Mobile security devices are one of the top ways critical data is either breached or lost today. One only has to look at some of the more recent data breach reports to learn that laptops, personal digital assistants and even thumb drives can cause huge problems for organizations. In March, for example, a laptop that could have contained the personal information about members of the United Food and Commercial Workers Union 555 in Oregon was stolen.
It's because of incidents like this that more and more information security leaders are looking to bolster their security practices and technologies to better protect the mobile devices corporate staff are using on the job. SC Magazine's recent survey, Guarding Against a Data Breach, confirmed this fact when it found that out of more than 200 IT security pros responding, approximately 49 percent are spending their money to deploy mobile security solutions this year.
To learn about the options you have when it comes to safeguarding your mobile networks, you can hear from Patrick Traynor, assistant professor of the Georgia Institute of Technology, as well as other experts, during SC Magazine's all-day eConference: Mobile Security on June 16. Recently, Traynor shared with us some of his advice for dealing with the rising tide of mobile threats.
Illena Armstrong: You recently undertook a research project that bore some interesting findings when it comes to mobile security. What were some of the more intriguing results that came out of the study?
Patrick Traynor: One of my most recent studies involved the use of text messages to alert college campuses during emergencies. This work demonstrated that cellular networks simply do not have the resources to deliver such a large number of emergency text messages in a short time period. Worse still, trying to send so many text messages during an emergency may actually make it more difficult for those who need assistance to call out for it. Availability is a priority we don't think about often, but it is absolutely critical for security, especially in the mobile space.
IA: Based on this research, where does it seem that companies are flailing the most when it comes to safeguarding mobile devices and, ultimately, the overall corporate network?
PT: There are a number of new challenges for companies in this space. One of the biggest hurdles to overcome is simply understanding how mobile devices fit into an enterprise security plan. Do you have a plan to regularly patch your devices? Are there any restrictions on the kinds of files that can be stored on mobile phones? How are you disposing of old devices? These are the kinds of questions CIOs need to start asking.
IA: What do some information security professionals take for granted when attempting to take steps to protect against the myriad mobile threats?
PT: One of the biggest challenges is convincing people that techniques that worked well on the internet do not automatically translate to the mobile world. How do you firewall a phone? Anti-virus programs are available, but can your employees shut them off when their battery starts to get low? Answering these questions requires some new thinking.
IA: Any words of wisdom for our readers who are still struggling with mobile security – from laptops to iPhones to thumb drives?
PT: The most important thing that people can do right now is keep their ears open. Researchers are working hard to understand this space and to develop more powerful techniques to provide security. Attackers are working equally as hard to make their attacks successful on a larger scale. Like the desktop world, there will not be any silver bullets here, but we hope to be able to prevent things from getting as bad as they are in the wired space.
To register to attend our June 16 eConference: Mobile Security, click here. Registration is free.