Cybersecurity In The Age Of Mobility

by QuickCert on September 8, 2011

mobile-security
The world of cyber security is always changing and evolving with new threats and vulnerabilities appearing daily. The spreading popularity of mobile devices has directly led to drastic changes in the types of threats and security risks encountered by IT professions. While user education is still a solid foundation for any security program or policy, these new threats have completely changed the face of information security. When dealing specifically with the changing world of mobile cyber security, the two biggest security concerns are lost or stolen devices and platform security support.

Lost or Stolen devices

The most common security issue faced with mobile devices tends to be the loss or theft of a company device. Since these devices are used for business related functions, they often contain sensitive data, email and even VPN access. With data like this at risk, it is no surprise that many modern security breaches have been directly caused by the loss of a device.

Problem: Mobile devices can hold sensitive data and are prone to loss or theft.

Solution: The best solution is always to not lose these devices. However, it is nearly impossible to avoid this scenario in the real world. The best way to approach a scenario of loss or theft is to prevent the thief from being able to do anything destructive with the device they have nabbed. Laptops and other devices should have their hard drives encrypted so the thief cannot access any data. An even better solution would be to implement remote wiping functions that can completely erase all data on the device’s hard drive if it is stolen or lost. An enterprising thief will likely reformat or replace the hard drive, but they will not be able to access any sensitive data on the device. Although this practice may not eliminate theft, it minimizes the damages involved.

Platform Security Support

As the market for mobile devices continues to expand, the amount of different platform options and configurations available continues to expand as well. Due to carrier intervention, Android devices are more likely to face issues than Apple devices, which are mostly uniform. The Android platform is typically repackaged by carriers and each carrier has different specifications for their phones, which are not uniform. Additionally, different carriers will make platform updates and security patches available at vastly different times. This platform fragmentation then combines with the use of loosely regulated application markets, which can harbor malware disguised as applications. Even with legitimate apps, many developers do not secure their source code leaving applications as vulnerable targets for malware. This creates an atmosphere that is ripe for exploitation.

Problem: Lack of uniformity and general lax security.

Solution: Several different mobile security suites are in beta testing, and they should eventually lead to more solid security offerings for mobile devices. Devices should be updated with security patches and updates as soon as they become available. Users should only download apps from reputable developers and only use official marketplaces and stores to download apps.

Although the face of cyber security is always changing, the overwhelming need for security education remains constant. Both end users and IT staff need to be vigilant and practice good security habits. While there may not be a direct solution to theft and loss or platform security issues, education and having security policies and plans in place help to minimize the fallout from any unexpected security event.