Bugs, Gators and Mobile Security
I spent my early childhood through pre-teen years in Tallahassee, Florida, which is located in the northwest region of the state, in an area commonly referred to as the Florida Panhandle. While there, I was fortunate to have collected a treasure trove of adventure-filled memories that have withstood the test of time.
Though now several decades in my rearview, many of those memories are still quite clear to me today. Fishing ankle-deep in muddy ponds to avoid the fire ants on shore (while keeping constant watch for gators that might have stealthily snuck into chomping distance), snake hunting in tree tops and on steep and vegetation-covered creek beds, playing in the deep woods that surrounded our neighborhood, gathering with friends beneath the streetlight across from my house to make plans for the next day’s adventures, and more. Good times all around! However, to say that my childhood adventures were “enveloped in sticky mugginess and pesty bugginess,” would be an understatement. Whether you’re a Florida resident or make the occasional trek to the Sunshine State to vacation, you know what I mean.
So, what is it about the new “NSS Labs Enterprise Intelligence Brief Mobility,” that reminds me of my Florida Panhandle days? Let me explain.
First off, just to provide a bit of background, the research for this NSS Labs report was conducted earlier this year, derived from responses provided by more than 380 full-time U.S. enterprise IT security professionals. The purpose of the research was to gain insight into how network security products are being leveraged to support mobile devices. Having called the mobile security space my home for the past several years, I was curious to give the report a thorough read. In doing so, it reaffirmed the importance of mobile-centric, zero trust security. And oddly enough, at the same time, it caused me to draw this sort of wacky correlation to some of my childhood memories. Weird, I know. Bear with me for a minute.
Mobile threats vs. other cyber threats
One key finding from the NSS Labs report was that more than half of all respondents reported that mobile threats were a higher risk to organizational assets than other cyber threats.
Mobile devices have become our constant companions, an endless source of knowledge, entertainment and socialization (even for the timid), as well as our trusted advisors. How many times per day do you say or hear, “Okay, Google…” or “Siri…”? We do nearly everything with our mobile devices in tow. In today’s perimeter-less enterprise, a mobile-centric, zero trust security model is your best defense against bad actors determined to infiltrate your enterprise resources and cause harm.
So, what’s the tie-in to my childhood? Well, those who are set on circumventing your organization’s security infrastructure are like the hordes of mosquitoes and “no-see-uhms” that would always manage to find even the tiniest areas of my Deet-less, exposed skin and attack it mercilessly. Just like these pesky insects, bad actors never give up. They are continuously looking for new areas to launch their attacks. They are smart, creative and persistent. And if your organization has left any “skin” unprotected, you can count on it being located and attacked
Poor user awareness
Another finding of interest to me was that 49.4% of respondents reported poor user awareness as the greatest challenge to mobile security.
This doesn’t really surprise me, for a couple of reasons. First, as mentioned earlier, mobile devices and apps have become a big part of our daily lives. They bring a ton of goodness and in turn, we have come to trust them. After all, they are so smart! However, it’s this unwavering level of trust that can easily lead to bad things. Take for instance the recent Pegasus attack on WhatsApp. Do you recall hearing about that a few weeks ago? Talk about creativity! The attackers were able to gain access to users’ cameras and microphones, as well as location data, simply by calling their iOS or Android phones using the popular social platform, WhatsApp. What’s scary is that it wasn’t even necessary to answer the call. And because of this attack, WhatsApp had to scramble to implement a fix, and then notify and encourage nearly 1.5B users to upgrade to a new version of their app. And that’s just one recent example of an attack in which users were completely unaware.
Mobile threats launched via device, network, application and phishing attacks are not only sneaky, but ongoing. Unfortunately, it’s lack of awareness on the part of users that allow these attacks to succeed. And, because more and more users today leverage their personal devices for work, the chances of inadvertently unleashing bad things into the corporate infrastructure have increased. MobleIron’s mobile-centric, zero trust architecture provides organizations with the most effective weapons to battle against these mobile threats.
Not a pressing need? Really?
Another finding that I was surprised to read was that application control and regulation compliance are the top drivers for deploying a mobile security technology, whereas “mobile security is not a pressing need” and privacy are the top drivers for not deploying.
Now, I do understand the requirement to maintain application control and regulation compliance. However, to identify mobile security as “not a pressing need” does make me wonder. To me, any organization that chooses to enable the use of mobile devices, apps and cloud services to improve employee productivity should demand that a very comprehensive security architecture be in place to support that effort. This is even more critical when users are leveraging their own devices in a BYOD scenario, or when corporate-owned, personally enabled (COPE) devices are issued to knowledge workers and additional levels of freedom are provided (fewer restrictions in terms of apps, connectivity, access to cloud services, etc.).
There are simply too many ways in which enterprise resources can (and likely will) become compromised if mobile security is either an afterthought or simply taken less seriously than other areas of security, such as applications and network, as called out in the NSS Labs report. This is certainly cause for concern.
So, how does this tie into one of my childhood memories? Well, I think about how my friends and I fished in those ponds as often as we could, standing in that muddy water. We were very puny, yet determined anglers. We all worked as a team to constantly monitor our surroundings, making sure that gators never managed to sneak up and attack one of us from the weeds along the shoreline, nor managed to get so close to us in the water as to dine and dash.
Your take on mobile security?
The “NSS Labs Enterprise Intelligence Brief Mobility” report includes a number of additional insights. Download it and give it a good read. See how your organization’s beliefs and practices regarding mobile security compare with those of the more than 380 IT administrators who have already weighed in. Are you better prepared? Less prepared? Should be interesting to see!
And if you’re interested in learning more about MobileIron’s mobile-centric, zero trust security platform, visit here. The MobileIron security platform is built on the foundation of unified endpoint management (UEM) capabilities with additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat defense (MTD).