cyber criminals are hustling to take advantage of our love of free Web mail services and nifty mobile apps.

Infographic: Where malicious phishers lurk

3C: Phishing attacks leveraging our love of Google, Apple, Yahoo, Facebook and Dropbox are skyrocketing. How come?

dd

David Duncan, Webroot chief marketing officer

Duncan: There are 10 times more phishing attacks based on emulating tech companies than financial firms. You’d think it would be the other way around, but it’s not. The focus is on stealing information from your various email accounts because it’s easier to spoof people into acting on something that appears to come from Google or Apple than from Bank of America or Citibank.

Free resource: Stay informed with a free subscription to SPWNR

3C: Because we’re less suspicious of Google and Apple than big banks?

Duncan: Yes. Phishers prey on the fact that we see those brands as trustworthy brands.

3C: What ruses should folks watch out for?

Duncan: It’s the typical ones. You’ll get something advising you of the need to change your password or share your contacts. They’ll send you a link to click. A certain percentage of gullible users will click on the link and follow instructions to give up their credentials.

I can’t say I know of any specific new strategies other than the fact that the focus is on impersonating big domains like Google and Yahoo because people don’t think too much about something that appears to be coming from those trusted sources.

3C: Is there really a one-in-three chance the average person will fall for a phishing scam?

Duncan: Yes, there is a 30% chance of Internet users falling for a zero-day phishing attack over the course of the year. It used to be about one out of every seven phishing emails actually got through. But we’re human beings, which means we’re gullible.

3C: What about mobile apps? What’s the risk there?

Duncan: A year ago, we tracked about 8 million mobile apps, and around 75% were trustworthy and 10% were benign. So 15% were malicious or suspicious. Now we’re classifying 15 million mobile apps, and we’re finding 35% to 40% are suspicious or malicious in character.

3C: That’s a pretty significant change.

Duncan: People don’t think of installing an app on their mobile device as installing a potentially unwanted application that’s being delivered from an untrustworthy app store.

3C: So is this mostly an Android exposure?

Duncan: Probably 90% is Android, maybe 10% is iOS. Apple has a more secured kind of walled guard for verifying and authenticating the source of applications. But it also depends on what users are accustomed to. If you go over to certain geographies in the world, people may not necessarily always go to the iTunes store. There are a lot of third-party websites where even iOS apps are cheaper or they’re free.

The Insurance Agent of the Future?

Recently, my 80-something mother bought an iPad to replace one of the first models, which is now obsolete (can’t upgrade the iOS!). So, though she is an always-with-some-trepidation user, she’s no Luddite. After her second day with the new device, she called me with some alarm to say that someone named Siri was trying to hack into her iPad (for you non-iOS users, Siri is the name of the iOS speech recognition software – a new feature for my mom).

This got me thinking about big data and the role of the insurance agent in the future. My thinking goes something like this…

Insurance Agent of the Future

Insurance of the future will be beyond indemnification for losses (at an actuarially fair price, of course) and will include loss reduction in some way, whether through direct action or indirect advice.

Let’s think about home automation and monitoring systems, a.k.a., the connected home, or “telematics for the home,” delivered through companies such as Keen, SNUPI and Revolv. Think thermostats, video cams, carbon monoxide and fire/smoke detectors, storm shutter and roof single sensors, refrigerator and freezer sensors, door lock sensors, etc. The capabilities are going to be integrated and will involve big (data).

Some company – maybe insurance companies, maybe those giant B2C companies like Google and Amazon, maybe some others – will take all that data and present it back to the consumer in an intelligent manner. Here is where loss reduction becomes very interesting. Companies could take direct action through automated activation of alarms and shutdown of systems when storms are approaching. Indirect advice might mean notifying a homeowner of unlocked doors, foot traffic in the house and refrigerator doors opening and closing.

Where does the agent come in? Maybe Google or Amazon and ADT will just get this all to simply work: Download the app, and it tells you what to do. But maybe the consumer will want some help with all this data and all this activity: what filters to tighten, what sensors to de-activate and what data is needed to get the right coverage at the right price.

Maybe the Geek Squad needs to morph to the Home Monitoring Squad. And the Home Monitoring Squad sure sounds like the possible insurance agent of the future – tech-savvy, risk-savvy and comfortable conversing with 80-year-olds.