CIOs and IT managers have their hands full with digital security as the enterprise network gets bigger, and the hackers get more sophisticated. Cloud-based services are creating a dependence on a high-speed and always-available internet while devices throughout the enterprise — from smartphones and smartwatches, to security cameras and light switches — are creating a depth and breadth of connectivity never imagined when the network was first designed. Cheaper and faster internet makes it easier for hackers to probe, attack, exfiltrate and hide in the weeds, while the overall background noise level just gets louder. Digital security has become a never-ending, full-time job.
In the world of mobile computing, security has been top-of-mind for software and hardware vendors for years, and that’s been good news for IT managers. But heightened awareness and designed-in protections aren’t enough, because mobile security must incorporate one of the least secure parts of any IT environment: the end user. We slip mobile devices in our pockets, carry them everywhere and use them to solve our daily problems. End users treat mobile devices casually, unaware of the consequences of risky behaviors they’d never even consider with their corporate desktop PC.
Malware: What’s Old Is New Again
Attacks and vulnerabilities change on a daily basis, but the top mobile security threats for 2019 have been made pretty clear — and they give IT managers an idea of where they should be concentrating their security efforts.
Mobile malware in all its forms — spyware, phishing emails and web sites — remain big threats on the radar of security and IT managers. These old threats haven’t gone away for one big reason: they work, and hackers like to stick to a recipe book that has yielded results in the past. With a few adjustments here and there, everything old is new again. Phishing emails getting caught by spam filters? Find an AI tool to make each one sound plausible, and send them again. Malware filtered out by Google Play Store? Recompile with a few changes and infect something else.
Why You Need an Incident Response Playbook
Get this free guide on how to respond to mobile security breaches — or thwart them altogether. Download Now
IT managers should already have a strong toolbox for handling these old threats on mobile devices, such as endpoint security toolkits and enterprise mobility management (EMM) systems. But just as the attackers evolve and step up their game, IT managers need to do the same.
This means that IT managers should take a two-pronged approach. First, take incident management seriously: figure out what got through your defenses and why, and how to keep it from happening again. Second, reevaluate your security portfolio for holes in coverage and new technologies that may better block old threats. For example, many IT managers are looking at cloud-based web proxies as a more effective approach to malware filtering than local URL filters provided by endpoint security toolkits.
Device loss and theft is another old threat that will never go away, and now brings a deeper risk to enterprise IT. When mobile devices first appeared on the scene, theft was all about the resale market. Today, thieves also see mobile devices as tools in their social engineering scams, and are willing to market the devices to black hat groups who need access to a particular organization’s data or networks. The potential consequences after loss and theft are looking worse in 2019.
IT managers can attack this threat from two fronts: technical and policy. With mobile device management (MDM), EMM or unified endpoint management (UEM) tools, IT managers have remote wipe, PIN unlock enforcement and disk encryption available to keep lost and stolen devices useless to the bad guys.
At the same time, on the policy front, IT managers should be shifting from an “anything goes” type of Bring Your Own Device (BYOD) environment to a more controlled and configured Choose Your Own Device (CYOD) program that ensures devices with access to valuable enterprise data are being properly protected. CYOD comes with higher initial costs, but the advantages of having greater control and consistency will pay off with fewer security incidents and happier end users.
Cryptocurrencies: The Great Unknown
There’s no particular security vulnerability associated with cryptocurrencies, but the fact that Bitcoins can be quickly and anonymously turned into real currency has made anything and everything related to cryptocurrency a priority for hackers. This ranges from cryptojacking, in which a device is hijacked to do cryptocurrency mining on behalf of a hacker through attacks on cryptocurrency wallets stored on smartphones, all the way to using the smartphone as part of a social engineering attack to get at an end user’s Bitcoins.
Guarding against these threats isn’t simple. IT managers can start with risk avoidance: ensure end users know that their personal financial information and cryptocurrency wallets shouldn’t be on their corporate mobile phone or tablet — and use an MDM/EMM/UEM policy to block those types of applications and all known cryptojacking websites. Combine this with user education on the social engineering techniques hackers have been using to steal passwords, such as SIM port attacks, to let users know their own risks and vulnerabilities when it comes to cryptocurrencies.
Wireless Networks: Untethered and Unsecured
There’s no safe wireless network — not Wi-Fi and not carrier. Encrypted Wi-Fi has fallen multiple times, and we are starting to learn about attacks on carrier networks, such as the recent disclosure of the Soft Cell worldwide data theft campaign against carriers. Wireless attacks are particularly troublesome for IT managers because the problems and issues are all over the map. Sometimes it’s buggy firmware in a wireless chip; other times, the core algorithms being used are under attack. The only certainty is that there will be more wireless problems, and IT managers have to mitigate those threats.
The best approach here is to layer some types of encryption and authentication on top of every wireless access: public Wi-Fi, corporate Wi-Fi, carrier networks — nothing can be considered trusted without an encrypted and authenticated connection. For mobile devices, that may mean backhauling all traffic, even nonbusiness web browsing, over a VPN connection when the environment is very insecure, such as users on mobile networks. But even in more secure environments, such as a corporate campus, no application should be accessible without both encryption and user or device authentication.
Any attempt to predict what the next security threat is going to be is just a guessing game. CIOs and IT managers shouldn’t be trying to find a new point solution in case some problem breaks out — they should be zooming out and trying to identify the places where their own defenses are weak. In mobility, planning for these threats means improving defenses, increasing detection capabilities and creating security policy that is comprehensive and effective.
Have you given thought to your enterprise’s incident response plan, and how it should look? Download our free guide to begin the process. Or, learn about optimizing mobile security for the enterprise with Samsung’s Knox Platform.