Mobile security and device management will become one of the top challenges for South African companies as attacks on smartphones and tablets are likely to increase again in 2014. So says Richard Broeke, a consultant at leading IT security company, Securicom.
“Reports from two major security software vendors in 2013 show a consistent rise in attacks targeting mobile devices, specifically Android devices. A lot of them are phony apps, downloaded from third-party app stores and text messaging Trojans that cause devices to send out SMSes to premium-rate numbers. There is also growing numbers of more aggressive apps that act as spyware, working in a similar fashion as spyware on a computer, to harvest the information the criminal wants.
“Aside from the personal risk and costs associated with these kinds of infections, employees who use unprotected mobile devices to email, store company data, and connect to the internet or company network, are putting company networks and information at risk,” says Broeke.
The increasing number of attacks on mobile devices closely correlates with the growing number of internet-connected devices in the marketplace. The more smartphones and tablets there are, the more enticing, and profitable, it is for criminals to launch attacks.
“This is where data exists now, outside the organisation on mobile devices. Cyber criminals want access to that data and are therefore focusing on the locations where it exists, namely the mobile world,” says Broeke.
The reason why cyber criminals want access to data on mobile devices is simple – it gives them access to an organisation’s intellectual property, the very thing that makes a business unique and profitable. Companies should protect data that resides on mobile devices for the same reason they have long been implementing measures to protect the data on their endpoints and servers.
Broeke continues: “What makes this so challenging for business is that data stored on devices in the hands of employees everywhere is difficult to secure without a sound mobile device management strategy, particularly in a Bring Your Own Device (BYOD) environment. Wherever a company’s employees go, data goes too. When there is no policy or technology in place to manage and protect data on employees’ devices, it is vulnerable.
“Companies are realising slowly that their data, and ultimately their business, is at risk. Unfortunately, the realisation will come too late for a lot of organisations.”
Broeke says that most people are generally cognisant that they need some form of security on their mobile devices, and a lot of companies rely on the assumption that employees using their own devices for business purposes will have adequate security. But, he says this is not enough.
“Even if they are activated and updated with the necessary regularity, this nature of security software is not capable of protecting the intellectual property housed on a device. For the business, it is about protecting that data, controlling what can or can’t be done with that information, and being able to retrieve it, should the device land in the wrong hands, get lost or stolen.
“Companies should want, and need, to have control over how their data is stored and managed on employee devices,” he says.
The answer, he says, doesn’t lie in stopping employees from using mobile devices for work purposes.
“Mobility empowers productivity. You can either stifle that productivity by not allowing company info, such as email, onto personal-owned devices, or you can embrace it in a controlled fashion and let your staff work the way they live, through collaboration and sharing on devices that they are comfortable using.
“It is possible to enforce security and device control, even in a scenario where employees use their personal devices for work. And, it is possible to do so without impacting their experience or the personal data they have on their devices.
“But, it all depends on the mobile device management technology that is implemented. By not thoroughly investigating the options available to them and trying save a few rand a month, companies very easily find themselves with an inferior technology, and no real solution to their mobile security or device management challenges.
“Companies need to get a tighter grip of mobiles in the enterprise with a technology that is competent to cope with the challenges arising in the constantly-evolving mobile space.”
Richard Broeke, consultant at Securicom