The world of rugby was shocked this week when it was discovered that the current world champions, New Zealand, were the victims of espionage when a listening device was found hidden in a chair in the team’s meeting room.
The world of security was not shocked one bit. As devices have become more mobile, the need for wide networks of bugged spies and huge surveillance equipment is long gone, instead replaced by a plethora of nanodevices and instant mobile access to the most sensitive personal data.
“The race between virus and antivirus software has reached a stalemate – the new battleground is personal.”
– Eric O’Neill, National Security Strategist at Carbon Black.
With this change has emerged another trend. The conflict is no longer simply a matter of technology, but rather a human one. Because employees are now often equipped with smartphones in order to do their jobs effectively – phones they will likely use in their personal lives too – there is a whole new frontier for risk.
People are the new vulnerability
For many years, USB sticks have been a key source of entry for criminals. Researchers found that almost half of people pick up discarded USB drives and plug them into laptops and computers, demonstrating how even the best technologies can’t protect against human behavior alone.
In 2016, there’s another, newer threat in the same vein. It’s not uncommon for staff to connect to free Wi-Fi hotspots in a bid to save on data costs or get a better quality browsing speed. Hackers have a number of techniques at hand to exploit this, and can set up rogue networks as a means to get inside these devices.
This kind of ‘man-in-the-middle’ (MitM) attack is something that keeps IT managers up at night.
This method of hacking is more akin to those old email phishing chains you might remember from the past. Do long lost royal Nigerian relatives or wild lottery wins you never entered ring any bells?
Well, thanks in part to the rise in mobile devices, this threat is on the up once again. But this time, it’s personal. Either through a MitM attack or through other means, hackers throw up messages designed to look like updates from the likes of Apple of Samsung. These popups will trick users into downloading malicious software or revealing sensitive information.
While it’s difficult to mitigate against the risk of bugged furniture, many businesses are looking to more than just technology to remain secure as the threat to mobile grows larger.
Training programs and new corporate policies can go a long way to preventing this kind of dangerous user behavior. Organizations such as Standard Life, British Telecom and even the Department of Defense have come out in support of this approach, using education as a safeguard against careless mobile activity.
It might be an old saying, but a chain is only as strong as its weakest link. In security terms, this means that it only takes one rogue employee to ignore, miss or forget their training for an entire system to be compromised. That’s why most enterprises are adopting new technologies to roll out and manage alongside their education programs.
“One of the biggest threats is your people and your employees,”
– Dan McGahn, CEO of AMSC.
Some of it will simply be a case of leading from the top. Big companies have started handing out simple, almost disposable handsets to executive staff to avoid the risk of sophisticated attacks. Others have done the same for employees traveling overseas.
“A lot of the larger companies now are creating sterile areas in which to hold a meeting. You can’t even take your mobile phone in, which is very good practice, because what have we got on our phones? A microphone.”
Alexander J Bomberg, CEO of International Intelligence
A popular option for many is Enterprise Mobility Management (EMM), which helps IT teams centrally manage the configuration of corporate devices – which apps are installed and so on. However, some say that EMM alone doesn’t go far enough, and is unable to prevent lots of the human errors so common in modern hacking techniques.
Pioneers have looked to technologies that monitor data as it passes between the carrier and the device. At this level, platforms can track, manage and limit the specific behavior of employees and even detect potentially dangerous Wi-Fi connections as they are discovered.
These technologies, such as Wandera’s Secure Mobile Gateway, give IT administrators more insight into the activities of mobile-enabled staff, meaning a much-welcome layer of visibility can make policy compliance much more potent.
For everything other than microphones in cushions, get in touch with Wandera to understand more about your organization’s mobile security.