How businesses can protect
against mobile threats
intelligent MOBILE SECURITY
George Tsoukas, ANZ Manager, Gigamon
George Tsoukas, ANZ
Manager, Gigamon, tells us
how organisations can limit
the risk associated with
operating a Bring Your Own
Device (BYOD) policy.
he increased use of personal
T
phones for work and the growth
of mobile malware are creating
and escalating risk to organisations. The
mobile phone has become ubiquitous
both personally and professionally. Many
organisations have BYOD policies in
which employees are allowed or even
encouraged to use their own personal
mobile phones for and at work. Many
of these devices are able to access
corporate networks and sensitive data,
yet many may not be as protected or
secured as company-owned devices,
opening up a Pandora’s Box of potential
security threats.
A recent Gigamon report looks at the
use of mobile devices on business
networks and the risks posed by mobile
malware and inadequate security. The
report also offers advice on protecting
organisations from mobile threats.
Gigamon points to a couple of recent
studies, one of which discovered that 80%
of employees use their personal phones
for work-related purposes and the other
that found that 70% of businesses allow
employees to bring their own devices to
work. Further, 53% of all device usage
worldwide is from mobile devices,
compared with 44% for PCs. Sensitive
information, specifically, credit card data,
intellectual property and PII (personally
identifiable information) can be accessed
through Software-as-a-Service (SaaS)
apps used on mobile devices.
Mobile devices can open the door to
different types of threats:
• Number of applications. Many
mobile devices store anywhere from
60 to 90 different apps, including
email, SaaS-based programmes,
cloud storage, social networks,
games and news apps. The more
apps requiring updating, the more
protocols accessible and the more
time someone spends on the device,
the greater the potential risk.
• Increased attack surface. The
growing number of cloud services
accessible on a mobile device can
trigger more ways to exfiltrate data
or access sensitive information.
Attackers can use information
obtainable from users to devise
phishing emails to gain entry to the
mobile device. Further, hackers can
tap into methods such as drive – by
downloads, watering hole attacks
and website compromises to use a
mobile device as a gateway into the
corporate network.
• Form factor. Mobile devices are
equipped with certain exploitable
features, such as cameras and
microphones. A compromised phone
taken into a business environment
can be used to snap photos of
sensitive documents or presentations.
• Blurring the line between work
and personal use. Mobile users
can easily blend together personal
and professional contacts and other
information. As a result, they can
make mistakes such as emailing
sensitive data to the wrong person
or posting confidential material to a
social network. A device that’s been
hacked over public Wi-Fi could see
its email, social media and VoIP
conversations compromised.
To help organisations defend themselves
against threats from mobile devices,
Gigamon suggests limiting use,
monitoring the network, checking BYOD
policies, implementing policies on the
device for device management, multifactor
authentication and educating the
user as the first line of defence. u
Credit card data,
intellectual property
and PII . . . can be
accessed through
Software-as-a-Service
(SaaS) apps used on
mobile devices.
58 Issue 29 |
www.intelligentciso.com