While some industry professionals focus on securing mobile devices, expanding threat vectors and implementing stern policy are what should be keeping them busy, a panel of experts said Wednesday at the annual SC Congress Canada in Toronto.
As cyber criminals search for vulnerabilities or weak access points in enterprise networks, malicious activity aimed at mobile devices is on the rise, according to the bi-annual McAfee Threat Report. However, security professionals shouldn’t be losing sleep over the influx of these modern-day endpoints, Faiza Kacem, manager for IT security and disaster recovery at the National Bank of Canada, said at the session.
“I would say that the mobile devices themselves do not bring any new threats,” she said. “It’s the points of entry that have increased.”
Although the bring-your-own-device (BYOD) trend is currently one of the hottest topics in the industry, mobility is an issue that’s been faced before, Kacem added. The real problem is figuring out a way to provide appropriate instruction to users.
“We have to make sure we have the proper framework in place and make them aware that those devices can bring another vector to attack,” she said.
One of the best possible ways to deal with emerging mobile threats is to build a security-minded culture within the enterprise, said Larry Ponemon, chairman of consulting firm Ponemon Institute. Not only do policies have to be written properly, but they must consist of things that can actually be enforced.
“They key variable is keeping a perspective on this, and it’s not going to be a technology fix,” he said. “This [BYOD] is like other security risks, but it’s a monster because it affects so many companies and so many people.”
The new generation of employees referred to as “digital natives” are accustomed to bringing in their own devices to the workplace. Companies have to adapt to ensure productivity, said Michelle Warren, president of MW Research and Consulting.
“We have this generation coming out of school that bring in the products and insist they know how to work best,” she said. “Organizations are forced to deal with this change and how they implement policies.”