Content

Device Security Is a Rising Threat That We Can No Longer Ignore

The rapidly expanding digital world has made our lives more interconnected than ever. 

We can control our home thermostats from afar, transfer money between bank accounts, monitor our weight loss goals, view pictures of our friends' vacations, unlock our doors, store all our personal and family photos, and perform many of the duties of our jobs — all from a computer that fits in our pocket. 

And every day seems to bring a new app, software upgrade or device that promises to make the current conveniences we enjoy seem quaint and old-fashioned. There are more connected devices in operation than there are people on the planet, and we're keeping more personal information than ever on those devices. 

A recent CompTIA survey found that 28 percent of consumers have banking or financial information on their mobile devices, 24 percent have passwords saved in a file or app on their smartphones or computers, and 14 percent have health insurance or medical information on their devices. Additionally, 77 percent have contact and other personal information on family, friends and co-workers — a situation that makes everyone in a person's address book vulnerable to potential hacking. 

Clearly, we all have more to do if we are to implement workable device security policies and measures that can protect our data and our virtual lives. Though malware targeting mobile technologies is still a relatively small segment of the overall cyberattacks worldwide, it has been on a startlingly fast upward trajectory in recent years. McAfee Labs found that mobile malware incidents jumped from less than 4 million in the first quarter of 2015 to more than 16 million at the same point in 2017.

It's not just individuals who are at risk. Twenty percent of businesses report having been breached via employee mobile devices, and 24 percent are not sure if they have been attacked via mobile devices, according to a survey by Dimension Research in April. 

But bad actors don't need to physically possess a device to hack it — they exploit users through phishing attacks, rogue Wi-Fi networks, malicious apps, or hidden vulnerabilities in the operating systems of our devices.  

Of course, device makers have substantially improved security features over the years. For example, in July Apple unveiled an update to its device operating system that helps protect iPhones and iPads from hackers who attempt to use Wi-Fi to penetrate devices. Policymakers have also begun to focus on this issue, with the Department of Homeland Security announcing last month $8.6 million in research and development grants to improve mobile device security throughout the government.  

Still, we must endeavor to stay one step ahead of hackers to ensure that the trend of mobile device hacks does not become a threat to our livelihoods and our economy. Smart public policy should be guided by industry best practices, and it should emphasize investments in education for both cybersecurity workers as well as consumers. 

With that in mind, there are three things we can do to make sure devices remain secure and sensitive data is protected: 

First, policymakers should facilitate industry-led initiatives that promote device security, while resisting one-size-fits-all mandates that inhibit innovation or force device makers to divulge proprietary information that could be exploited by bad actors. 

For example, the National Telecommunications and Information Administration has already begun an initiative that draws on government and private sector input for how to improve security for “Internet of Things,” or IoT, devices. And the Federal Trade Commission has issued guidance that has heralded the crucial notion of “secure by design.” Both those initiatives are driven by industry expertise and best practices, and they should serve as a model for initiatives that are the most likely to bring greater security, without sacrificing innovation. 

Second, government and industry should double down on efforts to sponsor education and training programs to recruit cybersecurity workers. A modernized, well-trained workforce will be the key to addressing the challenges that emerge when rapid technology innovation and malicious actors coexist. 

Finally, individuals should take advantage of the opportunities that exist to learn good cyber hygiene practices as well as being aware of the ways their personal information can be targeted and how their actions could impact themselves, their loved ones, and their employers. Simple things like limiting what you do on public WiFi, keeping your mobile software and apps up to date, and deleting unused apps can go a long way to creating device security, per the National Cyber Security Alliance. 

This is a challenge we should all be invested in tackling. It is only through vigilance, prevention and preparation that we will preserve and protect the innovations that have made our lives easier to lead. 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.