The proliferation of mobile devices and the growing use of public cloud applications are threatening enterprises and rapidly widening the enterprise security perimeter. According to the recently released Cisco 2017 Annual Cybersecurity Report, by 2020, 66 percent of all IP traffic will be from mobile and wireless devices.
User Behavior Impacting Enterprise Security
Risky user behavior is proving to be an especially weak link in the security chain. For example, the previous decline in volumes of spam emails came to an end in 2016: 65 percent of all emails were spam, and 8 to 10 percent were malicious. This increase illustrates that users are still putting organizations at risk by clicking on spam and phishing emails. Employees are also engaging in risky behavior by signing up for third-party cloud applications, 27 percent of which were found to be a security risk in 2016.
Complex Procedures Create Gaps
Cisco reports that with attacks growing in volume and complexity, a new approach is required for enterprise mobile security. As adversaries now have more tools than ever at their disposal, the explosive growth in mobile endpoints and online traffic is working in their favor, expanding the choice of targets and approaches they can take. In response, 65 percent of organizations surveyed admitted that they use anywhere from six to more than 50 security products. However, if these products are used in isolation, this will only increase complexity, creating the potential for further security gaps to be opened. These growing gaps mean that just 56 percent of security alerts are investigated, and less than half of legitimate alerts are remediated, which points to the need for an integrated approach to enterprise security. Cisco’s senior vice president and chief security and trust officer John N. Stewart stated in a press release, “Relentless improvement is required and that should be measured via efficacy, cost and well managed risk.”
What Can Enterprises Do to Enhance Mobile Security?
With budgets under increasing strain, a growing use of security products that have poor compatibility and a lack of trained talent — 57 percent of organizations reported major difficulties recruiting IT security staff — organizations should look to make greater use of services that can help them better align their security investments in an integrated manner to tackle the growing complexity of threats they’re facing.
An example of such a service is a mobile security assessment designed to help organizations achieve a balance between effective mobile security and risk tolerance. Placing a focus on mobile is becoming increasingly important: Even though employees often prefer to use mobile devices, a recent ISMG study found that 63 percent of organizations stated that enterprise mobility has surfaced a greater number of security risks and concerns than they had anticipated. With a mobile security assessment, risks are brought to the surface and recommendations made for an enterprise’s specific needs.
In their report, Cisco has outlined tips to help enterprises further improve their security capabilities. In order to be successful, businesses must make security a priority by having executive leadership that ensures budget availability and drives a culture of security throughout the organization. They must also ensure that all processes related to security are carried out consistently and correctly, including reviewing security practices, timely patching and placing tight controls around access rights. The effectiveness of those processes should be regularly evaluated to improve the overall success of the security posture, and an integrated approach should be taken to defenses so that visibility can be gained across the network. This will help detect and stop attacks, allowing more time to be spent on remediation.
The onus is on organizations to reduce the operational space in which adversaries have to act. This requires developing an integrated and simplified approach to security, taking into account all the challenges that need to be faced at every stage of the attack chain, so enterprises can consistently stay one step ahead of hackers.
Are unpatched security vulnerabilities worth the risk? A recent report shows just how much known vulnerabilities can cost your business.