Mobile Endpoint Security | Mobile & Device Security
The most unprotected and largest security gap in your organization
Mobile Endpoint Security Issues for CISO’s
Today, roughly 60% of an organization’s endpoints are mobile with very little if any security. While security and IT teams wouldn’t consider leaving laptop/desktop computers unprotected, thousands of mobile endpoints are accessing organization information with little security. This is where mobile endpoint security comes into play. This vulnerable endpoint has access and stores the same information as a traditional laptop or desktop endpoint, and yet is often left out of the conversation when it comes to information security.
The most disparate and difficult security challenge for CISOs is ensuring that the thousands of endpoints in their organization are secure. The adoption of laptops created an enormous boost to productivity as organizations grew and expanded and their security was addressed with traditional solutions like endpoint protection platforms (EPP) and virtual private networks (VPN). But times are changing and the distributed workforce is increasingly mobile, and with that, the endpoints used for productivity have changed as well. In fact, 87% of enterprises rely on their employee’s ability to access mobile business apps from their personal smartphones.
As it turns out, there are 7 primary mobile endpoint security issues CISOs face. While the first three are similar to traditional endpoints but need to be secured differently, four are unique to mobile:
- 1. Corporate email
2. Corporate apps
4. Microphone / camera
5. Executive locations / calendars / contacts
6. Entry point to network
7. Username / passwords
Privacy Focused, Enterprise Mobile Security
Zimperium has identified the primary attack vector used to compromise a mobile device, enabling an attacker to access organizational information or the corporate network. These attack vectors, or mobile menaces, are constantly evolving in their complexity, targeting even the latest mobile devices due to their often unprotected state and access to:
1. OS Exploit: The most serious and impactful attack. OS exploits target old or vulnerable mobile device operating systems. Updated devices are more immune to attack but not completely safe and can still be vulnerable to zero day attacks.
2. Rogue Profile: This often comes in on the back of another app (like a VPN app) installing various escalated rights and permissions.
3. Phishing: This attack disguised as something legitimate like an email, sms, or application and often appears to come from a friend, a business you often work with (like a bank), etc. Once you activate the phish, various attacks can be launched.
4. Bad Wi-Fi: A bad Wi-Fi, also called rogue Wi-Fi or rogue access point, looks like a legitimate Wi-Fi but is actually controlled by the attacker. Once a device connects to the bad Wi-Fi, the attacker can monitor and direct traffic at their discretion which often leads to an exploit being delivered to compromise the device.
5. Man in the Middle: Often abbreviated as MiTM, this attack inserts itself between the mobile device and the intended destination. The attack uses something familiar (like a website or online banking) as it sits in the middle with the user not knowing they are being attacked.
6. Malicious App: These are apps that often look like a normal app (like a flashlight app) but behind the scenes are stealing information.
“Security and risk management leaders who need to strengthen their mobile security posture should adopt MTD products to improve their overall security hygiene.”
How to Secure Mobile Endpoints
There is no question mobile devices represent a significant security risk to an organization. The question is what can be done to reduce the risk that represents 60% of an organization’s endpoints?
A mobile endpoint security solution must be able to:
- 1. Detect device compromise
2. Analyze all apps for leaky/malicious behavior
3. Block surveillance or traffic interception
4. Prevent unauthorized camera/mic access
5. Stop phishing attempts
6. Ensure end user privacy