News

BYOD success depends on threat awareness

A recent survey found that the majority of organizations that support bring-your-own-device programs are not able to identify common mobile threats that could put their data and intellectual property at risk.

According to Harris Interactive, two-thirds of businesses with BYOD policies are unable to recognize security issues such as malware-infected hardware and employee utilization of unapproved applications. The study, which included more than 2,000 decision maker and employee responses, also found that the these organizations could not identify mobile threats such as access to harmful websites or the use of unauthorized file sharing platforms.

Although the survey discovered that many companies are unable to recognize such mobile security issues, 91 percent of participants stated that they had adequate security breach management policies in place. Furthermore, 93 percent said they believed they could successfully identify and respond to a breach.

"This suggests that even though companies are putting security solutions in place to protect themselves when employees bring their devices into work, they are not actually addressing many of the threats that are out there," said security expert Gareth Maclachlan.

Current mobile security threats
In order to have a successful BYOD program that benefits the company and does not risk security, administrators and the IT team should be aware of the top risks currently affecting mobile devices. That way, they can notify employees of the best practices for avoiding these threats and work to prevent them.

One such security issue is the increasing prevalence of banking Trojans, which ZDNet called a top mobile malware threat. These malicious infections can present a particular challenge for companies in which high level employees access the organization's financials via their mobile hardware.

The source stated that malware created to exploit mobile endpoints more than doubled last year. The most harmful samples discovered were those designed to capture users' financial information including payment card and monetary data. While the majority of this malware aimed to infect devices in Russia, security analyst Victor Chebyshev said the trend is bound to spread.

"[G]iven cybercriminals keen interest in user baking accounts, the activity of mobile banking Trojans is expected to grow in other countries in 2014," Chebyshev said.

Another security risk to watch for is a strategy cybercriminals utilize to dupe users into downloading malware. While this type of attack can come in many forms, recent reports show that a new scam of this kind leverages the popularity of Facebook and its newly acquired WhatsApp instant messaging application.

According to Infosecurity, Android users connecting to their Facebook application may see "suggested posts" - Facebook advertisements - that purport to offer special features for WhatsApp users. One such posting advertises the ability to access contact conversations without detection. Another allegedly provides the capability to hide an individual's WhatsApp status.

While these programs may appeal to a number of users, they are not legitimate. InfoSecurity reported that they are malicious programs that use the Facebook and WhatsApp hook as a means to lure people into downloading malware. Black hats established a fraudulent Google Play page for the apps, which looks genuine, but redirects their traffic to the malware program.

Overall, if decision makers and employees are aware of such threats, they can improve their safeguards and enhance their BYOD program. 

Protect data in transit with an SSL certificate today. 

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950

Buy now! Try now!