Employees are bringing their mobile devices to work. And with them, privileged information and application data are leaving the safety of corporate boundaries.
At the same time, corporate data is no longer stored safely within the confines of a company data centres, but in the cloud as well as on mobile devices. Technologies that make an attractive target for cyber-criminals, especially for financial gain and identity theft.
The way in for many cyber-criminals is mobile communication protocols, like SMS, Wi-Fi networks and Bluetooth. Others exploit software vulnerabilities from both the web browser and operating system on the device. This means organisations need to ensure that the security and integrity of their network data is maintained, and that sensitive data is not lost, destroyed or held to ransom when staff connect using mobile devices.
The devices might be small, but the problem is growing. Mobile malware infection rates were more than five percent in Australia and over nine percent in Asia. Globally, the number of new mobile malware instances increased by 49% from late 2014 to the beginning of the 2015-16 financial year.
The majority of the malware in Australia and Asia was Trojan-based malware, aimed at gaining control of the device via remote access tools. The top twelve included two Android threats – specific variants of the Fake installer application, which can be used to send premium SMS services without the user’s knowledge.1
The spread of ransomware to mobile devices is also likely to increase over the coming year.
Preparation against these threats needs to find its way onto the corporate agenda. Most organisations believe they have inadequate security safeguards to mitigate mobile threats – and Australia appears to be lagging behind our Asian counterparts by as much as twenty percent.
The two the main security technologies are currently data encryption and anti-malware. Mobile device management (MDM), mobile identity management (MIM) and mobile application management (MAM) are coming under increasing consideration as solutions to the problem – but adoption remains low, with much room for improvement.
Basic security measures, like strong authentication – and, in particular two-factor authentication – are powerful aids in the prevention of data theft. Two-factor authentication mechanisms have traditionally supplied a token that the user uses in conjunction with a password – but more modern approaches use a dynamic passcode consisting of digits that can be sent to mobile device by SMS or via an application. This means there’s no need for an additional, dedicated token, as users tend to carry their mobile devices around at all times.
Despite the lag behind Asia, some Australian organisations and industries are thinking comprehensively about the mobile security threat – especially larger organisations. Financial services, government, and large retail organisations have made the most progress in advancing their mobile security policies, with more mature cyber-security programs in place.
BYOD security will no doubt continue to be a movable feast, as the goalposts continue to shift along with user-behaviour and the tech that enables it. Which makes it almost impossible for individual enterprises to keep up – and makes specialised security partners, who can meet the pace of change, more important than ever.
Need help to achieve your BYOD vision?
Many organisations have implemented BYOD in a demand-driven, tactical and informal way and have not fully considered the security, regulatory compliance and privacy implications, and potential costs. Not having an effective strategy for BYOD can lead to costly impacts on the enterprise and users alike.
For customers looking for strategic guidance, Telstra can deliver a strategic plan that includes cost and policy infrastructure analysis, recommendations and a comprehensive mobility roadmap, ready to be executed on the Telstra Mobile Network.
Book a cyber security check-up
To help get visibility on the online risks to your business and their potential impact on your bottom line. Our security consultants assess and advise your business on your current cyber security, your exposure to online threats, and the steps you can take to improve online security.Register your interest