Mobile Security – In the Words of Experts

With all the buzz around mobile security lately, we have decided to compile a list of some of the best mobile security quotes from experts on mobile security – shedding light on the topic from a different angle with each one. 

 

When considering the role of mobility in their enterprise, organizations need to first understand what role mobile devices will serve in their business, what business apps they wish to deliver to their employees, and what data is stored or made available on the devices.

  • Sam Phillips, VP of Enterprise Security Services and CISO, Samsung

 

Many users are lax when it comes to securing their devices, using weak passcodes, or none at all, and not encrypting the data that they contain. Given that mobile devices are routinely lost or stolen, unsecured devices can often provide unauthorized access to data. Some users also root or jailbreak their devices in order to overcome default restrictions or to allow them to customize them, but this makes it much easier for data-stealing malware to be introduced onto a device.

 

Ultimately, the pace at which mobile is evolving in the enterprise is completely unique, changing how businesses have to think about security. Companies need to establish trust and security in a world where they have less and less control—over devices, over apps and their users. The only way to do this effectively moving forward is to truly understand how people work and interact on mobile while knowing that threats are present. We know that attackers follow users and the popularity of mobile apps in conjunction with the emergence of their security flaws means that mobile is prime to be the next attack vector that threatens corporate data and user privacy.

 

Enterprises face a far greater threat from the millions of generally available apps on their employees’ devices than from mobile malware. Enterprise users casually give these riskware apps sweeping permissions, not realizing that their personal and corporate data may be sent to remote servers and advertising networks all over the world, where it can be mined by cybercriminals and hostile governments seeking access to corporate networks.

 

This research shows that mobile malware in the Unites States is very much like Ebola – harmful, but greatly over exaggerated, and contained to a limited percentage of the population that are engaging in behavior that puts them at risk for infection. Ask yourself, ‘How many of you have been infected by mobile malware? How many of you know someone infected by mobile malware?’

  • Charles Lever, Senior Scientific Researcher, Damballa

 

Mobile security is often misrepresented by the high confidence levels of users themselves. While enterprises are adopting new mobile cybersecurity strategies, it’s the users who are the closest to the BYOD technologies, and often are responsible for their choices of action on their devices. Smartphones and other portable devices are among the easiest attack vectors for hackers. Just because we do not see many high-level cases in the press yet, it does not mean that it is not happening. We need to emphasize that these devices hold the key to our lives – both corporate and individual. Because they are always close to us, in our pockets, users experience a false perception of security.

 

I have been warning the world for years that we are teetering on the edge of an abyss, that our cyber security paradigms no longer function, and that chaos will descend if something is not done. The fundamental operating system (Android), used by 90% of the world, and that should be the first bulwark against malicious intrusion, is flawed. Should I not bring this to the world’s attention through a dramatic demonstration? Do I not owe it to the world?

 

Historically, consumers have been able to unplug their computers from the network and turn them off in order to protect their data. With cloud computing, there is a server out there with available data 24 hours a day, seven days a week. As mobile rising from cloud adoption begins to take hold, it will no longer matter what steps the consumer takes to protect their data.

 

Spending hundreds of thousands of pounds, euros or dollars on a security system, plugging it in and switching it on — then presuming your company is secure — is a totally inadequate approach, because it usually results in relatively poor levels of protection for your organization as the threats from criminals are constantly changing.

 

While each author has a different perspective, the bottom line remains the same – mobile technology is here to stay and responsible security measures need to be undertaken to prevent security breaches. Not just on corporate level, but on individual basis as well. There is no single solution for mobile security – no antivirus that will render our mobile devices immune with one click. High security maturity is a combined and concerted effort of technology solutions and education & awareness.

To increase the mobile security at your organization, contact us – we offer services from mobile threat assessments to penetration testing, secure code review, digital forensics, employee trainings, and compliance advisory. Our mobile security team is among the top in the industry and has most recently been selected to work on a high-profile case that made the worldwide news.