Sierraware Blog

The 7 Most Frightening BYOD Threats

Scary-VMI-PicAs we creep closer and closer to Halloween, fears of ghosts and bad-tempered trick-or-treaters will keep some folks up late at night. But IT security professionals face even greater risks, not just at Halloween, but all year long. Some of these risks are well-documented, while others are not as widely known, but end up causing just as many sleepless nights.

Top seven scariest BYOD threats are:

  1. Lost and stolen phones: Lost and stolen mobile devices are the biggest BYOD risk by a landslide. With over three million phones stolen every year, the chances that an employee’s phone will get into the wrong hands is extremely high. It’s not surprising, then, that 68 percent of healthcare breaches were due to the loss or theft of mobile devices, according to a Bitglass survey.
  2. Mobile applications with weak authentication: Many recent high-profile breaches were due—at least in part—to attackers bypassing weak or non-existent authentication. As organizations move their business apps to the cloud and allow mobile users to access those apps from any location, they also make it easier for cyber-attackers to find and exploit authentication weaknesses.
  3. Data leaks from disgruntled employees: Mobility enables “anywhere” access to business applications, but it also makes it harder for organizations to monitor user access and prevent data leaks. Traditional network monitoring controls only work when mobile users are the network, while end-point data loss prevention (DLP) software only supports a few pre-defined apps on mobile devices. As a result, many employees can easily distribute sensitive data by uploading it to cloud file sharing sites or copying it into a text messaging app with a couple of clicks—leaving employers none the wiser.
  4. Business photos stored on phones: A wide range of users—from police officers to doctors to meter readers—use mobile devices in the field on the job every day. Often, they need to take photos for evidence or for analysis purposes. Whether snapping a picture of a broken ankle or recording a crime scene, users may need to take photos, but they shouldn’t store these photos alongside pictures of their kids. Organizations need a way to isolate business and personal use of camera, microphone, and data storage.
  5. Jailbroken and rooted phones: An estimated 7.5%[i] of iOS users and 27%[ii] or more of Android users jailbreak or root their phones. Plus, some Android phone manufacturers are using modified Android OSs like Cyanogen and Xiaomi that support apps from third-party app stores that could distribute malware. Jailbreaking and rooting phones not only increases the risks of malware, but it also allows employees to circumvent some types of security controls.
  6. Excessive app development costs: In the past, organizations could develop apps for Windows and possibly Mac clients. Today, to support the profusion of different mobile devices, organizations need to build apps for different versions of Android, iOS Windows Phone, Blackberry, and traditional desktop operating systems. App costs can skyrocket if organizations try to integrate their apps with mobile app management and app wrapping tools.
  7. Limited patches for older software and unexpected release cycles: In the days of yore (pre-smartphones), IT administrators could prepare for and test operating system updates before rolling out the changes on users’ desktops. Now, phone manufacturers can deploy new operating system versions and patches with little warning. Mobile users can upgrade their operating system at any time, occasionally breaking apps. In addition, phone manufacturers may not patch vulnerabilities quickly or patch older OS versions. This leaves IT and security administrators at the mercy of the phone vendors to ensure that users’ phones are secure.

No More Double, Double, Toil and Trouble

Regardless of which BYOD headache gives you nightmares, virtual mobile infrastructure (VMI) can bring you piece of mind. Learn more about VMI and how it safeguards mobile apps and data.

zombie-smartphone

 

 

 

 

 

[i]http://www.dailytech.com/WireLurker+Malware+May+Have+Infected+100000+iPhones+No+Jailbreak+Required/article36850.htm

[ii] http://www.androidheadlines.com/2014/11/50-users-root-phones-order-remove-built-apps-one.html