Cybercriminals are like water. They follow the path of least resistance. They look for an easy way in, and once it is found, they strike. When the attack economics are in their favour, they scale up the operation. They rinse and repeat. But when the cycle ends, the search for a new soft underbelly resumes. They then look for new techniques, vulnerabilities, and business modalities they can exploit.
For the past decade, businesses have been ramping up their investment in traditional cybersecurity solutions. The solutions have been focused on and designed to protect devices, networks, and employees in the office. The office was declared a “secured perimeter,” and any device connected to the network had to be verified and approved. External traffic to and from these devices was also monitored. All to ensure that an office is a safe place.
But over the last few years, we have seen a monumental shift in how and where we do our work. Employees today work from anywhere. They are using any device, connecting to any network, and adopting any application that makes their tasks more manageable. And in this context, in the last two years, we have realized how critical mobile phones have become for our workforce productivity.
Today mobile phones mirror your corporate data onto a smaller form factor and hold the keys to your corporate kingdom. From replacing passwords with 2-Factor Authenticating Apps to enabling Office365 access and more. These devices have become both keepers of sensitive data and enablers of identity and access to additional data not stored on the device. They are now, de-facto, a part of your core technology ecosystem. And as such, it must be protected.
Why do you need a mobile solution?
According to the Verizon 2021 Mobile Security Index, “70% of organizations adopted BYOD policies to support the distributed worker.”
In plain language, this means that your business data is being viewed, accessed, downloaded, and shared on devices that are mostly not protected and unsecured.
These devices can be infected with malware, phished for credentials, leak information externally, spoof for authentications, and spied on. In some cases, unsecured devices even led to ransomware attacks. Without a proper solution, an attacker can lurk without interruptions or the possibility of being discovered.
According to Check Point 2021 Mobile Security Report, “Almost every organization experienced a mobile-related attack in 2020, with 46% of organizations having at least one employee download a malicious mobile application.”
Today unprotected mobile phones are fertile ground for attackers. It is their latest path of least resistance.
How does a good mobile security solution look like?
Before we explain what a good security solution looks like, it is worth noting that the passcode or a password you have on your phone is not considered a mobile security solution. The same goes for a Mobile Device Management (MDM) solution. MDM has some features that sound like they are security-related; they are not. MDM deals primarily with policies and compliance, but it does not have preventative and detection technologies to stop cybersecurity attacks.
· Look for a solution that provides you with 360 degrees of protection on all attack vectors. Insist on a solution that protects the device layer, the Operating System layer, the application layer, and the network/connectivity layer.
The solution needs to defend against all types of modern attacks. Prevent malware from infiltrating the device by detecting and blocking the download of malicious codes and ensure the device is not exposed to compromise with real-time risk assessments detecting attacks, vulnerabilities, configuration changes, and advanced rooting and jailbreaking.
Risk visibility is also crucial. Without a complete view of your organization’s mobile security posture, you will not be able to mitigate risk and accelerate remediation effectively.
Do not let the solution restrict your technology. Scalable and fast deployment that supports every device type, operating system, and device ownership model (company, BYOD) is a must.
Security solutions can become an annoyance when they get in the way. Good solutions have minimal impact on the device usability, user experience, data consumption, and battery levels.
Mobile devices are hybrids. They store both corporate and personal information. Make sure the solution you choose ensures that data is kept private from everyone, especially when the device belongs to an employee. If the solution you intend to implement doesn’t follow the privacy-by-design principles, it is not the right one for you. Privacy is paramount when it comes to personal mobile devices.
As always, the technology becomes far more effective and powerful if your team knows how to implement it, manage it, deal with events, and understand how it fits within your entire cybersecurity strategy. Maximizing these technologies requires cyber expertise that you may not have in-house. Before you decide on a solution, consult with a cybersecurity partner who can right-size the solution for your specific business needs.