BYOD (Bringing Your Own Destruction)

Welcome to the first day of your vacation. You just got some glorious sleep-in time and head out for a late breakfast. You arrive at your favorite spot and reach for your phone only to find flat pockets. Perhaps you just forgot your phone and it’s a minor inconvenience. Perhaps you made a stop for gas before grabbing those pancakes and now your phone is no longer riding shotgun.

Every picture, email, text message in one portable package, ripe for the taking. You feel your stomach drop and your pulse elevate. Then you remembered you sent some sensitive work home over your personal email to work on while you sipped Mai Tais on the beach. I mean, what’s the risk in that? Well, sharks, for one — a gaping security hole for another.

This little horror story illustrates the fact that mobile devices — phones, tablets, and such — have become inexorably intertwined with our personal and professional lives. They are extensions of us that tend to get left, lost or stolen at any time for any number of reasons. The software and security of those same devices is also left to chance by the software makers and the users who need to update them. The last time I, a seasoned cybersecurity professional, checked my own phone, I had 80 different programs that needed updating — 80 pieces of software with 80 different ways to gain access to my personal data.

It’s easy to see things like mobile malware as insignificant. An iPad crash isn’t as sexy as a massive enterprise breach, except one can certainly lead to the other. With the proliferation of mobile malware in recent years, and threats like Taslal, parental control applications, every employee is a potential walking microphone and camera. A recent threat report from Gigamon has shown a growing number of companies allow mobile devices (and all the baggage they come with) on their corporate networks. How do you begin to police devices when you don’t own them?

The mitigation wisdom isn’t anything you haven’t heard before: Monitor your networks; check and update your acceptable use policies; enable multifactor authentication; enact some kind of mobile device management; train your users. The problem is a human one. We’re used to the autonomy of using our personal devices. How do we begin to tackle the human problem? By using the humans as the solution. It’s not enough to enact a mobile device policy; you have to get your users to buy into it. If the usage of the device is personal, the training and consequences have to be personal too.

Mobile device security is both a quantity and quality problem. While the quantity of mobile threats may not be on par with other threats, the quality of the spoils for attackers can be that much richer.

Stay a step ahead of mobile threats with “A Deep Dive into Mobile Threats” and “Parental Monitoring Gone Bad — Analysis of an Unassuming Mobile Threat” by Gigamon Applied Threat Research. Happy hunting.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Security group.

Share your thoughts today