Mobile tech inspires cyber crime
The ever-evolving nature of mobile devices opens doors for would-be criminals, making BYOD policy the new business rule.
The doors of opportunity are increasingly opening up to cyber criminals as mobile devices become more functional and ubiquitous - with the 400% increase in malware experienced from 2011 to 2012 being a distinct product of modern mobile technology.
This is according to Andrew Kirkland, country manager at security firm Trustwave in SA. In the enterprise environment, says Kirkland, mobile devices pose huge risks as they are used more often - for more functions.
The problem, says Kirkland, is that enterprises in SA typically don't have budgets to implement and enforce bring your own device (BYOD) security policies. "This is becoming harder to control".
Mobility in SA is something that is here to stay - and evolve. Kirkland says companies need to take a look at what is practical and in line with what makes sense for their business.
"This means that designing, managing and controlling access to their networks needs to include all devices - in-house and those owned by personnel. The company's wired/wireless security policy needs to extend to those BYOD devices that are authorised to access the network, ie security policies such as updating the OS on the device regularly, anti-virus updates, etc."
He says if these polices are not in place, businesses should not allow BYOD-type devices to access the company network until they do exist.
But, he says, it is a process. "Businesses with budget can do this sooner than those who need to be more conservative with their spending."
Kirkland says the bottom line is that businesses need to have a security policy in place, stick to it, manage it and stay in touch with industry cyber crime trends by speaking to experts who can offer insight and give a sense of how to compare the trends. "Then take the necessary steps to work towards implementing new updated policies to allow BYOD devices access - securely."
In the ongoing quest to integrate BYOD in South African businesses, Trustwave yesterday unveiled a new mobile security practice designed to help businesses embrace mobility and BYOD programmes, while maintaining compliance, managing emerging security risks, and protecting corporate networks and data.
Trustwave says the new mobile security practice offers enterprise compliance and risk services, as well as an integrated technology suite aimed at protecting networks, data, and devices from malware and data loss - BYOD "self-sealing" network protection.
The practice also includes Trustwave SpiderLabs services, delivered by an experienced team of ethical hackers, designed to expose vulnerabilities and threats on mobile devices, systems and applications.
Malware, policy violations, data loss, unsupported and insecure mobile applications are creating new security risks, making them a top priority for businesses that are implementing BYOD programmes, delivering mobile applications to customers and users, or using mobile payment systems that include point-of-sale systems.
According to industry analyst firm 451 Research, the combined effects of IT consumerisation and BYOD trends have driven mobile device security to take over the top spot as the key pain point for security managers in 2012. Trustwave's latest Global Security Report echoes this, having noted a 400% increase in mobile malware last year.
"Mobility and BYOD are no longer theoretical - even for enterprises that think they've banned them - and the risk is not confined to the devices themselves," says Wendy Nather, research director for the Enterprise Security Practice at 451 Research.
Nather says mobile devices affect the entire organisation from the standpoints of security and compliance.
Trustwave says mobility is not an exception, but rather the "new business rule".