As mobile malware ratchets up, companies need better security for end-users’ devices
Organizations must set strict policies, use sophisticated solutions to fend off attacks
By Michael Shaulov, Special to ThirdCertainty
There is a large blind spot most organizations fail to recognize and protect—the mobile network.
Today, employees use their mobile devices to access business-related information more than ever. According to recent Business Wire research, 72 percent of organizations have adopted Bring Your Own Device (BYOD) policies to some extent, and an additional 9 percent plan to do so in the upcoming year.
Mobile devices have practically become additional endpoints in organizations’ networks, allowing access to the same resources and making the risk of a mobile breach as severe as any other. While the risk from mobile devices grows, in most cases the administrators have only partial control over them, and slim protection.
Related infographic: Convenience of mobile computing engenders risk
The main solutions most organizations implement to manage their mobile network are MDMs—Mobile Device Management systems and EMMs—Enterprise Mobility Management systems. Both solutions strive to provide organizations with a clear and comprehensive view of their mobile network, as well as enforce security policies. The main difference between the two systems is additional application management features incorporated in EMMs.
MDMs and EMMs provide crucial value for organizations, since unlike computers, which are usually chosen and provided by the company and thus easy to manage and control, mobile devices vary greatly in many ways, such as manufacturer, model, carrier and even operating system and security patch date. Providing a consolidated view of the network is the first step toward protecting it. In this mission, however, MDMs and EMMs fall short.
MDMs and EMMs can be compared to computer firewalls—providing a holistic view of the network and allowing basic application control, but by no means sufficient to protect any organization in today’s threat landscape.
Mobile malware also is on the rise, both in Android and iOS ecosystems. We have witnessed it grow in spread, variety and sophistication, following the steps of PC malware in many areas. Mobile malware can even overcome and break into secure containers by rooting the devices. Just like in the PC world, to defend against the emerging cyber threats in the mobile world requires advanced protections such as sandboxes and endpoint protections.
While regular endpoint solutions can’t protect mobile devices, there are dedicated solutions that can. The new generation of mobile security solutions can identify and block threat not only by using signature-based detection, but also by applying advanced dynamic threat prevention techniques, which can detect both known and unknown malware. Since mobile threats are real and continue to evolve, organizations must do the same to protect their networks.
Organizations need consistent coverage of cybersecurity policies across their infrastructure and end user devices, including smartphones and tablets. Even more so, organizations ought to implement advanced up-to-date solutions to fend off the ever-growing stream of sophisticated mobile malware. Why spend millions of dollars defining policies and implementing controls on other systems and devices but leave the primary end-user device that contains the same kind of sensitive information unprotected from threats?
More stories related to mobile security:
New security questions arise as businesses struggle to control BYOD
As mobile banking explodes, financial institutions beef up app security
Threat of ransomware growing for mobile phones