Written by Rajiv Shah, Communications Data and Security Solutions Director
Businesses face increasing security pressures as the Bring Your Own Device (BYOD) trend takes hold across the globe. It is estimated that by the end of 2013 there will be more mobile-connected devices than there are people on earth. The boundaries between personal and work devices are blurring as companies are looking for ways to offer more flexibility to employees. Allowing staff to use their own personal devices can bring major benefits to a business, but also brings risks that need to be understood and managed. These personal mobile devices aren’t always as well secured as traditional company owned laptops and desktops so companies need to make sure they have the right risk management strategy in place.
The proliferation of smartphones and tablets, which are often not as well protected as traditional desktop systems, can be a lucrative target for cyber attackers. Furthermore, the limitations of appropriate device based security software and the sheer range of devices that many consumers have makes it difficult for even the tech-savvy to keep them all safe. Perhaps it’s not surprising that many employees are apathetic or unaware of the risks. Recent research by Detica in the UK conducted by YouGov showed that a third of employees either didn’t know whether they had any security software installed on their mobile device, or hadn’t updated it for over a year.
A number of industry surveys have pointed to a dramatic increase in malware targeting mobile devices, suggesting up to a ten-fold increase in the last 18 months. Detica’s Australian-based threat intelligence research confirms not only this dramatic increase in volume, but also in sophistication. The majority of attacks may still be concentrated on small impact premium rate SMS and similar scams, but we have also seen examples such as of compromise of credit card details and intercepting the confirmation SMS messages used by many banks to limit fraud. As mobile devices are increasingly used to access corporate data and networks, it is not surprising that hackers are starting to use these as a new and effective attack vector to steal valuable intellectual property and damage business.
Businesses Need to Protect Their Data
Recent research by Detica’s research also showed that in a typical week almost three-quarters (73 percent) of office workers use one or more personal devices, such as smartphones, to do their work; nearly half (45 percent) use two or more. Although these figures come from research in the UK, the environment in Australia is very similar - BYOD is an equally big trend with companies looking at ways to offer more flexibility to employees. The survey confirmed that this is not leading to increased security vigilance from staff, thereby increasing the strain on businesses’ security operations and their ability to protect their data.
This doesn’t mean that companies should shun BYOD - such policies improve flexible working and can greatly benefit both business and employees. However, if companies fail to adopt security best practice, they risk incurring increasing disclosure and financial penalties, not to mention the likelihood of falling victim to cyber-attacks. Businesses must educate themselves and their employees about the security risks and what they should both be doing to minimise them. Properly thought through security can greatly benefits to employees without unnecessarily impacting on the enjoyment of their personal devices.
Protecting Your Business from Cyber-Attacks
BAE Systems Detica suggests the following best practices for businesses >>>