Enterprises are in a face off with some of the most pernicious cyber threats to date. The catalog of vulnerably vectors is growing, and simple tactics such as phishing scams and DDoS attacks are being used in new, albeit extremely destructive ways.
But even with the erosion of the cyber threat landscape, many businesses are actively attempting to increase the number of endpoints in the workplaces. Enterprise mobility and bring-your-own device policies represent a few of the newest double-edged swords when it comes to cyber security. The benefits of enterprise mobility are well documents: According VMware's 2015 State of Mobility report, businesses that have embraced mobility in the work place are seeing a 150 percent return on investment. Furthermore, the report revealed than more than half of all businesses surveyed will be altering work processes to accommodate the inclusion of mobile devices within the next 12 months.
But these boons are not without a bane: increased cyber risks.
Assessing the threats of enterprise mobility
Hackers are increasingly looking for new ways to exploit mobile devices. In China, for instance, cyber criminals have been tricking legitimate application developers into integrating their apps with not-so-legitimate software development tools. The most recent example occurred earlier this year when a bevy of mobiles apps being sold on Apple's App Store in China were found to be infected with a nasty case of malware. Given Apple's thorough vetting process for applications, the event was a bit of a rarity. Nevertheless, recent Trend Micro research predicts that in 2016, mobile malware originating in China will spike. This could mean many more intrusions similar to the one that affected the App Store.
Another alarming trend that will have a significant bearing on the future of enterprise mobility is the tried-and-true phishing scam – but with a mobile twist. Phishing scams will typically attempt to acquire login information through the fabrication of domains, or more often, through misleading email or social media messages. However, when mobility is thrown into the mix, messaging applications also become a potential source for malware. Recent strains that plagued Android devices – collectively dubbed "Stagefright" – can infect a smartphone via multimedia messaging such as pictures or videos. The scariest part – and what makes this distinct from standard phishing scams – is that a user does not even have to open the message for the intrusion to be successful. Since discovery of the bug in summer 2015, patches and other precautionary steps have been identified. Any lingering paranoia may be more difficult to remedy.
The complications of bring your own device
According to Trend Micro's IT Executives and CEO Survey, 87 percent of business executives say that their employees are using personal devices for work functions. From a technological evolution standpoint, this seems to make sense. A big selling point of the mobile device is its ability to multitask. In theory, the more a device can do, the greater its value proposition to software developers and their customers – both in commercial and enterprise settings. Likewise, the ability to have one smartphone and one tablet, both of which can be used for work and play, cuts the amount of devices an employee will have to carry in his or her briefcase every single day. It also means fewer hardware expenses for businesses.
However, storing potentially sensitive work information on a mobile device can raise serious concerns if, for example, the employee forgets the device on a train or loses it at a concert. Alternatively, the user might be leveraging consumer applications that might introduce strains of malware such as those mentioned previously. And, how can a company tell employees what applications he or she cannot be using during off-hours, on personal devices that they have paid for? How can enterprises meet compliance? It's tricky terrain, but it's navigable with the right policies and smart adoption of enterprise mobility.
Mitigating mobility-related threats
The first thing that any company must consider when configuring business applications for mobile use is security by design. Applications must be developed with authentic, well-vetted tools that have no currently known vulnerabilities and that have come from legitimate sources. Security and functionality sometimes come head-to-head in the development phase, as improving ease-of-use and having fewer security and login checkpoints can create a more fluid user experience, but also can weaken security. Striking a balance here is essential. If an app has a really poor interface, users may seek out alternatives, and this could introduce other threats. That said, when it comes to health care and finance and other industries that regularly handle information that if stolen could impact the lives of many thousands or millions of people, compliance should be the priority above all else.
From a user perspective, employing best security practices is generally a good idea. Password protection for all devices may be annoying; however, it can prevent identity theft and other issues that will could cause serious headaches later on. Many new smartphone and tablet models seek to remedy the annoyance of constantly typing in pass codes through the use of the biometric solutions, such as fingerprint ID. The added benefit of protecting a personal device is that there is less likelihood that a lost phone would result in a company-wide breach. This is especially true if the user has abided by a business's BYOD best practices policy; for example, by only using business applications for work-related functions and communications. Thus, best practices for mobile security comes full circle, as this serves to highlight the importance of ensuring that a business app is secure by design, but user friendly enough to actually use.
Last but not least, mobile devices are typically connected via a cloud network, which is how employees are able to access work information from outside the office. Responsibility to safeguard this network falls upon the shoulders of the business. Cloud-based threat protection from Trend Micro helps enterprises reap the benefits of enterprise mobility with fewer risks.