This article appeared in Security Brief, New Zealand and is republished here with their permission.
Mobile phones have a huge impact on the day-to-day lives and the way one communicates with the world.
With leading mobile messaging platform WhatsApp recently revealing a major security flaw that could let hackers access phones, it’s time to reconsider safety measures for mobile networks.
Even in the corporate world, it’s hard to find an employee today who doesn’t use a mobile phone to respond to emails at the least.
It’s also common for employees to use their smartphones for other functionalities like storing and accessing data from shared drives, sharing information on internal messaging platforms of an organization and editing an urgent presentation during the morning commute.
Given the growing popularity of smartphones as all-in-one computing devices for enterprise work and everyday personal use, it’s no wonder that mobile devices have become so appealing to cybercriminals and hackers to relentlessly attempt device, network and application attacks to gain an edge.
The workforce is more reliant than ever on business-critical applications, which can access confidential information from multiple devices at any time and anywhere. Yet security teams lack visibility into mobile threat activity, due to the inadequate, complex and difficult nature of today’s mobile threat defense solutions.
Moreover, mobile platforms have become increasingly popular attacking grounds for threat actors using tactics such as malicious apps, phishing and network attacks involving spoofing IPs or domains.
In addition, data sharing across applications, as well as taking screenshots, increases the risk of accidentally exposing data by a trusted user or intentional exfiltration by an insider.
In spite of all these risks, less than 10 percent of organizations globally have purchased a solution for mobile security and threat detection, according to Gartner.
Here are a few measures for organizations to protect their mobile devices against cyber threats.
Endpoint Protection Is a Must
One of the first steps to take with any endpoint protection initiative is to define what is included under the endpoint umbrella. All items that can connect to the enterprise network to transmit and receive data should be considered endpoints.
Complete and real-time visibility into device activity is the next important step so that the security teams can hunt and investigate based on that data. Additionally, organizations should also have safety measures directly on the network and not just individual devices. This ensures that even if an infected device is able to access the network, the threat cannot spread to other endpoints. This approach not only protects the devices used by staff, but also ensures the security of important applications and other resources.
Mobile App Shielding
As mobile devices and apps proliferate, organizations are increasingly concerned about the threats that moving to a mobile platform represents. Security teams want the ability to monitor enterprise application behaviors, such as network telemetry data and clipboard events, and they also want to be able to identify risky Wi-Fi and Bluetooth connections. Dynamic app shielding technology provides enhanced monitoring of third-party enterprise apps, further protecting sensitive corporate data and expanding app behavior monitoring to include process and data access events.
Using Cloud-Native Technology
Using cloud-native technology solutions enables real-time visibility across endpoints and their activities, so that the security teams can analyze and remediate any vulnerabilities spotted.
Such solutions enable organizations to extend the definition of endpoint and encompass all kinds of compute devices, such as mobile phones, laptops, desktops, servers, workstations, data centers and cloud; without requiring separate products for different kinds of endpoints.
Create an Overarching Endpoint Security Policy
It’s vital for organizations to establish an endpoint security policy for the firm. This would tie all the company’s efforts together and provide best practices for employees, including the use of authentication credentials and other security steps they should take. The policy will also spell out details regarding protection measures the company has in place and what these mean for staff members.
An effective enterprise app behavior monitoring capability can provide the visibility and telemetry required to identify malicious behavior, and also provide visibility into insider threats, unauthorized or accidental data exposure, and network spoofing.
These capabilities enable the endpoint detection and response (EDR) solutions of the companies to view mobile devices, search for events, and easily manage and enroll devices.
- Learn how CrowdStrike® Falcon for Mobile leverages the leading features of the CrowdStrike Falcon® platform including Falcon InsightTM EDR, managed threat hunting, single-agent architecture, and massive threat telemetry — to effectively defend enterprise mobile devices.
- Read the Falcon for Mobile data sheet.
- Watch the Falcon for Mobile Overview and Demo.
- Download the white paper: “Endpoint Detection and Response: Automatic Protection Against Advanced Threats.”
- Get a full-featured free trial of CrowdStrike Falcon Prevent™ and learn how true next-gen AV performs against today’s most sophisticated threats.