A number of factors contribute to the diminished regard for security:

Similar documents
43% Figure 1: Targeted Attack Campaign Diagram

When attackers have reached this stage, it is not a big issue for them to transfer data out. Spencer Hsieh Trend Micro threat researcher

As threat actors target various types of networks, companies with improperly configured network infrastructures risk the following repercussions:

Everyone s online, but not everyone s secure. It s up to you to make sure that your family is.

How Do Threat Actors Move Deeper Into Your Network?

Correlation and Phishing

This document has been provided by the International Center for Not-for-Profit Law (ICNL).

Cloud Security Primer MALICIOUS NETWORK COMMUNICATIONS: WHAT ARE YOU OVERLOOKING?

DIGITAL LIFE E-GUIDE. Keeping Your Cloud Data in Check

Web. Paul Pajares and Max Goncharov. Connection. Edition. ios platform are also at risk, as. numbers via browser-based social.

Managing Mobile Devices in a Device-Agnostic World Finding and Enforcing a Policy That Makes Business Sense

Protecting Content and Securing the Organization Through Smarter Endpoint Choices

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

Endpoint protection for physical and virtual desktops

Mobile App Containers: Product Or Feature?

Risk and threats everywhere, all the time

Securing Enterprise Mobility for Greater Competitive Advantage

Endpoint protection for physical and virtual desktops

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

Secure Your Mobile Workplace

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

YOUR DATA UNDER SIEGE. PROTECTION IN THE AGE OF BYODS. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next

Single-Vendor Security Ecosystems Offer Concrete Benefits Over Point Solutions

defending against advanced persistent threats: strategies for a new era of attacks agility made possible

FastPOS: Quick and Easy Credit Card Theft

10 easy steps to secure your retail network

The Workplace of the Future and Mobile Device Risk ISACA Pittsburgh. May 20 th, 2013

DETECTING THE ENEMY INSIDE THE NETWORK. How Tough Is It to Deal with APTs?

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

Symantec Mobile Security

BYOD THE SMALL BUSINESS GUIDE TO BRING YOUR OWN DEVICE

Technical Note. ForeScout MDM Data Security

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Securing BYOD With Network Access Control, a Case Study

Simplifying the Challenges of Mobile Device Security Three Steps to Reduce Mobile Device Security Risks

Kaspersky Security for Mobile

How To Manage A Mobile Device Management (Mdm) Solution

Five Best Practices for Secure Enterprise Content Mobility

Streamlining Web and Security

Addressing BYOD Challenges with ForeScout and Motorola Solutions

IBM Endpoint Manager for Mobile Devices

6 Things To Think About Before Implementing BYOD

Guideline on Safe BYOD Management

IBM Endpoint Manager for Core Protection

Data Protection Act Bring your own device (BYOD)

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them

Mobile workforce management software solutions. Empowering the evolving workforce with an end-to-end framework

Understanding Enterprise Cloud Governance

Preparing your network for the mobile onslaught

MOBILE SECURITY. Fixing the Disconnect Between Employer and Employee for BYOD (Bring Your Own Device)

OVERVIEW. Enterprise Security Solutions

The Maximum Security Marriage:

New Security Features

DISCOVER, MONITOR AND PROTECT YOUR SENSITIVE INFORMATION Symantec Data Loss Prevention. symantec.com

VDI Security for Better Protection and Performance

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Follow the Data: Analyzing Breaches by Industry

Security Threats to Business, the Digital Lifestyle, and the Cloud. Trend Micro Predictions for 2013 and Beyond

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Real World Considerations for Implementing Desktop Virtualization

Extending Threat Protection and Control to Mobile Workers with Cloud-Based Security Services > White Paper

Reducing the cost and complexity of endpoint management

Authentication Strategy: Balancing Security and Convenience

Cisco Mobile Collaboration Management Service

Simplifying Desktop Mgmt With Novell ZENworks

Trust Digital Best Practices

Securing Corporate on Personal Mobile Devices

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

overview Enterprise Security Solutions

Embracing Complete BYOD Security with MDM and NAC

Mobilize your Enterprise in 60 Minutes!

