Six mobile security fears that keep CISOs up at night
Many of us have fears, rational or otherwise, and CISOs and other security professionals are no exception. After all, with reports of serious data breaches surfacing all too often these days, who could blame CISOs for being on edge?
The following are six of the most common mobile security fears among enterprise executives:
Whether CISOs like it or not, employees are accessing corporate data and apps on their personal devices. Besides the fact that these devices could be lost or stolen, it’s also difficult to stay on top of constant upgrades to multiple operating systems. Further, employees are probably downloading unsanctioned mobile apps that are not inherently secure and are likely sharing documents on cloud-based collaboration platforms.
2. Commingling of personal and business data
When employees use their personal devices for business reasons, they run the risk of exposing corporate data to malware from insecure personal apps. If the device is compromised, it is difficult for IT to pinpoint which data should be wiped. If they wipe personal files, employees often become disgruntled and ultimately unproductive.
Highly regulated industries such as healthcare and finance face harsh penalties and potential reputational loss if sensitive data is compromised. Unfortunately, these industries are common targets. It can be difficult to develop cross-departmental procedures between IT, HR and legal to manage this risk, as many organizations still work in a siloed manner with separate, unintegrated systems.
4. Keeping track of mobile apps
Most users don’t pay attention to the permissions of mobile apps they download, putting sensitive corporate data at risk. Vulnerable mobile apps account for a majority of data breaches, and when users retain full control over their personal devices, it is difficult for security administrators to determine which apps they need to worry about. It’s often only after a breach that IT discovers which apps pose a security threat.
5. Unmanaged devices
Many employees access corporate data and apps from more than one device, making mobile device management a huge problem for CISOs. Given that many devices are jailbroken and rooted, security administrators have no way of determining whether they are compromised, infected with malware or being accessed by an unauthorized user posing as a legitimate one.
6. Missing warning signs
Security administrators are constantly bombarded by vast quantities of data from logs, network activity and other sources, making it difficult to manage mobile security. Organizations often have outdated security monitoring and analytics platforms that can’t keep up with the new constantly evolving threats.
As mobility continues to grow, today’s CISOs face major challenges when it comes to mobile security. Their fears are valid given that malicious hackers are becoming increasingly clever and widespread, but there is light at the end of the tunnel — as long as enterprises invest in the right mobile tools to keep their assets safe.