BYOD may have a sinister connotation for some enterprise IT professionals. It may mean "Bring Your Own Deadly... fill in the blank with "virus," "malware," or "advanced persistent threat."
In its latest "X-Force 2012 Mid-Year Trend and Risk Report," made public today, IBM says analysis of over 15 billion security events daily from devices in more than 130 countries is showing that mobile devices are increasingly under threat in companies worldwide; that Apple's iOS is more vulnerable than ever to advanced persistent threats (APTs); and that social networking offers unique opportunities for criminal attacks on user networks.
IBM found that, overall, during the first half of 2012 mobile vulnerabilities were down to the lowest levels since 2008. That said, though, users are most likely to be attacked on the data side of the mobile equation. For instance, criminals are disguising their malware in legitimate-looking mobile apps, some of which are even sold in regular app stores.
Another area of vulnerability for enterprise users is social networking passwords, which have become increasingly important to marketers in the age of social business.
"During the first half of 2012, we've seen an increase in the amount of sophisticated and targeted attacks from malware and social networking Website passwords," said Clinton McFadden, senior operations manager for IBM X-Force research and development, in a prepared statement. "In response, organizations must take proactive approaches to better protect their enterprises and data, because as long as these cyber attacks remain lucrative, the attacks will keep coming."
IBM says enterprises can fight back with solid BYOD policies defining clearly how users should access the network and authenticate themselves on it. Passwords are particularly important: IBM recommends lengthy, multi-word passwords that are encrypted and subjected to a hash function on the server. IBM says it's also important to make sure enterprise data is protected from corruption via "sandboxing," a technique that cordons off applications and data, such as PDF documents, to avoid infection.
A trend noted by IBM is that threats to enterprise security are getting more complex, presenting added danger given that many organizations are pulling back on IT spending. "Enterprises are faced with a lack of in-house security skills and limited budgets to maintain their security environments," says Kris Lovejoy, general manager of IBM Security Services.
In summary, a theme of this latest X-Force report is that enterprises remain vulnerable to attack, though the nature of attacks changes over time. As users turn more to smartphones and mobile work, it's important for IT to follow through with associated protections. Online criminals aren't disappearing; wherever there are users and Web applications, they'll be looking for the gap that lets them in -- and even a sliver of leeway can provide a foot in the door.
A final note: IBM has opened a new security operations center in Wroclaw, Poland -- Big Blue's tenth such facility -- to enhance its security research and offer network and systems protection to customers.
— Mary Jander , Executive Editor, Internet Evolution