Enterprises need to put mobile security in the spotlight, before the lights go out!

We live in a world outside of the corporate firewall.

Checking emails, accessing work data, keeping in contact with friends, scanning social media — you may even be reading this article on one — your mobile phone is the gateway into everything you do, both personally, and increasingly on a professional level. Yet, mobile security remains a blind spot for the enterprise. This should not be the case.

The rise of the mobile culture

Today we live in a world driven by mobility. We as individuals want the freedom to work wherever and however we want. Many employers are trying to meet this demand and are even encouraging flexible working, especially in the UK where a law was passed allowing all employees in permanent employment, of over 26 weeks, to request the right to work flexibly. But this newfound mobility has led to a change in the way devices are used, which most enterprise’s security measures are not prepared for.  

Employees, as individuals, want access to whatever application they perceive will make their personal and working lives easier. And they can have it, at the click of a button. As a matter of fact, as of June 2016, Android users were able to choose between 2.2 million apps and Apple's App Store featured as many as 2 million. The app evolution sees no signs of slowing down and the bad news for the enterprise is that there is no way to ensure that every app downloaded onto your employee’s mobile devices — the same devices that are used to access corporate materials — is safe.  

The reality is we live in a world outside of the corporate firewall. Employees access your company’s most precious data from their mobile devices often using their own chosen apps which are unrestricted, unmonitored and most worryingly often unprotected. Thinking that having a passcode on a phone, or an MDM solution in place, is enough of a security measure, is no longer good enough. 

A new cyber order

At the very same time as this momentous cultural shift and app explosion, cybercriminals are becoming more sophisticated. They inherently move faster than the enterprise, finding new ways to exploit vulnerabilities in even the most secure of networks. There’s been a steep rise in cyber-criminal activity focusing on the mobile threatscape. In fact, a staggering 74 per cent of security leaders said they suffered a breach as a result of a mobile security issue. 

These data breaches were mainly caused by apps that contain security vulnerabilities (38 per cent), mobile apps containing malware (36 per cent) and unsecured WiFi connections (30 per cent).

Mobile is a relatively new frontier, but cybercriminals will not stop development on this front anytime soon as there is a lot of money to be made from individuals as well as businesses, who are not being security savvy.   

There is no problem, until there is

As the threatscape continuously evolves more rapidly than the enterprise, we cannot lay all the blame on their IT security teams for not looking directly towards the next biggest threat — mobile. They are being forced to do more with less, constantly. And more than that many are under the impression that they can still lock down their mobile devices to ensure security. They cannot, and they have to realise that not a single mobile device that touches their network is 100 per cent safe when there is just a MDM, EMM, or MAM solution in place. 

At the end of August 2016, for example, Lookout and Citizen Lab uncovered three iOS vulnerabilities, collectively called “Trident” that, when exploited, subverts even Apple’s strong security. This was the first active mobile threat that we have ever seen that takes complete control of an Apple device with just one-click. Although a patch was developed, it still highlights the dire need for enterprises to take serious note of mobile security in its own right — just think about how many of your executives have an Apple device alone. 

The spotlight needs to shift

The good news is that it is not all doom and gloom. Businesses simply need to readjust the security spotlight to include mobile. They need to find solutions that will increase their visibility into the mobile specific vulnerabilities that are out there, then ensure constant updates are kept in place to keep hackers at bay.  

The most crucial step in doing this is re-evaluating a company’s security strategy. Start to think beyond the traditional perimeter of laptops and mobile devices and focus also on the threat in the palm of every employee's hand — their mobile. Build a business case from the ground up, and remind executives how they themselves could be putting the company’s bottom line at risk through poor mobile security measures. It is only when the right mobile security solution is in place, and when employees are aware of the dangers of the mobile culture, that mobile security will no longer be in the blind spot. 

Gert-Jan Schenk, Vice President, EMEA Sales, Lookout
Image source: Shutterstock/Chinnapong