Organisations unprepared for mobile security incidents: GigaOm

  • Demand for integrated mobile security, visibility and incident readiness
  • Preventive, policy-driven solutions not designed for mobile security incidents
Organisations unprepared for mobile security incidents: GigaOm

A SIGNIFICANT percentage of organisations are taking virtually no steps to ensure that mobile devices (company issued and BYOD or ‘bring our own device’) with access to corporate data are indeed secure.
 
A recent InformationWeek survey found 46% required BYOD users to run an MDM (mobile device management) client on their mobile devices while 43% trusted users to follow published security guidelines, said AccessData, which specialises in incident resolution solutions.
 
AccessData and GigaOm Research recently released a report on the growing complexities of mobile security and the limitations of ‘preventive, policy-driven’ solutions that are not designed to detect and respond to mobile security incidents that bypass defences.
 
The report Mobile security and incident readiness: Preparing for threats advises information security teams to expand their rapid incident detection and response capabilities to mobile devices that have access to sensitive data, AccessData said in a statement.
 
“In speaking with the various organisations, we found that many rely too heavily on their mobile device and mobile application management systems to handle mobile security,” said Michael Finneran, author of the report.
 
“The preventive controls MDM offers are important, yet with the increase in mobile incidents, complicated by the sheer volume and diversity of devices and terabytes of data, security solutions with visibility and capabilities to detect and resolve incidents are in dire need,” he added.
 
Key findings show that:

  • Security teams lack the tools and knowledge to detect mobile device security incidents and to proactively investigate and resolve those incidents before major damage is done;
  • A significant percentage of organizations are taking virtually no steps to ensure that mobile devices (company issued and BYOD) with access to corporate data are indeed secure;
  • Even fewer have procedures in place to launch a meaningful response should a security incident involving mobile devices occur; and
  • Even experienced forensic examiners are challenged in extracting data from mobile devices. Data investigations extend beyond the early days of emails, SMS messages and call logs to analyse hidden or stolen data in applications, volatile data, multimedia and geolocation.

“Our customers tell us their biggest challenge is the limitations of mobile solutions, from the collection of data on all company devices, to the analysis of mobile data which takes a great deal of time and resources,” said Lee Reiber, vice president of mobile forensics at AccessData.
 
“Our advice is for companies to implement security plans and enterprise technologies that incorporate proactive mobile prevention, detection and response, to gain greater visibility and control of their mobile data and devices,” he added.
 
Key recommendations:

  • Proactive planning for incident readiness on mobile devices should be done as a part of the development of mobile security plans and policies;
  • Look for advanced security tools with deep mobile device visibility that proactively collect and store key information over time which is useful for detecting security incidents, understanding the root cause and scoping the full extent of what happened; and
  • Integrate mobile device visibility including access to call logs and data with the automation of mobile threat identification, analysis and resolution.

With the dramatic increase in threats affecting mobile devices such as data leakage, mobile malware, insider threats and hacker compromises, enterprises need to look beyond current MDM/ MAM solutions and invest in strengthening their mobile device rapid detection and response capabilities, AccessData said.
 
To request a copy of the GigaOm report, go here.
 
Related Stories:

AccessData launches next-gen threat intel solution with InSight Platform
 
Beware ‘street BYOD,’ say Gartner analysts
 
BYOD: Kill off those old IT policies, CIOs
 
80% of BYOD use goes unmanaged, says Ovum
 
Malaysians are all for BYOD, but their IT depts aren't: Survey
 
 
For more technology news and the latest updates, follow us on TwitterLinkedIn or Like us on Facebook.

 
Keyword(s) :
 
Author Name :
 
Download Digerati50 2020-2021 PDF

Digerati50 2020-2021

Get and download a digital copy of Digerati50 2020-2021