More people and data are traversing your network than ever before, and the opportunities for security breaches are exploding at an exponential rate.
One report, from Check Point, based on a global survey of 768 IT managers, found that 89 percent have mobile devices such as smartphones or tablets connecting to corporate networks, and 78
percent say there are now more than twice as many personal devices connecting to corporate networks than there were just two years ago.
All of those devices are creating a security nightmare. A hearty 71 percent of the IT managers surveyed say mobile devices have contributed to increased security incidents, and the Android mobile
platform is considered to introduce the greatest security risks. Seventy-two percent also say careless employees are a greater security threat than hackers.
Employees
Lame passwords, quick and dirty workarounds and apps are by far the biggest threats to network security. Tight network policy controls are one thing, but strict corporate rule making about BYOD
policies is the best place to start. Increasingly technical teams need to interface with legal and risk management teams to create sensible corporate policies regarding BYOD, because without
governance employees are out there playing fast and loose.
Nearly 25 percent of mobile workers say they employ some sort of workaround on their smartphones to bypass IT controls and get at corporate data, while 12 percent of tablet users say they use
similar tactics, according to the quarterly iPass Mobile Workforce Report. What seems like an easier way to conduct business as usual for the BYOD employee is a potential catastrophe for network
administrators.
“Users can unwittingly create back doors around corporate security even as they’re trying to improve their productivity with applications like LogMeIn, WebEx or even Dropbox,” says Stephen Pao,
vice president of product management at Barracuda Networks. “The intention of using these unauthorized applications might not be malicious but can create unintended security holes.”
Security software like Cisco’s Unified Access BYOD solutions take policy control to the device level to try and detect threats. But even the best policy controls and network intelligence aren’t
going to protect against sloppy employee supervision.
“IT’s best strategy to deal with the rise of BYOD is to address it with a combination of policy, software, infrastructure controls, and education in the near term, and with application management
and appropriate cloud services in the longer term,” says Gartner’s David A. Willis, who has written extensively about BYOD security.
“Friends”
First, a bit of good news: the threat of those mobile devices containing malware is relatively small. True, there are tons of devices out of the reach of IT, but a combination of regular updates
and strict controls on the part of smartphone OS providers like Apple and Google are proving pretty effective at keeping malware at bay, acting quickly to thwart threats.
But social media is another animal altogether. With the click of a “like” button, a smartphone’s entire identity can be exposed to theft. Telecom networks are prime real estate for phishing
attacks and attempts to access sensitive information or gain access to the network.
“While it is prudent to provide some insulation against mobile malware attacks, the threats emanating from botnets, social media and unauthorized application usage are real today, and most
organizations do not have the right protections in place,” Pao says. “The telecom provider’s own internal networks should remain free of phishing attacks that attempt to steal user credentials,
or downloadable malware that can be used to leak sensitive information or create back-door access to sensitive data. With new social engineering in Web 2.0 applications, even educated internal
users can be easily fooled into compromising the security of their workplaces by ‘friends.’”