Btech IT SECURITY SERVICES. Financial Mobility Balancing Security and Success

Transcription:

TrendLabs

Enterprises cite security as their number one concern with regard to consumerization. During the actual execution of a consumerization strategy, however, IT groups find that the increasing demand to use employee-owned devices for important work is activities forces security out of the picture. Figure 1. Factors driving bring-your-own-device (BYOD) in organizations and enterprises A number of factors contribute to the diminished regard for security: Lack of awareness: IT groups may not be aware of the number of mobile devices connecting to their networks. A survey estimated that 69% of employees used smartphones for work while their respective IT groups said 34% did so. Increased workload: Unlike company-issued laptops, employees smartphones require more from IT groups because IT administrators need to treat and configure each device and operating system version differently. As a result, IT groups may only enforce minimal security. Technical support prioritization: Device-carrying employees demand that IT groups make their devices work, forcing IT groups to deprioritize security in favor of providing technical support. Mobile OS updating difficulty: IT groups jobs are not made easier by the open nature of the Android OS and mobile OS providers weak vulnerability handling and remediation processes. Waiting for patches can take weeks; fully deploying those takes even longer. Knee-jerk mobile device management (MDM) solution purchases: IT groups may be tempted to buy an MDM solution that may be inappropriate to their specific environments and can negatively impact their security. 2 TrendLabs Security in Context Paper

Informal adoption: In some cases, enterprises may informally encourage BYOD to please their employees. They may, however, not have written usage guidelines or implemented best practices. The introduction of employee-owned devices to workplaces has been acknowledged in order to increase employee productivity and satisfaction, business agility, and provable cost savings. Risks to security and data should, however, also be closely examined. While enterprises have embraced BYOD due to the benefits it offers, like increased productivity and flexibility, there are pain points that emerge both from the enterprises and employees end. In a study, the top challenge in consumerization of IT that enterprises cited is mobile device security. Figure 2. Top challenges in implementing BYOD The risks of implementing BYOD are not just limited to device theft or loss but in securing the valuable enterprise data and apps contained in and accessed by multiple devices outside the network. Here are some security threats to mobile devices and data that enterprise should consider: In a Trend Micro study 1, 46.5% of enterprises that allowed employeeowned devices to access their network have experienced data breach. Similarly, device theft and loss is also one of the factors that caused large data breaches. Information stored on stolen devices may be used by threat actors for sabotage or espionage purposes. 1 Trend Micro Incorporated. (2012). Mobile Consumerization Trends & Perceptions IT Executive and CEO Survey. Last accessed February 12, 2014. http://www.trendmicro.com/cloudcontent/us/pdfs/business/white-papers/wp_decisive-analytics-consumerization-surveys.pdf 3 TrendLabs Security in Context Paper

Although email is one of the common entry vectors for targeted attacks, threat actors can also leverage mobile devices. Targeted attacks are high-risk threats with the aim of data exfiltration. In the Luckycat campaign 2, our threat researchers found two APKs in one of its C&C servers, suggesting that threat actors may launch attacks using this platform. In our 2014 Security Predictions 3, we cited that attackers will likely target mobile devices, as a new threat vector, to penetrate the network. One of the entry points in infecting mobile devices is via malicious and high-risks applications or applications that get device information and display unwanted ads without user s consent. In 2013, the number of Android malware and high-risk apps reached the 1 million mark, and by end of 2014, it had more than quadrupled to 4.2 million. Data stealers were the second most prevalent mobile threat in 2014. While majority of these applications can be found in malicious domains, some reside in legitimate third-party app stores. Figure 3. Risks to corporate data 2 Genes, Raimund. (2012). TrendLabs Security Intelligence Blog. DEFCON 2012: Android Malware in Luckycat Servers. Last accessed February 12, 2014. http://blog.trendmicro.com/trendlabs-security-intelligence/defcon- 2012-android-malware-in-luckycat-servers/ 3 Trend Micro Incorporated. (2013). Blurring Boundaries: Trend Micro Security Predictions for 2014 and Beyond. Last accessed January 15, 2014, http://www.trendmicro.com/cloud-content/us/pdfs/securityintelligence/reports/rpt-trend-micro-security-predictions-for-2014-and-beyond.pdf 4 TrendLabs Security in Context Paper

