Subscribe

Easing the mobile threat defence headache

Why mobile threat defence solutions are now an essential component of cyber security strategies.
MJ Strydom
By MJ Strydom, MD, DRS, a Cyber1 company
Johannesburg, 04 Dec 2019

Let’s kick off with a definition of mobile threat defence (MTD) – as Gartner refers to it – while other sources prefer mobile threat management/prevention (MTM/MTP).

Regardless of what we call it, MTD is an exponentially growing headache for companies to protect their businesses and users from the ever-growing threats relating to iOS and Android devices: organisations and employees are increasingly dependent on mobile devices, making these endpoints prime targets for malicious initiatives.

It is imperative for organisations to safeguard sensitive enterprise data from cyber threats that exploit mobile users, apps and devices. Furthermore, it is a mistake to assume that mobile device management (MDM) and mobile app management (MAM) solutions are sufficient to protect against cyber threats.

MDM and MAM solutions are management tools – nothing more – they cannot provide cyber threat detection or protection against user behaviours. They lack the ability to react dynamically to mobile cyber security threats, nor can they provide continuous visibility of device health and trust.

MTD solutions are required. According to Gartner, malware is headed for historic highs with predictions in late 2017 that threats would rise from 7.5% at that time to nearly a third of total malware-related incidents in 2019. It also rightly predicted that the fight to protect mobile devices would have to continue, with 30% of organisations putting an MTD solution in place by 2020 – an increase from under 10% in 2017.

In the absence of spectacular mobile breaches, low visibility of mobile attacks leads to continued low perception of mobile risk.

In the 2018 Gartner Market Guide for Mobile Threat Defence Solutions, it was estimated that 30% of organisations will have MTD in place by 2020, an increase from less than 10% in 2018.

The IDC published similar sentiments in its MarketScape for MTM, stating that enterprises are adopting mobile security, having decided that EMM and native sandboxing on mobile operating systems are not enough to meet overall mobile threat management needs.

What is the impact of bring your own device?

To remain competitive, businesses today equip staff with the latest devices, thereby feeding the need for protection from an increasingly sophisticated threat landscape.

While the era of bring your own device has hailed transformation of the workspace with enhanced productivity, it also brings a veritable minefield of opportunity for cyber criminals. Issues include: loss of control and visibility of enterprise data which is being transmitted, stored and processed on a personal device; potential data leakage or disclosure of enterprise data; physical loss or theft of the device and more.

We are in the age of business on the move – the anywhere, anytime workplace. Employees are increasingly mobile and available through the use of smartphones, tablets and laptops, exposing businesses to the risk of data loss, whether by employees losing devices or by compromising cyber security.

So, what is the answer? According to Gartner, MTD solutions are fast becoming an essential component of holistic mobile security.

What exactly does MTD protect against?

Hacker attacks are becoming increasingly sophisticated and creative in their attempt to compromise devices, typically for financial gain or to obtain sensitive corporate and/or personal data. Therefore, a wide range of mobile security solutions must be considered if companies are to guard against these invasions successfully.

MTD solutions scan devices and applications for malicious activities on iOS and Android devices, including machine learning and behavioural analyses. Moreover, they alert security teams when evidence of malware is discovered.

Gartner sees large-scale MTD adoption limited to regulated and high-security verticals. For mainstream organisations, countering malicious mobile threats is still a lower priority than more mundane data leakage risks. In the absence of spectacular mobile breaches, low visibility of mobile attacks leads to continued low perception of mobile risk.

Recommendations

In its Market Guide for MTM report, Gartner makes recommendations on how businesses can address mobile risks and derive value from MTD. These include the adoption of MTD solutions in high-security and regulated verticals and in organisations with large Android device fleets. It is emphasised that the focus should be on improving overall security hygiene, rather than countering advanced malicious threats.

The report also advises the use of app vetting and device vulnerability management – features to demonstrate the immediate benefits of MTD investments by showing how a company can reduce application and device risk rather than just expecting to uncover major breaches. Integration of the MTD solution with user experience management tools is also suggested.

The report predicts that by 2020, 30% of organisations will have MTD in place, an increase from less than 15% in 2019. MTD solutions have been implemented across a wide range of organisations from SME to enterprise over recent years and Gartner estimates the MTD market will have surpassed $300 million by the end of this year.

What South African businesses of all sizes need to take away from this is the crucial importance of implementing MTD as part of an overall business security protection plan – failure to do so comes with the all too familiar headlines of loss of reputation, business and customer trust.

Share