THE BLOG
11/25/2013 02:49 pm ET | Updated Jan 25, 2014

Denial is not a Mobile Security Strategy

co-authored by J. Thomas Malatesta, COO Ziklag Systems

Mobile device users and their organizations cannot continue to hide their naiveté under the guise of myriad software and APP solutions that are nothing more than feel good approaches to a serious problem in the making. Mobile devices and their interface with the IT infrastructure ought to be an expansive, major priority of any entity. Whenever I speak to a party about overall security of the enterprise and they tell me "we have had no major security incidents yet" I just smile to myself and say "that you know of".

As mobile devices explode in popularity, the chances are very high that attacks, successful attacks, will be a frequent visitor. A false sense of security presently abounds in the C suite and the miscreants count on that fact to improve their methodologies....over and over again. The adversary is relentless and they test over and over again. Ultimately they get the formula that works. Particularly Nation States with unlimited financial resources. Clearly they enjoy the thrill and the profits from not being detected. In the present universe organizations should spend wisely for mobile security solutions. There are no silver bullets for iPhones and Smartphones in general. Hardware solutions fair much better but even these require constant vigilance to miscreant capabilities.

BYOD and mobile device users often circumvent corporate security policies and safeguards. That is because installing and managing security software on every device is cumbersome. Traditional threat detection is often ineffective on a mobile device and organizations should come out of their comfort slumber and realize that traditional security strategies cannot easily be applied to employee owned devices. Further they should realize that these devices are often invisible to the enterprise and, more frequently than not, the network is very vulnerable from mobile device usage by employees. APPS and the resultant user activity are but two of a growing list of entry points for the bad guys. Mobile device users are supposed to be educated to the threat. But the reality is that they repeatedly open the door to viruses and spyware because they feel their devices are "secure enough". They and the organizations they work for and with love APPS and the convenience of BYOD. This, in turn, opens a wide door of opportunity to adware, the most insidious and prevalent APP based mobile threat on the globe today.

Awareness of the reality of the threat matrix needs to improve......and soon. Attacks designed for mobile platforms are quickly becoming more pervasive. As a reality check, individuals and organizations concerned about privacy, loss of IP, reputational damage and financial loss can no longer live in the illusion that there are no major threats occurring in "our" system.