Cybersecurity has always been a significant challenge for businesses, mostly due to the increasing financial and reputational cost of data breaches. As a result, there has been a consistent rise in tactics and technologies used to combat these threats. These methods fulfill the need for better, smarter ways to augment enterprise-level security and minimize mobile security risks.
Due to the increase in new kinds of cyber attacks, traditional security methods are no longer enough for protecting enterprise data. This is especially true since malicious activity is now targeted towards remote workers and mobile devices.
This article will explore how remote work has changed the way businesses view and analyze enterprise security and why there is a need for CISOs worldwide to put greater emphasis on securing the mobile work environments.
What were some of the major challenges facing CISOs during the transition to remote work?
As employees started working from home in response to the pandemic, organizations came into contact with a new set of cybersecurity challenges. This led to the creation of new processes and movements for cultivating employee cybersecurity awareness in order to safeguard work-from-home devices so they'd be just as safe as official devices.
In the process of making those adjustments, the following turned out to be some of the biggest cyber-security concerns for CISOs:
- 80% of CISO’s stated that strict passwords are no longer an effective strategy for protecting company data.
- 82% of CISO’s agree that the shift to remote working has made securing enterprise data more difficult.
- 87% of CISO’s now agree that mobile devices represent a bigger security vulnerability than desktop devices.
However, when asked about their biggest concern, almost half of managers, directors and CISOs seemed concerned with their employees' security and privacy regarding working from home. This would give other members of the family access to their devices, inadvertently compromising important information.
How has remote working increased the risks associated with mobile device use?
With remote work giving rise to a new way of conducting business, some organizations are facing heightened risk from mobile devices. Here are just some of the problems that CISOs must now address as a result:
The use of unauthorized apps
Mobile devices are fast replacing personal computers. We are far more reliant on our smartphones to carry out online transactions, submit corporate documents, transfer sensitive information, access third-party applications and so on. In fact, almost 48% of daily web page views are now accessed from a mobile device.
The increasing dependence is why attacks on mobile devices have become significantly more commonplace over the last year alone.
Use of personal devices to access corporate data
According to a study last year, 39% of surveyed employees regularly used their personal devices, smartphones and laptops to access corporate data hosted on cloud systems. What’s more, an equal number of employees even admitted that their personal devices had no password protection, which could easily jeopardize commercially sensitive information.
Additionally, more than 13,000 of these devices used did not follow protocols as stringent as their corporate equivalents. These unprotected devices provide an entry point for many cyber attackers and viruses to access corporate networks that they're connected to. It also opens up the possibility of transferring malware infections from home devices into the office.
How to mitigate these security issues
Many of these problems arise due to insufficient cybersecurity training and awareness provided to employees. CISO's should focus on ensuring that only trusted users access specific networks and devices. If possible, supply employees with devices that already have antivirus and encryption tools installed.
Additionally, training workers to recognize scams, phishing emails and third-party malware applications will also help to mitigate cyber-crimes through mobile devices.
Use of insecure Wi-Fi to access business resources
Data is generally transferred via a client-server through the Internet and the mobile's carrier network. Your employees may be working from their home or a friend's house. They also might access a public 'free' Wi-Fi without knowing that any of these networks could be intercepted by malicious attackers.
Cyber attackers can use an insecure Wi-Fi connection to exploit vulnerabilities in the firewall and intercept sensitive information. Using an insecure connection can also expose devices to a worm attack that can create havoc in your device. Not to forget that using a public/insecure log-in can give other users access to your emails and IDs.
How to mitigate threats to an insecure internet connection
Mobile developers often use an SSL/TLS certificate during the authentication process. However, an SSL certificate does not imply that mobile devices are completely secure. Once the authentication process ends, the certificate ends with it. This gives rise to an inconsistent layer that exposes your passwords, contact information and card details.
It is essential to implement stronger security measures to ensure your information and network's safety. For many businesses, this means using a powerful VPN to mitigate possible threats.
According to Sydney-based cybersecurity expert William Ellis of Privacy Australia, VPNs are a necessary security measure for people. He goes on to explain, "Let's say you are trying to access a public Wi-Fi network. Maybe it's crossed your mind that somebody else might be monitoring your activity. Well, whether from home or using a public connection, this is the reason for virtual private networks… they create an encrypted tunnel that separates you and whatever server is hosting the website/internet bandwidth you are accessing. Surveillance agencies, hackers and other cybercriminals cannot see your IP address or other compromising pieces of data."
Conclusion
As a final piece of advice, CISO’s need to make sure to build a comprehensive security strategy from a place of caution, making sure to leverage technologies, tools and applications that can actively detect and prevent threats and viruses.
About the Author: Gary Stevens is an IT specialist who is a part-time Ethereum dev working on open source projects for both QTUM and Loopring. He’s also a part-time blogger at Privacy Australia, where he discusses online safety and privacy.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
Zero Trust and the Seven Tenets
Understand the principles of Zero Trust in cybersecurity with Tripwire's detailed guide. Ideal for both newcomers and seasoned professionals, this resource provides a practical pathway to implementing Zero Trust, enhancing your organization's security posture in the ever-evolving digital landscape.