In today’s world, many organizations have started embracing the use of mobile devices (e.g., smartphones, tablets) to achieve goals for digital transformation, collaboration, productivity, and operational efficiency. However, this also has an associated risk related to security, privacy, and regulatory compliance from their use of mobile devices.
A Common Response to BYOD was Implementation of Controls Designed to Bring Mobile Devices “Under Management”.
Source: Aberdeen, November 2019
Recently there has been a massive use of mobile devices for personal and enterprise use. In today’s times, access to enterprise resources from any mobile device, at any time is considered to be increasing user productivity and convenience. Employees feel that their employer has every right to manage their own applications and data on the enterprises’ personal devices but not on their devices. Employees expect that “my device, my data” also implies “my privacy, and my control.”
Traditionally, mobile security focused on providing protection from a loss of confidentiality, integrity. But now, it should also focus on the business-oriented aspects of enabling the positive business impact that’s desired from the organization’s strategic initiatives. The topic of “zero trust” is not new. It’s a topic that has been talked about for the last 10-15 years by both solution providers and security practitioners.
Directionally, Enterprises are Moving Towards Mobile Security Controls Consistent with the Principles of Zero Trust
Source: Aberdeen, November 2019
Most organizations have already invested in a large and complex portfolio of security tools, products, and services. A recent study by Aberdeen showed that individual respondents had installed between 12 to 45 different solution categories in the context of mobile and endpoint security, with a median of 29. These results highlight an important opportunity for leading solution providers to help organizations drive incremental investments in mobile security.
According to Aberdeen’s ineffective communication is among the most impactful hindrances for faster, broader deployment of mobile security.
Eventually, the primary objective of security professionals is to help senior leaders understand the organization’s mobile security-related risks.
Empirical Data Shows Servers are More Likely to Be Attacked, But Endpoints are More Likely to Be Compromised
Source: Empirical data adapted from Verizon DBIR 2018 (N = 4,020) and Verizon DBIR 2019 (N = 3,667); Aberdeen, November 2019
Not all security-related risks need to be addressed! Risks can be categorised as:
The response to risk we should strive to avoid, by communicating more effectively about risk:
|Factors of Likelihood||Android devices||iOS devices|
|Mobile phishing link encounter rates, for every 1,000 mobile devices||50 to 570 (median: 270)||20 to 570 (median: 220)|
|Mobile phishing link user click rates, for every 1,000 mobile devices||20 to 360 (median: 150)||0 to 250 (median: 80)|
|Window of vulnerability: Time for installed base to upgrade to the most recent mobile device OS version||Enterprises using MDM are faster to upgrade than Consumers||Consumers are faster to upgrade than Enterprises using MDM|
To quantify the risks Aberdeen used a simple Monte Carlo analysis to find the risk of mobile phishing attacks
Source: Monte Carlo analysis; empirical data adapted from Lookout (mobile phishing link encounter / click rates) 2Q19-3Q19; Verizon DBIR 2018; Thales eSecurity www.breachlevelindex.com 2017-2019; Ponemon Cost of a Data Breach 2018; Wombat State of the Phish 2019; Aberdeen, November 2019
On an annual basis, there’s a 10% probability that the total business impact from mobile phishing attacks will be more than $200000000.
As stated earlier, mobile security capabilities should support two important goals:
Zero trust principles for mobile security are extremely useful to eliminate unnecessary friction for your users in carrying out their usual everyday actions, while offering vital defences in situations of higher risk.
According to Aberdeen there are three foundational capabilities to include:
In today’s world with the large amount of data being generated every day, Data security is of the utmost importance. With the threat of a Data Breach always present it is very important for an organization to encourage safe and secure data practices. One area where Organizations should be more careful is while storing and sharing data. This is where enterprises can make use of DCirrus’ Cloud Storage Services. The DCirrus platform is a very safe and secure platform where data can be stored and shared with other third-party vendors. With features like 256 bit 3 level encryption, 2 Factor Authentication, dynamic watermarking and data residency, DCirrus makes sure that all your data is completely safe and protected from any data breach. Even if your data is accessed from a mobile device there is no compromise on Data Security.