Combating Security Threats in BYOD
CIOReview Team | Wednesday, 14 May 2014, 06:12 IST
Kaspersky Lab is a developer of secure content and threat management systems. Headquartered in Moscow, the company is the world’s largest privately held vendor of software security products and is ranked among the world’s top four vendors of security solutions for endpoint users.
The global cyber security market is expected to grow to $120.1 billion by 2017, at an estimated CAGR of 11.3 percent. Cyber security is undergoing an evolution shifting from a technical regulation stage to a level of well-planned conception. Cyberspace today is witnessing the advent of a gamut of devices and applications that have made it vulnerable to threats from all kinds of users or miscreants. The pervading reach of internet to these new devices is making way for new hazards to security. Companies are increasingly falling victim to cyber-attacks. According to a recent survey conducted by Kaspersky Lab and B2B International, ninty one percent of the organizations polled suffered a cyber-attack at least once in the preceding 12-month period, while 9 percent were the victims of targeted attacks - carefully planned activity aimed at infecting the network infrastructure of specific organization.
Mass Distribution of Malicious Programs causes loss of IP
The primary issue which is hampering cost effectiveness and causing loss of intellectual property is mass distribution of malicious programs by which not even the small enterprises are forsaken. Cyber criminals are continuously improving their malware using unconventional approaches and solutions that spread like plague in a corporate environment, to an army of zombies that devours every available resource on web servers and data transfer networks. The ideal condition for cyber-espionage and the deployment of malware capable of stealing corporate data is being created by extensive use of digital devices in business. Employees are getting more and more inclined towards using their own devices for both personal and corporate tasks. With the popularity of BYOD (Bring Your Own Device), organizations are encouraging workers to choose their preferred smartphone or tablet from a retailer and corporate access is being provided to the employee-owned device.
While there are savings and productivity benefits with BYOD, it can also open the organization to security risks. Corporate data, if improperly secured and potentially co-mingled with personal items, can be easily exploited. In many cases, these devices are also used by family members with no regard for application security. The solution to these problems is enabling secure configuration and deployment of smart phones and tablets using the same console as the network security. This way IT administrators can be confident that user devices are configured with the correct settings and can be secured in the event of loss, theft or user abuse.
The Demand for Mobile Device Management
The threat to security is creating a demand for MDM (Mobile Device Management), Data Protection and Virtualization protection solutions. MDM solutions are obviously needed as BYOD is one of the main security trends. With the majority of organizations not being ready to face attacks aimed at sensitive data, the market for data protection technologies has become extremely competitive. Getting access to a rival’s business data could be considered as a big advantage, despite the possible legal consequences. Unfortunately today there is a large underground market inhabited by groups of criminals offering a wide range of illegal services.
The Move towards Virtual Infrastructure
As the industry is moving towards replacing applications, databases and servers with virtual infrastructure; widespread use of virtualization solutions can be seen for providing efficient security. Virtualization creates tremendous business and IT benefits for organizations globally, but if left unprotected these platforms may become a weak link for cyber criminals to exploit. Although securing virtualized parts of IT infrastructure is not an exception, the standard approach which takes an existing solution and tries to implement it in a virtual environment, inevitably hampers performance and the proper way is to develop an efficient solution which can take into account the specific needs of the virtual environment.
Similarly while employing a BYOD programme; businesses face the key risks like mixing of business and personal data, software licensing issues and shared use of devices with non-employees. Along with the potential benefits, BYOD can introduce new risks including infections that result from vulnerabilities and malware on the user’s mobile device. Once the risks are assessed, an effective BYOD programme should have three components: policy, training and technology/enforcement. As effective IT security is today a core component of any regulatory compliance initiative, many industry sectors now mandate encryption as a standard part of data protection compliance to avoid data breach risks. It is through these measures that the data security processes can be made more robust taking the security solutions to the next level.