Worries plaguing U.S.-based CSOs are pretty universal. That is, in Canada, mobile security, more advanced cyber attack methods, compliance, C-level buy-in for security, and more all are proving to be sources of stress for IT security executives there, too.
Among these, we learned at SC Congress Canada held in Toronto last month that the BYOD phenomena is still a challenging conundrum for many organizations. A Ponemon Institute study sponsored by Websense that was released earlier this year and discussed more in depth among a panel of experts during a mobile security threats session at the Toronto event seems to bear this out. Among the 4,640 IT and IT security practioners queried for the “Global Study on Mobility Risks Survey of IT & IT Security Practitioners,” 77 percent said the use of mobile devices by employees is critical to achieving business objectives. Yet, 76 percent said these technologies put their organizations at risk.
Still, said panelist Faiza Kacem, manager for IT security and disaster recovery at the National Bank of Canada, mobile devices don't necessarily bring new threats. Really, it's just that the attack surface has grown because of BYOD and the use of even corporate-owned mobile devices, she explained. To deal with this properly, she suggested understanding fully all of your organization's exposures to risks, understanding very clearly where your critical data and systems are and what/who has access to them, and deploying proven security and other protective mechanisms that help to stop data leakage. Some final and important steps, she and other panelists pointed out, include staff education and the establishment and, more importantly, the enforcement of policies and procedures.
Besides these steps, Michelle Warren, founder and president of MW Research & Consulting, added that executives shouldn't be afraid to say, “No.” After all, that's an option if the IT security and corporate leaders feel the threats to data are just too high to risk a “yes.”No doubt, this panel provided some strong advice and insight. Still, mobile security problems continue to vex many an IT security officer here and there. So, now available at www.scmagazine.com, you can find our SC Spotlight on Mobile. Take a look and let us know your thoughts.. Take a look and let us know your thoughts. And, if you attended SC Congress Canada, I encourage you to do the same. I'm always at the ready with a response via my iPhone, laptop or tablet.