Mobile Security is not in a Complacent State

Extended and more rigorous approval and procurement processes leave government organisations with older technology which in turn leaves them with more non-compliant devices, missing devices and EMMsoftware, and out-of-date policies that don’t match user requirements. Let’s face it: users are already Mobile First, while most IT departments still think of mobility as a secondary priority to their PC strategy.

These are the mobile attacks that have either emerged or worsened in the last six months:

• Pegasus: a serious and sophisticated new type of attack that leverages three vulnerabilities in iOS software, known as Trident, to allow cybercriminals to install spyware on your device.
• Android GMBot:  Spyware that remotely controls infected devices in order to trick victims into providing their bank credentials. 
• AceDeceiver iOS malware:  Designed to steal a person’s Apple ID.  
• SideStepper iOS “vulnerability” :  Was discovered to intercept and manipulate traffic between an MDM server and a managed device.
• High-severity OpenSSL issues:  Vulnerabilities that can potentially impact large numbers of applications and services, which could ultimately jeopardize enterprise data-in-motion.
• Marcher Android malware: Evolved to mimic bank web pages that trick users into entering their login information through e-commerce web sites. 

Security incidents are often the precursor to a breach because they leave a device or app vulnerable and then put enterprise data at risk.

In general, enterprises have not yet significantly changed their mobile security practices in the face of these new threats to their corporate data. Aside from not enforcing updates or deploying the right software, there was also an increase in the number of employee compliance incidents. Forty percent of companies had missing devices, up from 33% in Q4 2015. And more than 25% of companies had out-of-date policies, an increase of 20% since last year. Such incidents are typically a precursor to an actual security breach.

While embracing mobility appears tough, it’s actually quite simple with the right combination of technology and user education. By staying engaged with app trends, Enterprises can possibly have our cake and eat it too. The existence of enterprise versions of apps like Box, Dropbox and Evernote can give employees the Enterprise features and the experience they want while staying secure, as long as there is a layer of trust and security at the device, application and user level, a win-win for both sides.

There’s little reason in today’s climate to ignore mobile security. Enterprise Mobility Management (EMM) has come a long way in a short amount of time, and is now simpler than ever to implement. EMM solutions are readily available to provide enterprises with the fundamental tools to mitigate these risks while empowering an increasingly mobile workforce. You can have it all – rigorous data protection, increased productivity and business outcomes, and happy employees too. Can you imagine that?