The way we work is constantly evolving and we often talk about enabling the ‘future of work’ with a forward-thinking approach, and while this is correct, does it mean we are guilty of missing the here and now?
Modern work takes place outside the traditional network perimeter in a mobile-cloud environment, and the modern workplace itself consists of a number of different connected devices. Cybercriminals work around the clock to try and exploit any vulnerabilities they can find, and new connected Internet of Things (IoT) devices are a major target.
About the author
Simon Biddiscombe is the CEO of MobileIron.
So, in order to best protect ourselves against the modern threat vectors we face today, we must first seek to understand how hackers are exploiting contemporary devices to gain access to our corporate data.
Smartphones and other mobile devices are by far the greatest threat to the enterprise. Verizon’s Mobile Security Index found that 40% of the organisations surveyed had experienced some form of mobile threat. To add to those woes, the survey also found that 66% of those who had been foul to a mobile compromise said that the impact was major, while 37% said that it had been both difficult and expensive to remediate.
While this should come as no surprise to most IT departments, it’s important to note that mobile threats are constantly evolving – and they must be kept on top of. For instance, a recent mobile threat has emerged where cybercriminals are attempting to ‘port’ your phone to another carrier. This exploit allows the hacker to then gain access to your identity, messages and call information. While this threat has been around for a while, in recent times it has become more apparent across multiple couriers.
The smartwatch industry has been booming in recent years; in the last quarter of 2019, global smartwatch shipments increased by 42% from the previous year. However, as with all connected devices, they do pose a significant threat to the enterprise. For instance, hackers could potentially install a spying app on your smartwatch through phishing or public Wi-Fi exploits and then track your movements through the device’s accelerometer data.
If you regularly use your smartwatch to connect to your organisation’s network and access your corporate emails, you could potentially provide hackers with access to your organisation’s network, putting the whole business at risk.
Despite providing a convenient means of getting a direct answer to a question, smart speakers may actually be compromising your office’s security. Vulnerabilities have been found in smart speakers that can allow hackers to eavesdrop and record conversations or even phish unsuspecting users.
Users can inadvertently upload a malicious piece of software disguised as a new skill or action; an exploit may then record their conversations or even ask them for their password to their online accounts. Manufacturers are looking to patch these vulnerabilities, so keeping up with the latest updates is essential.
AR/ VR Headsets
While augmented and virtual reality may seem like purely recreational devices at the moment, there are some enterprise use cases for them already in existence. For instance, some motor company designers and engineers use VR headsets to collaborate and test elements of new cars. Other possible applications for the use of VR and AR devices in the workplace include training employees remotely, virtual desktops, communication and collaboration.
However, while AR and VR headsets present significant opportunities to the enterprise, they are often not best with security in mind and can be used as access points to company data. As a result, organisations looking to make use of such devices should look at ways they can secure them – such as enrolling them in a unified endpoint management (UEM) platform.
In addition to the above, losing any device can present hackers and bad actors with a goldmine of readily accessible data to exploit. Business laptops and smartphones remain top of the list for theft, while also being the devices likely to hold the most critical business data. Stolen mobile devices can act as a gateway to identity theft, while a lost laptop simply protected by a password is an enterprise accident waiting to happen.
With so many devices in use across the enterprise, it is important organisations create a secure environment for all to operate within, minimizing the risk of added entry points to the network perimeter. A mobile-centric zero trust MDM solution can go a long way towards doing so. This framework applies a ‘never trust, always verify’ approach. This approach seeks to validate the device, establish user context, verify the network and detect and remediate any threats before granting access to corporate data.
At the same time, businesses should look to partner with mobile security leaders who have the experience, in-depth knowledge and strategic vision to confidently lead the way through the minefield of threats new connected devices pose.