The increasing threats to mobile device security and how to thwart them

Multi Devices

When it comes to securing mobile workers, Cybersecurity Awareness Month is the perfect time to step back from the daily grind, identify where the next wave of threats might be coming from, and fine-tune your strategy for staying one step ahead.

The office environment is typically where employees spend the majority of their time, where the corporate crown jewels reside and where strong security defenses have been erected. But employees aren’t tied to their desktops anymore. In today’s world of mobility, enterprises need to think about ways to extend security to all types of location — homes, airports, hotels and coffee shops – and to all types of devices – laptops, tablets, IoS and Android smartphones.

The bad news is that many companies have neglected mobile device security and attackers have begun to exploit those vulnerabilities.  By 2019, mobile malware will amount to one-third of total malware, up sharply from 7.5% of malware today, according to Gartner’s Market Guide for Mobile Threat Defense Solutions.

The good news is that there are a variety of effective solutions on the market you can use to safeguard mobile workers. For example, Microsoft’s Intune and VMware’s Airwatch are enterprise mobility management (EMM) tools that have extended their capabilities to security-specific threats aimed at mobile devices.

And there is a new category of products called mobile threat defense (MTD), which integrate with a company’s EMM platform and are designed to prevent attacks against mobile devices. Gartner predicts that by 2020, 30% of organizations will have MTD in place, up from the less than 10% now.

When thinking about mobile security, there are several risk areas that need to be addressed: network threats, device risks, application risks and risks occurring when users access the Web and its content.

Threats and countermeasures

At the network level, office networks maintain the highest level of security and home broadband connections that require a user name and password are relatively safe. The real risks occur when mobile users try to connect to the enterprise network from remote sites through public Wi-Fi.

Hackers can deploy man-in-the-middle attacks where they create fake web sites that intercept and hijack the connection. The new mobile threat detection tools can detect rogue Wi-Fi services and block users from connecting to fake networks.

But if hackers are successful with a man-in-the-middle attack, their target is going to be sensitive corporate data.

Companies need to build layers of security defenses in order to protect corporate data. For example, policies can be set in EMM tools that require that software patches to be up-to-date, that limit remote access to certain data stores, and that tie into identity and access management (IAM) systems.

Enterprise mobility solutions also need to be able to recognize if a user is at an unknown location and respond appropriately, such as requiring use of the corporate VPN in order to access certain applications or triggering the need for multifactor authentication.

At the application layer, EMM solutions allow companies to create policies and access rules on an application-by-application basis. Within an EMM tool like Intune, for example, companies can create an app store for mobile workers that can include in-house apps as well as apps from the Microsoft or Google stores. This way they can prevent users downloading apps from unknown sources. MTD solutions can detect apps with malware and will also create an alert for ‘leaky’ apps, that is, apps that send sensitive data — like your contacts — to an external server.

At the device level, companies need to deploy encryption, make sure patches and OS updates are in place, that the OS is not compromised (jailbroken or rooted), that minimum rules are set for passwords and that the device is configured properly.

Of course, none of these protective measure can guard against an attack if the end user clicks on a phishing link, browses risky websites or picks up a stray USB stick in a public place that could be infected with malware.

So, the last piece of the puzzle is educating users to the dangers of phishing and making sure they are even more vigilant and suspicious of phishing attempts when they are on the road.

And remember, Cybersecurity Awareness Month is a great time to increase awareness of the threats targeting mobile workers, but security is something that needs to be top of mind year-round. For additional perspectives from DXC on cybersecurity, visit dxc.techology/cybermonth.

Louise-Willemse-headshotLouise Willemse, PMP, is offering general manager for DXC Technology, responsible for the product lifecycle of the Enterprise Mobility Management and Mobility Security Services portfolio worldwide. She previously served as Global Mobility Offering Manager for HPE Enterprise Services.

Chris Moyer headshotChris Moyer is Vice President and General Manager of Security for DXC. He has spent more than 25 years building business and technology solutions for clients in several industries across multiple geographies. In previous roles, he has led solutioning, transformation projects and delivery assurance. He is also a member of the Institute of Electrical and Electronics Engineers. Connect with him on Twitter and LinkedIn.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.