CEO Kirsten Bay outlines her approach to a 100-day cybersecurity plan for the new administration.
We live in a fickle and fluid world. Need a new outfit? Buy one online and have it in an hour. Don’t like your job? Get a new one.
In fact, it is now common for younger workers to have had four jobs before the age of 32i and increasingly some have more than one employer or client at any time. What would have once been an indication of low performance driving job-hopping is now an accepted by-product of the new economy and Millennials value the flexibility it offers.
Despite moving from job to job, people are increasingly keeping the same device as they do so. The powerful device is now the centre of your world (perhaps for its 2 year contract): connecting to multiple work business networks in addition to shopping online, booking taxis, dating, watching TV, banking, downloading apps with security flaws and – potentially – visiting malware infested sites.
“Mobile-first” and “Digital-by-default” are the kinds of straplines advancing right up the strategic poles of businesses around the world. Juniper Research released a study recently indicating that we will see 160 TRILLION mobile and online messages generated annually by 2019.iii
This is causing a huge headache for security professionals because it is common for mobile device security to be an afterthought or woefully behind the curve. Typically, 24 percent of people are likely to have internet security but only five percent bother to encrypt their mobile data at all.ii
Why? Because they feel entitled that someone else should secure their mobile device. They expect their employers or clients to understand that using free, unsecured Wi-Fi is essential; that man-in-the-middle threats are part of life; and that none of this is the handset users’ responsibility. To make things even harder, they also demand protection without it affecting user experience a single iota.
Why? Because applying security poorly can hugely impede productivity!
Without access to a crucial document that has been blocked, an employee may not be able to do their job – or win business. If you block apps, she may not be able to book the taxi she needs to get to the next meeting in time. There’s also a rational fear that applying advanced security poorly will slow the performance of the device or drain the battery much faster, frustrating the user.
Security teams need to take a new approach.
1: Deliver secure communication and water-tight authentication without impacting the user experience
2: Stop obsessing about Threats and focus instead on detecting and resolving Attacks
A threat is something that may potentially happen. An attack is something that is happening. Why waste valuable resources trying to stop every threat when most will come to nothing?
To increase awareness of attacks, organizations need to monitor the network traffic to and from the devices and lift the cover on suspicious patterns, not just look for file signatures that fit the profile of malware.
Imagine an employee has been given access to Salesforce.com. They have been using it for months legitimately but they’re about to leave. He logs on to Salesforce.com and downloads a large amount prospect data to increase his success with his next employer.
Malware is not involved at all, but the intent of the user is malicious and the traffic is recognizable and can trigger an alarm stopping him in his tracks.
The benefits are seamless mobility for all users, wherever they are, uninterrupted user experience with access control, greater productivity and lower risk.
Mobile and Security not playing nice and schizophrenic workers with unprotected mobiles? Start using network analysis.
Enter your details and we’ll get back to you