The growing range of security threats facing businesses that have opened up their IT infrastructures to user-owned mobile devices, through bring your own device policies, is not being sufficiently heeded.
That is the word from William James, product manager at Cellfind, a subsidiary of JSE-listed Blue Label Telecoms. He says many end-users and organisations seem to have a "subdued awareness" of the multiplicity of mobile security threats they face, and of the policies and systems they should put in place to defend their devices and data.
James points out now that smartphones and tablets are beginning to take a central role in the business (in place of PCs) they store more and more valuable data. "They also have privileged access to a range of corporate systems, applications and information.
"That makes them an increasingly compelling target for information thieves and malware writers."
Most stolen item
He says there has been an alarming spike in security threats to mobile devices over the past year. "[This] highlights an urgent need for implementing tools to manage these risks."
South African Police Service statistics indicate mobile phones still rank among the most stolen items in SA.
Figures from Kaspersky Lab indicate the number of malicious programs for the Android platform grew from a few isolated samples in early 2011, to more than 40 000 by the end of 2012. The firm indicates how malware authors are creating increasingly sophisticated and targeted malware aimed at lifting valuable data - for example banking details - from mobile devices.
"In addition, what if tablets and smartphones are lost or stolen - along with their data and access to corporate network resources?"
James says these trends are especially concerning considering they take place against the business world backdrop, which is increasingly dependent on mobile devices, many of them owned by employees rather than the organisation.
By research firm Gartner's estimate, by 2016 two-thirds of the mobile workforce will own a smartphone and 40% of the workforce will be mobile, while half of all non-PC devices will be purchased by employees.
James says organisations face a dual challenge of implementing policies that govern which mobile devices end-users may use and how they may use them, and putting in place tools to enforce policy and manage devices.
"Consider the risk, for example, of users connecting to the corporate network with jail-broken devices that might be riddled with malware. The trick is to put policies and devices in place that enable rather than strangle the user's experience and productivity."
James says companies need ways to ensure end-users always have the latest security patches and anti-malware software installed, while enforcing password protection and other security measures, and tracking lost or stolen devices, as well as wiping data clean from them.
"Organisations cannot afford to be complacent as the mobile device becomes more central in their business processes," James concludes.
Share