Umesh Yerram, Vice Presidentof Information Security& Data Protection Officer, AmerisourceBergen [NYSE: ABC]
Mobile phones are powerful, ubiquitous and continuously connected to sensitive data. Personal and professional business activities increasingly coexist on the same device. Even when companies do not endorse “bring your own device” (BYOD) policies, employees can access company emails on their personal devices. Yet mobile devices remain poorly protected while security threats are undeniably on the rise. Statistics abound about increased mobile phishing attacks, public network susceptibility and mobile malware. Malicious mobile applications, abundantly available in the app stores, are designed to exfiltrate personal information – contacts, emails, corporate emails, sensitive files, photos, geo location, phone identifiers and even shopping lists. Detailed privacy policies, often unread, allow reputed mobile applications to collect device and personal information to share with third-party tracking companies.
Many organizations are investing in hardening the security perimeter by improving their detection and response capabilities while not focusing on the soft center of cyber threats targeting executives’ mobile devices. Most executives and enterprises incorrectly assume Mobile Device Management (MDM) capabilities will prevent and detect mobile cyber threats. The burden on information security professionals who must safeguard these mobile assets is intensified because mobile devices are a lifeline for senior business leaders who use them to conduct business whether in or out of the office. There is a low tolerance for down time or intrusive security procedures.
Many organizations are investing in hardening the security perimeter by improving their detection and response capabilities while not focusing on the soft center of cyber threats targeting executives’ mobile devices
So how do IT security professionals safeguard precious corporate resources without invading user privacy or causing unnecessary interruptions? By implementing a robust Mobile Threat Detection (MTD) capability. Enterprise security teams should look for these essential attributes and capabilities when choosing a solution for MTD.
1. MOBILE DEVICE MANAGEMENT IS NOT MOBILE THREAT DETECTION
Mobile Device Management (MDM) provides some key capabilities to containerize information on mobile devices and wipe the data off the device in case of loss or theft. However, Mobile Threat Detection (MTD) solutions provide granular visibility into the types of data being sent from a device, the destination country or URL, and the reputation and authenticity of the applications & URLs in question – all while adhering to privacy laws and regulations. The best solutions are also able to detect threats in real-time, independent of Wi-Fi or cellular connection.
2. ONE SIZE DOESN’T FIT ALL
Every organization has a distinct set of information security policies, standards, and risk posture dictated by its risk appetite. Relying solely on out of the box capabilities makes it hard to implement a company’s unique privacy playbook and develop strategies for tackling data leakage as well as malware and phishing attacks. Organizations need the flexibility to write their own rules and modify as needed. Choosing an MTD platform that allows for easy customization is key.
3. USER & EXECUTIVE EXPERIENCE & PRIVACY CONCERNS
All business professionals are extremely fussy about their mobile devices. The line between professional and personal use is often blurry, and any downtime or excessive battery usage does not fare well with the user community. When evaluating MTD solutions, look for lightweight applications that use little storage and battery, but still have the sophistication to detect the ever-growing array of threats. A good MTD solution should never interfere with the user’s mobile device experience unless it detects a threat. It is critical for the user experience that MTD solutions also provide the ability to quarantine an infected mobile device from accessing sensitive corporate applications while giving the user access to their personal information and other mobile phone functions, consistent with corporate privacy policies.
4. LEVERAGING ARTIFICIAL INTELLIGENCE
Rule based threat detection is just not sophisticated enough to handle the ever-changing world of mobile security treats. MTD solutions should integrate with leading Security Incident and Event Management (SIEM) solutions so that information security teams can collect events from mobile devices and use Artificial Intelligence (AI) to detect and automate the incident response processes. To identify and stop unknown and zero-day threats, AI-based monitoring understands normal “baseline” activity and then detects characteristics of threats before they are even formally known or named.
In summary, security teams cannot rely on MDM, Google or Apple to keep enterprise devices out of harm’s way. An effective mobile threat detection policy requires more than out of the box, baseline MTD capabilities. Identifying risky employees and enforcing risk-based conditional access to corporate resources is key. A customizable threat engine will protect user privacy while still gaining deep visibility into mobile operating systems and app vulnerabilities. And finally, feeding mobile threat incidents into SIEM and using User Behavior Analytics creates the sophistication needed to embrace mobile productivity while safeguarding corporate assets.