BYOD (Bringing Your Own Destruction)
By: Danny Akacki, Senior Technical Account Manager
Welcome to the first day of your vacation. You just got some glorious sleep in time and head out for a late breakfast. You arrive at your favorite spot and reach for your phone only to find flat pockets. Perhaps you just forgot your phone and it’s a minor inconvenience. Perhaps you made a stop for gas before grabbing those pancakes and now your phone is no longer riding shotgun.
Every picture, email, text message in one portable package, ripe for the taking. You feel your stomach drop and your pulse elevate. Then you remembered you sent some sensitive work home over your personal email to work on while you sipped Mai Tai’s on the beach. I mean, what’s the risk in that? Well, sharks for one, a gaping security hole for another.
This little horror story illustrates the fact that mobile devices, phones, tablets, etc., have become inexorably intertwined with our personal and professional lives. They are an extension of us that tend to get left, lost or stolen at any time for any number of reasons. The software and security of those same devices is also left to chance by the software makers and the users who need to update them. The last time I, a seasoned cyber security professional, checked my own phone, I had 80 different programs that needed updating. 80 pieces of software with 80 different ways to gain access to my personal data.
It’s easy to see things like mobile malware as insignificant. An iPad crash isn’t as sexy as a massive enterprise breach except one can certainly lead to the other. With the proliferation of mobile malware in recent years, and threats like Taslal hidden in parental control applications, every employee is a potential walking microphone and camera. A recent threat report has shown a growing number of businesses allow mobile devices (and all the baggage they come with) on corporate networks. How do you begin to police devices when you don’t own them?
The mitigation wisdom isn’t anything you haven’t heard before. Monitor your networks, check and update your acceptable use policies, enable multi factor authentication, enact some kind of mobile device management, train your users. The problem is a human one. We’re used to the autonomy of using our personal devices. How do we begin to tackle the human problem? By using the humans as the solution. It’s not enough to enact a mobile device policy, you have to get your users to buy into it. If the usage of the device is personal, the training and consequences have to be personal too.
Mobile device security is both a quantity and quality problem. While the quantity of mobile threats may not be on par with other threats, the quality of the spoils for attackers can be that much richer.
Stay a step ahead of mobile threats with A Deep Dive into Mobile Threats and Parental Monitoring gone bad — analysis of an unassuming mobile threat by Gigamon Applied Threat Research. Happy Hunting.