If you search “data breach” on Google, you’ll get a variety of articles ranging from Equifax to the latest Quest Diagnostics data breach. However, search “mobile devices hacked” and you probably will only find articles on WhatsApp. That’s it.
So does this mean information is being stolen, but just not via mobile?
If the answer was yes, this would be a real short blog.
We know businesses protect traditional endpoints with antivirus, firewalls, VPNs, anti-spyware and every anti-X solution they can find. However, very few companies do the same with their mobile device endpoints.
Maybe the CISOs and CIOs are searching “mobile devices hacked” on Google and think there isn’t a need. Maybe they’ve already forgotten what happened to Amazon CEO Jeff Bezos.
Here are four reasons why they are wrong:
1 – Mobile devices are the new work computers. They are now the de facto platform for productivity in business. Today, the traditional computing devices (e.g., servers, desktops and laptops) upon which enterprises have focused their security and compliance efforts represent only 40 percent of the relevant endpoints. The remaining 60 percent of devices are mobile. The good news is, employees are more productive. We must secure this productivity to avoid having sensitive information at risk. Enterprise Mobile Management (EMM) allows you to provide conditional access based on employees’ roles and responsibilities. But shouldn’t you also take into account a mobile device’s integrity? Wouldn’t you rethink access for someone that had a really old phone with several vulnerabilities… or one that was already compromised?
2 – Not all apps are created equal. With the advent of Bring Your Own Devices (BYOD), employees interact with apps their employers have provided them and their own personal apps. While the corporate apps may be safe; some of those personal apps – perhaps downloaded by a third party app store – may not be. The bad guys know how to get and/or corrupt sensitive corporate data via malicious apps.
3 – As our VP of Product Strategy often says, “the biggest risk is the ‘carbon life form.’” User behavior is a huge contributor of risk within mobile. That’s not to say we do it knowingly. Mobile devices are essentially supercomputers and we live our lives on them. But just like any supercomputer, it’s nearly impossible to fully understand how they work under the hood. We work, browse, play and share information not really knowing how our behavior impacts the risk posture of an enterprise. As an enterprise, wouldn’t you want to help employees develop good habits to stay safe on their mobile devices?
4 – 100% of my customers have detected mobile threats in their environment. I work in the Customer Success Group for Zimperium, the global leader in mobile threat defense (MTD), offering real-time, on-device protection against Android and iOS threats. Every day, my colleagues and I hear from our customers who are thanking us for protecting their devices. Our customers are enterprise organizations and government agencies with employees performing business on or through their mobile device. This includes healthcare, financial services, insurance, legal, pharmaceuticals, retail and mobile operations.
When people think mobile security, they think setting a pin or fingerprint access is enough. But as you can now see, mobile security needs to be much larger than that. Many organizations are beginning to understand mobile devices are an unprotected endpoint with access to or containing all of the information of a traditional endpoint.
While there are some overlaps in protecting a mobile and traditional endpoints, the way you solve the traditional endpoint security problem is completely different than how you solve the mobile security problem. You need a solution built and designed specifically to protect the unique threats targeted at mobile devices.
Mobile security is as much about understanding why mobile devices are at risk as it is about protecting against threats.
Krishna Vishnubhotla is VP, Customer Success & Strategic Alliances at Zimperium. In his role, Krishna builds value-centric relationships with customers and partners to drive positive business outcomes.