A recent survey by Cyren indicates that 71% of US SMBs were hacked in the past year, with 71% suffering a malware-related security breach, 43% a successful phishing attack, 36% suffering a virus or worm infection and 23% falling victim to ransomware. ‘These findings fully debunk the frequent misconception that “my organisation is too small to attract cybercriminals”,’ says Michael Osterman, principal analyst at Osterman Research. ‘It's not surprising to see that SMBs increased their IT security spending 23% over the past year.’
‘Cybercriminals are increasingly targeting mobile devices with threats such as malicious apps, phishing schemes and ransomware,’ says Dan Maier, VP of Marketing at Cyren. ‘In response, we’re seeing an explosion of new mobile threat defence solutions combining a lightweight, always-on approach with intelligent machine learning and cloud-enabled defences. These next-generation services give mobile operators a significant opportunity to provide additional value-added mobile security offerings for their B2C and B2B customers.’
Scott Millis, CTO at mobile-enabled enterprise security and attack detection company Cyber adAPT, says: ‘A major security implication of flexible working is the lack of mobile security in correlation to the rise of employees using personal devices for work. Mobile security tends to be an afterthought – and where it does exist, it is woefully behind the curve. Typically, just 24% of people are likely to have internet security on mobile devices, and only 5% bother to encrypt the data on their mobile.’
As more workers use personal mobile devices when out of the office (the BYOD, or Bring Your Own Device policy) they will continue to be a key point of entry for malicious activity. Scott Millis says: ‘I predict that at least one, if not more, major enterprise breaches will be attributed to mobile devices in 2017. A Ponemon Institute report found that the economic risk of mobile data breaches can be as high as $26.4m for enterprises, and 67% of the organisations surveyed reported having had a data breach as a result of employees using their mobile devices to access the company’s sensitive and confidential information.’
Al Sargent, senior director of Product Marketing at OneLogin, says: ‘The rise of the remote worker has been vital in helping organisational productivity. However, this growing percentage of the UK’s workforce are also the weakest links when it comes to information security.
‘Many remote employees have security software set up on their devices, yet most are bypassing the simplest of security procedures – password protection and sharing.
‘While it’s apparent that constant connection to work can cause security concerns for business, the pros outweigh the cons when it comes to remote working. Those organisations looking to get access to control and ensure they aren’t putting data at risk should implement an Identity Access Management (IAM) solution and single-sign-on technology to ensure they are the only ones who can access sensitive corporate data.’
Sargent’s top tips for mobile enterprise cybersecurity include integrating your IDaaS (Identity-as-a-Service) system with HR. ‘In the next year, HR will place a high importance upon IDaaS to ultimately simplify the on-boarding and off-boarding process, closing a door that was previously wide-open for cyber criminals and disgruntled ex-employees to exploit.’
Stefan Widing, president and CEO of HID Global, forecasts a shift in the use of identity technology, leading to increased adoption of mobile devices.
‘Particularly in industries focused on regulatory compliance, such as government, finance and healthcare markets,’ says Wilding. ‘This shift will precipitate the move from legacy systems to NFC, Bluetooth Low Energy and advanced smart card technology to meet the evolving needs of enterprises and governments worldwide.’
‘New capabilities for managing and using trusted IDs will be driven by the increase of temporary offices, mobile knowledge workers and the evolution of the workplace.’
Locks and keys
But there’s another aspect to digital security which may have wide implications for the mobile workforce, and that is physical access.
Jaroslav Barton, product marketing director, Physical Access Control Solutions EMEA with HID Global, quotes an IFSEC Global report revealing that 80% of security managers fear that integrating mobile access solutions into their physical access control architecture might increase system vulnerability. But in the light of increased interest in cloud-based solutions and mobile-enabled platforms, more security managers are considering a mobile physical access system.
‘There are multiple aspects to consider for security managers, such as whether the digital credential is as safe as a physical badge, can it be copied easily, or could an employee manipulate the data on their private phone within a BYOD strategy? How secure is the wireless transmission of the keys? Can the communication path between a phone and reader be captured and used for fraudulent purposes? The overarching question is whether we are sacrificing security for convenience.’
Barton’s conclusions are that mobile access systems are often more secure than legacy building access cards, so concerns over whether mobile access is secure are unfounded. But, he argues, ‘It is paramount that encryption methods have met stringent security criteria.’
Mobile security solutions can be updated far more quickly than card-based systems, and Barton emphasises another advantage of mobile-based security solutions: ‘An employee feels attached to their mobile devices, so if a phone is lost or stolen, it is reported right away and the mobile ID can be immediately revoked, thus preventing unauthorised access.’
With the potential for biometric technology such as fingerprint, facial and voice recognition, mobile systems offer robust device security, so a stolen phone is useless for gaining unauthorised access.
Barton concludes: ‘Being able to offer multiple security layers, dynamically responding to security issues, inspiring employees to better protect physical architecture and being on the cusp of new security developments, mobile access is a secure choice for any business’ building access control system.’