In the past, protecting email was the major security concern associated with smartphones, DeWalt said. But now, the thousands of available third-party apps pose a major risk of malware introduction or private information disclosure.
This challenge is only going to increase in the future, as more and more devices inevitably make their way onto enterprise networks, he said. But security professionals, and the industry as a whole, are struggling to find a way to allow access to these much sought-after programs.
“You're only as strong as your weakest app,” DeWalt said.
Meanwhile, practitioners are also dealing with a number of other new challenges in the threat landscape, including the exponential growth in malware, he added. In the past, criminals were looking for notoriety, but today their intentions are largely financially motivated. Moreover, they are looking to gather intelligence on behalf of nation-states, steal intellectual property or engage in cyberterrorism.
Whereas attacks used to only target PCs, modems and mainframes, they are now aimed at critical infrastructure, as evidenced by the Stuxnet worm, DeWalt said. Criminals have also changed their techniques – from viruses and trojans to so-called advanced persistent threats (APTs), which can evade anti-virus solutions and make use of well-funded exploits.
“APTs are here,” he said. “We're seeing a lot more, and they're very difficult to find and resolve.”
All of these changes have created a “perfect storm” that is driving the adoption of IT security in organizations, DeWalt said.