The Enemy Within: Growing Security Risks From BYOD
IT organizations and network security teams are challenged to adapt to a number of constantly changing variables, including evolving threats that exploit the vulnerabilities of emerging technologies. These broad technology and security trends disrupt traditional network security models and call for new approaches to protect corporate data.
Enterprise networks, applications, and end-user devices have evolved at a rapid pace in recent years. Emerging technologies and practices such as Bring-Your-Own-Device (BYOD), social media, smartphones, virtualization and cloud services have significantly complicated the process of securing enterprise networks and sensitive data. The 2013 Global Information Security Workforce Study conducted by Frost & Sullivan revealed that of 12,396 respondents, 78% of them ranked employee- and partner-owned mobile devices as a top security concern.
In most cases, employees who are issued company laptops or smartphones are poorly educated, if at all, on the proper safeguards for maintaining a satisfactory device security posture. Even simple instructions, such as keeping the device in a safe and secure location and updating the device’s anti-virus and operating system with the latest signatures and patches, respectively, are often overlooked.
IT organizations have lost significant control over data storage, processing and movement practices. Employees who work from home, on the road, or at other remote locations are constantly moving data in and out of the organization via laptops, thumb drives, and smartphones. Additionally, employees are increasingly using cloud services with or without corporate approval for storage and other uses. The use of cloud services called “shadow IT” and BYOD practices effectively retard the IT organization’s ability to secure sensitive data.
Similarly, social media applications are increasingly leveraged by hackers as a means of spreading malware and launching phishing attacks, as well as a potential avenue for data loss. While the Frost & Sullivan study showed that 42% of respondents rated social media as a top concern or high concern, 25% of organizations were not addressing this threat vector in 2013.
Security solutions that are unable to support emerging technologies like smartphones and cloud services do not provide adequate protection against modern threats. Malicious and criminal hackers will continue to exploit vulnerabilities in networks, devices and web services. The onus is on the IT security staff to educate employees, and to automate the job of updating device-based security software. New mobile device management software can also enforce end-use log-on and authentication requirements.
As the saying goes, you’re only as strong as your weakest link.
To learn more, download the white paper, An Advanced and Integrated Approach to Managed Enterprise Network Security.