Organisational practices and end-user behaviour must both change fast, to deal with rising mobile-focused cyber- attacks, such as phishing, that are now more pervasive than malware. This was the key message from LEVEL - a mobile security event hosted by Wandera last week. Industry leaders agreed that enterprises need to evolve their thinking on mobile protection – by improving end user education on risk mitigation and implementing security solutions that can provide robust protection against the broad range of mobile threats.
Mark Hughes, president, BT Security said that he wants organisations to change their habits to rapidly adapt; “Most organisations aren't using mobile security procedures well or even fully understand them – and they need greater awareness of which critical areas to protect. The security industry must change too – by not just improving their offerings but moving from a hard perimeter model - to providing easier access - with more flexible protection.“
Dr Michael Covington, Wandera's VP of product, highlighted the phishing threat, noting; “With 57 percent of internet traffic coming from mobile, 48 percent of phishing is now happening outside of email. These attacks have three key aims - to extract money, credentials and personally identifiable information - and with 90 percent starting with a phish, mobile users are three times more likely to fall victim. To address this, I believe that a more data-driven approach is needed – where more data points are examined . Imminent advances in machine learning will also be a key facilitator of this, enhancing our ability to predict and track attack patterns – so they are blocked in real-time as soon as they occur.”
Dr Rajesh Bhargave, professor at Imperial College Business School, explained why behavioural trends of mobile users can make them more vulnerable to attack; “I believe that mobile security threats are aggravated by usage context – especially between work and personal lives. Mobile users' behaviour changes outside of a more controlled, protected, work environment – they become more relaxed, distracted and trusting. The streamlined design of mobile devices, with smaller screens is also a factor t - as it's harder to spot all the signs of phishing pages – such as suspicious URLs.”
Dr John Meakin, cyber-security strategist and former CISO at RBS and Burberry, said, “In our sharing economy, the industry must find a balance between mobile device control, functionality and user convenience. Key tasks ahead include making mobile data more secure and addressing the current immaturity of some security solutions. These changes will be especially critical as additional threats emerge from nation state attacks – and result in potentially high rates of collateral damage.”
Erno Doorenspleet, global security advisor at IBM, believes that too many organisations remain unprepared when responding to a security breach and recent, high profile cases bear this out. “Organisations need a more effective, internal process so they can swiftly respond to a security crisis. Better inter-communication channels need to be in place - across a wider range of stakeholders. This means that as well as this just being the focus of IT and security teams, legal, HR and board members should be integrated into the process too.”
Eldar Tuvey, CEO at Wandera concluded that prevention is a long, complex journey saying, “It's clear that more mobile users are increasingly becoming the favoured targets of cyber-crime. These mobile-focused cyber attacks are growing fast - with 4,000 new phishing sites emerging each day, and as a company, we are playing our part – by ensuring that we continue to detect these ever-changing threats faster than anyone else.”