Don't Let A Consumer App Weaponize A Device And Bring Down Your Entire Enterprise
Mobile devices are critical to both our personal and professional lives and hold more information than ever before. Modern work increasingly takes place in the cloud and on personal mobile devices, eroding the typical network perimeter and revealing countless new threat vectors.
At the same time, mobile threats are evolving. Verizon’s "Mobile Security Index 2019" (via Forbes) found that "86% of enterprises are seeing mobile threats growing the fastest this year, outpacing other threat types."
Today, employees don’t just bring their own devices to work; they also bring different sets of applications installed on those devices. According to App Annie’s State of Mobile in 2019 report (via PPC Land), "Consumers downloaded 194 billion apps in 2018, spent $101 billion in app stores, and averaged three hours per day in mobile."
As consumer applications continue to infiltrate the enterprise, the future of data breaches and cybercrime lies in mobile applications and operating systems. For example, a popular messaging application recently made headlines when hackers exploited it through a vulnerability and injected Pegasus spyware into the app by simply calling the target. Once the infiltration took place, the camera and mic of a user's phone could be turned on, emails and messaging (both personal and corporate) exposed and user location data collected.
This demonstrates how vulnerable mobile applications and devices are to attacks and how a consumer app could potentially weaponize a device against an enterprise. It shows how unmanaged devices with access to corporate data increase the risk that sensitive corporate data will leak. That’s why enterprises need to ensure mobile devices that have access to business resources are secure.
As the CEO of a company that offers mobile enterprise security solutions, I've seen firsthand how today's companies need to rethink their security strategies to focus on the technology at the center of the enterprise: mobile devices. A mobile-centric zero trust approach can deal with the security issues that a modern enterprise faces and also provide the agility that a modern enterprise requires. It provides the visibility and IT controls needed to secure, manage and monitor every device, user, app and network being used to access business data.
A mobile-centric zero trust approach also provides on-device detection and remediation of threats. An additional security layer of threat intelligence detects suspicious or out-of-compliance applications, like the popular messaging application example above. If an application is suspicious or out of compliance, the IT department can notify, monitor, block, quarantine or completely retire the device, keeping enterprise data secure. This is critical because hackers are increasingly targeting mobile devices and applications with sophisticated attacks.
It is quite straightforward to implement and successfully realize the benefits of a mobile-centric zero trust approach:
- Equip users with a secure digital workplace space with all the apps they need, on the devices of their choice.
- Ensure that you grant user access to authorized corporate data based on full context.
- Include protection for data at rest and in motion with encryption and threat monitoring.
- Enforce security policies with ongoing monitoring to quarantine devices, alleviate threats and maintain compliance.
By being easy to implement and imperceptible to the end user, a mobile-centric zero trust approach bridges the gap between high security and low friction, which is essential to success. This is critical given the expectation by consumers — and therefore employees — that technology will be easy to deploy and deliver a seamless experience.
The bring-your-own-device (BYOD) enterprise trend has gone beyond devices and now reaches into applications. But if not properly secured, a consumer app can weaponize a device and bring down your entire enterprise. To avoid this threat, start rethinking your security strategy now so your employees can tap into mobile and cloud innovations without sacrificing business integrity.
This post originally appeared on Forbes.com.