Date post: | 28-Nov-2014 |
Category: |
Technology |
Upload: | b-coatesworth |
View: | 276 times |
Download: | 1 times |
Risky business - balancing BYOD risk with mobility
Increased productivity
Lower cost to the company
Flexibility
Technology Familiarity
Support of many different devices
No control over what is on device
Increase attack surface
Device Disparities
BYOD improves productivity.
• BYOD support average nearly three hours of productivity gains per week.
BYOD promotes business agility.
• BYOD helps employees collaborate more quickly, efficiently and creatively.
BYOD responds to employee demand.
• Supporting users’ own devices can be a recruitment selling point.
Risky business - balancing BYOD risk with mobility
Risky business - balancing BYOD risk with mobility
Security enforcement.
• BYOD creates more weak links that can be exploited both internally and externally.
• Requires significant user education and buy-in.
Management and governance.
• Without governance arrangements, BYOD can quickly run out of control.
• IT to actively collaborate across the organization to identify workable solutions.
Direct and indirect costs.
• BYOD often reduces device acquisition costs. Can increase direct costs associated with network infrastructure and complexity
Secure foundations – 7 points to building a BYOD security plan
1. Identify the risk elements that BYOD introduces • Measure how the risk can impact your business • Map the risk elements to regulations
2. Form a working group to embrace BYOD and understand the risks, including:• Business stakeholders, IT stakeholders, Information security stakeholders
3. Decide how to enforce policies for devices connecting to your network• Mobile devices (smartphones) Tablets (e.g., iPad) Portable computers (laptops, netbooks,
ultrabooks)
4. Build a project plan to include these capabilities:• Remote device management, Application control, • Data and device encryption, Wiping devices when retired• Revoking access to devices when end-user relationship changes from employee to guest
Secure foundations – 7 points to building a BYOD security plan
5. Evaluate solutions• Consider the impact on your existing network• Consider how to enhance existing technologies prior to next step
6. Implement solutions• Begin with a pilot group from each of the stakeholders' departments• Expand pilot to departments based on your organizational criteria• Open BYOD program to all employees
7. Periodically reassess solutions• Include vendors and trusted advisors• Look at roadmaps entering your next assessment period• Consider cost-saving group plans if practical
In 2013 Cybercriminals made use of some exceptionally sophisticated methods to infect mobile devices.
Infecting legal web resources helps spread mobile malware via popular websites - water holes.
Distribution via alternative app stores. There are numerous app stores containing programs that cannot be found in Google Play.
Distribution via botnets. Bots self-proliferate by sending out text messages with a malicious link to addresses in the victim’s address book.
Criminals are increasingly using obfuscation, the deliberate act of creating complex code to make it difficult to analyse.
Cybercriminals also exploiting the Android Master Key vulnerability and have learned to embed unsigned executable files in Android installation packages.
Cyber crime
Trend of the year: mobile banking Trojans
2013 was marked by a rapid rise in the number of Android banking Trojans
Threats from mobile devices
Collects information about the smartphone (IMEI, country, service provider, operating system language) Acquires logins and passwords to online banking accounts, and bank card informationExtorts money from users by threatening to block the smartphoneMonitors SMS messages and information about voice calls.
Threats from mobile devices
Today, the majority of banking Trojan attacks affect users in Russia and the CIS. The cybercriminals’ interest in user bank accounts, the activity of mobile banking Trojans is expected to grow in other countries in 2014.
Infections caused by mobile banking programs
Mobile spyware, such as MobileSpy and FlexiSpy, is on the rise.
In the BYOD context these spyware applications pose a huge threat because they can be installed surreptitiously on an employee’s phone and used for industrial or corporate espionage.
The mobile phone is also a fully functional network device. When connected to the company Wi-Fi, has the ability to probe the network for vulnerabilities and assets.
Mobile Spyware, BYOD and Corporate Espionage