In the end, businesses need to realize that consumerization is here and is not going away anytime soon. The sooner IT departments make adjustments to security protocol, the quicker organizations can participate in trends that can give them a competitive advantage over rival firms and increase opportunities for growth. Trend Micro The availability and accessibility of corporate data is crucial to increase employee productivity. However, it also poses security risks to confidential data. With the use of employee-liable devices in the workplace, IT faces the challenge of ensuring the visibility and control of all employee-owned devices accessing the network, as well as differentiating corporate data from personal employee data stored on the said devices. Security solutions with mobile device management (MDM) provide control in a centralized and scalable single console. This allows visibility with regard to devices and their respective statuses. The real objective of MDM is to enable an organization s security team to see and control each and every device that accesses the corporate network and uses corporate data. IT groups cannot hope to manage what they cannot see prioritizing this is crucial. Enterprises can more efficiently manage employee-liable devices and prevent data leaks or loss when they complement MDM solutions with virtualized mobile infrastructure (VMI). Solutions like Trend Micro Safe Mobile Workforce provide a safe mobile infrastructure that separates corporate data from an employee s personal data. With this solution, users can safely access corporate information through a secure native mobile environment which can run on any mobile device regardless of its OS. Since the VMI is hosted on the company s centralized servers accessed via a simple mobile app company data never leaves the network or gets stored on employee devices. For IT administrators, this means they can easily and centrally manage and maintain workspaces from a single console. This gives them visibility and control over corporate data without encroaching on employee privacy. In case of device loss or theft, IT administrators do not need to worry about securing data and remotely wiping it as in the case of MDM solutions, since with Safe Mobile Workforce, apps and data are no longer stored on the device. Furthermore, this solution does not require much administrative overhead since it has simplified management and deployment with its single sign-on for Exchange Server Access and active directory integration. The scenarios that put security as less of a priority have dire implications. For instance, IT groups may have a bare-bones antivirus solution for mobile devices installed but neglected to orient employees about social engineering or corporate information sharing. Taking a proactive stance in managing mobile devices in the corporate network ultimately reduces overall IT support costs. Solutions like Enterprise Mobile Security and Management and Trend Micro Safe Mobile Workforce enable consumerization while protecting corporate data accessed via mobile devices. 5 TrendLabs Security in Context Paper

TREND MICRO LEGAL DISCLAIMER The information provided herein is for general information and educational purposes only. It is not intended and should not be construed to constitute legal advice. The information contained herein may not be applicable to all situations and may not reflect the most current situation. Nothing contained herein should be relied on or acted upon without the benefit of legal advice based on the particular facts and circumstances presented and nothing herein should be construed otherwise. Trend Micro reserves the right to modify the contents of this document at any time without prior notice. Translations of any material into other languages are intended solely as a convenience. Translation accuracy is not guaranteed nor implied. If any questions arise related to the accuracy of a translation, please refer to the original language official version of the document. Any discrepancies or differences created in the translation are not binding and have no legal effect for compliance or enforcement purposes. Although Trend Micro uses reasonable efforts to include accurate and up-to-date information herein, Trend Micro makes no warranties or representations of any kind as to its accuracy, currency, or completeness. You agree that access to and use of and reliance on this document and the content thereof is at your own risk. Trend Micro disclaims all warranties of any kind, express or implied. Neither Trend Micro nor any party involved in creating, producing, or delivering this document shall be liable for any consequence, loss, or damage, including direct, indirect, special, consequential, loss of business profits, or special damages, whatsoever arising out of access to, use of, or inability to use, or in connection with the use of this document, or any errors or omissions in the content thereof. Use of this information constitutes acceptance for use in an as is condition. Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Our innovative security solutions for consumers, businesses and governments protect information on mobile devices, endpoints, gateways, servers and the cloud. For more information, visit www.trendmicro.com 2015 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information